alles supertraag: opstart pc + internet

nbent · 10 augustus 2010

hallo

het probleem begint al bij het opstarten van de pc. (zonder connectie met internet te maken!)

als ik in de startmenu iets wil aanvinken duurt het even voor de balk zich uitrolt. als ik dan iets aan klik duurt het ook veel te lang voor ik te zien krijg wat ik wil.

internet: idem. vaak loopt alles vast (wit vierkante in bovenste balk + 'reageert ni' melding)

ook soms melding: onvoldoende virtueel geheugen.

ik heb de express XL verbinding van telenet, dus daar kan het niet aan liggen.

virussen mss? te veel rommel op pc?

grtjs

Jean-Pierre · 10 augustus 2010

We zullen eens kijken of malware niet de oorzaak is van het probleem.

Download HiJackThis

Dubbelklik op HJTInstall.exe

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

HijackThis zal openen na het installeren.

Klik op "Do a systemscan and save a logfile".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

N.B. : gebruikers van Windows Vista en Windows 7 zullen eerst moeten rechtsklikken op HijackThis.exe en dan kiezen voor "Run as Administrator".

nbent · 10 augustus 2010

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:38:04, on 10/08/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\AVG\AVG9\avgfws9.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pac.telenet.be:8080

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe

O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

--

End of file - 2051 bytes

btw: ik reageer nu via internet explorer, normaal gebruik ik mozilla, maar daar krijg ik mn bericht niet geplaatst??

kape · 10 augustus 2010

Dit is wel een heel minimaal logje van deze PC ... van rommel is er niet veel te zien. Is dit alles wat er op de PC werkt ? Lijkt me té beperkt te zijn ...

Maar ... er zitten twee antivirusprogramma's (Avira en AVG) op. Deze kunnen elkaar tegenwerken of - op zijn minst - de werking erg vertragen. Kies best voor één van de twee en verwijder de andere met de gepaste Removal Tool.

10 augustus 2010 aangepast door kape

nbent · 10 augustus 2010

het prog van HJT kende ik via via. ik heb die scan eergisteren ook uitgevoerd en dan op fix checked geklikt, candaar dat ik nu maar weinig krijg, kan dit?

heb dat vorig logje wel ff bewaard, zie hieronder:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:49:42, on 9/08/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\AVG\AVG9\avgfws9.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pac.telenet.be:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [smartVoip] "C:\Program Files\SmartVoip.com\SmartVoip\SmartVoip.exe" -nosplash -minimized

O4 - HKCU\..\Run: [PoivY] "C:\Program Files\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://www.speakychat.info/speakyldr.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://66.252.1.214/talk.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.be/NET/Import/ImageUploader4.cab

O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.be/net/Import/ImageUploader3.cab

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} (Pixum EasyUploadX Control) - http://www.pixum.de/int/EasyUpload/ImgUploader.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O21 - SSODL: mtklefa - {0F1C3F2F-6231-4376-04AE-C13AE02C92D5} - (no file)

O21 - SSODL: mtklefap - {777A37EF-7EA5-4B99-3583-4B045F4DB811} - (no file)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe

O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O24 - Desktop Component 0: (no name) - http://www.babybrabbel.nl/dynban/cyclusbanner/1135292400/28/2.png

O24 - Desktop Component 1: (no name) - http://daisypath.com/ani/060313/3/2/+10/2

O24 - Desktop Component 2: (no name) - http://amin.beebiesite.be/final/home/images/tmp/7959.png

O24 - Desktop Component 3: (no name) - http://www.babybrabbel.nl/dynban/babybanner/1125690000/5/1/1/255/165/165/0/148/206/amin.png

O24 - Desktop Component 4: (no name) - Glitter Graphics - Myspace Comments - Glitter Your Way

O24 - Desktop Component 5: (no name) - Glitter Graphics - Myspace Comments - Glitter Your Way

O24 - Desktop Component 6: (no name) - http://tickers.tickerfactory.com/ezt/d/2;54;28/st/20050902/n/Amin/k/3373/age.png

O24 - Desktop Component 7: (no name) - http://tickers.tickerfactory.com/ezt/d/4;10732;127/st/20060705/e/Marokko/k/7421/event.png

O24 - Desktop Component 8: (no name) - http://daisypath.com/pic/051227/2818ec4.jpg

--

End of file - 9533 bytes

---------- Post toegevoegd om 15:59 ---------- Vorige post was om 15:57 ----------

avg heb ik al lang geleden geinstalleerd maar krijg ik dus niet gedeinstalleerd... kan dit? als i via 'software' dit probeer te verwijderen, krijg ik de melding dat dit niet gaat.

avira staat er sinds maart op. is dit een goed antivirus prog?

alvast dikke merci!

kape · 10 augustus 2010

Alles uitvinken met HijackThis is niet meteen het beste idee ... het is enkel de bedoeling dat je de ongewenste items verwijderd, niet de legitieme.

AVG kan je normaal verwijderen met de AVG Removal Tool.

Je kan best je oude toestand - vóór het (foute) fixen met HijackThis - terugzetten. Start Hijack This op.

Klik rechtsonder op Config.

In het volgende venster bovenin op Backups.

zet nu overal een vinkje voor en klik aan de rechterkant op restore.

10 augustus 2010 aangepast door kape

nbent · 10 augustus 2010

oei, heb ik dan 'noodzakelijke' dingen verwijderd?? :s

kape · 10 augustus 2010

Als je AVG verwijderd hebt en de oude toestand van HijackThis hersteld, mag je dit uitvoeren :

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)

O4 - HKCU\..\Run: [smartVoip] "C:\Program Files\SmartVoip.com\SmartVoip\SmartVoip.exe" -nosplash –minimized

O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O21 - SSODL: mtklefa - {0F1C3F2F-6231-4376-04AE-C13AE02C92D5} - (no file)

O21 - SSODL: mtklefap - {777A37EF-7EA5-4B99-3583-4B045F4DB811} - (no file)

O24 - Desktop Component 0: (no name) - http://www.babybrabbel.nl/dynban/cyc...92400/28/2.png

O24 - Desktop Component 1: (no name) - http://daisypath.com/ani/060313/3/2/+10/2

O24 - Desktop Component 2: (no name) - http://amin.beebiesite.be/final/home...s/tmp/7959.png

O24 - Desktop Component 3: (no name) - http://www.babybrabbel.nl/dynban/bab...8/206/amin.png

O24 - Desktop Component 4: (no name) - Glitter Graphics - Myspace Comments - Glitter Your Way

O24 - Desktop Component 5: (no name) - Glitter Graphics - Myspace Comments - Glitter Your Way

O24 - Desktop Component 6: (no name) - http://tickers.tickerfactory.com/ezt...k/3373/age.png

O24 - Desktop Component 7: (no name) - http://tickers.tickerfactory.com/ezt...7421/event.png

O24 - Desktop Component 8: (no name) - http://daisypath.com/pic/051227/2818ec4.jpg

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

---------- Post toegevoegd om 18:17 ---------- Vorige post was om 18:16 ----------

oei, heb ik dan 'noodzakelijke' dingen verwijderd??

Inderdaad ... maar je kan het gelukkig nog herstellen via de backups van HijackThis.

nbent · 10 augustus 2010

LOG MBAM

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Databaseversie: 4408

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/08/2010 4:10:28

mbam-log-2010-08-09 (04-10-28).txt

Scantype: Snelle scan

Objecten gescand: 131619

Verstreken tijd: 2 uur/uren, 28 minuut/minuten, 5 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 2

Registersleutels geïnfecteerd: 69

Registerwaarden geïnfecteerd: 5

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 49

Bestanden geïnfecteerd: 68

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

C:\Program Files\Web Search Operator\3.1.0.1840\FF\components\WSOFFAddOn.dll (Adware.DoubleD) -> Delete on reboot.

C:\Program Files\Web Search Operator\3.1.0.1840\WSOCommon.dll (Adware.Agent) -> Delete on reboot.

Registersleutels geïnfecteerd:

HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1081d532-7de4-40bd-b912-388fa6b27c78} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{629cd6c2-e4c5-4554-aeb8-12e4e2cd40ff} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{dd469a88-316c-441d-b712-783d9b9a6707} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{d28cd14c-50be-4cfa-951e-b37f25da3472} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{981bda1d-c8ad-46ff-be2c-fddd859ac6f5} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{2a743834-05f4-4ed4-8a1c-41332b10ac0c} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{f5b8c69c-9b45-4a6a-9380-df225c546ae7} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{d724f038-df89-4a1a-83d1-fd9164b78077} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{502f728b-67b8-409e-bceb-7ee8632f321a} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d2cd81e5-cc37-44b3-93b7-c52cb993ba34} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{da295dae-fce7-4168-bcb8-edc3a433bd97} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ed40af28-f03f-492a-9542-e24945cd65aa} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e6bb8b70-8ad2-43b6-a952-83e462ce80de} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Local AppWizard-Generated Applications\AlertSpy (Rogue.AlertSpy) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\winantivirus pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Delete on reboot.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QuestService Service (Adware.DoubleD) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\bootstera (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

C:\Program Files\Common Files\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer (Adware.Agent) -> Delete on reboot.

C:\Program Files\Automated Content Enhancer\4.1.0.5190 (Adware.Agent) -> Delete on reboot.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\Data (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF (Adware.Agent) -> Delete on reboot.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome (Adware.Agent) -> Delete on reboot.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Content Management Wizard (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Content Management Wizard\1.1.0.1870 (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Customized Platform Advancer (Adware.Agent) -> Delete on reboot.

C:\Program Files\Customized Platform Advancer\3.1.0.1630 (Adware.Agent) -> Delete on reboot.

C:\Program Files\Customized Platform Advancer\3.1.0.1630\Data (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF (Adware.Agent) -> Delete on reboot.

C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome (Adware.Agent) -> Delete on reboot.

C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\components (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Internet Today (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Internet Today\1.1.0.1190 (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\MyWay (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Textual Content Provider (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Textual Content Provider\1.1.0.1610 (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Textual Content Provider\1.1.0.1610\data (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Textual Content Provider\1.1.0.1610\for_anti_av (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Textual Content Provider\1.1.0.1610\for_anti_av\1.1.0.1610 (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator (Adware.Agent) -> Delete on reboot.

C:\Program Files\Web Search Operator\3.1.0.1840 (Adware.Agent) -> Delete on reboot.

C:\Program Files\Web Search Operator\3.1.0.1840\Data (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF (Adware.Agent) -> Delete on reboot.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome (Adware.Agent) -> Delete on reboot.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\components (Adware.Agent) -> Delete on reboot.

C:\Documents and Settings\user\Local Settings\Application Data\Automated Content Enhancer (Adware.DoubleD) -> Delete on reboot.

C:\Documents and Settings\user\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5190 (Adware.DoubleD) -> Delete on reboot.

C:\Documents and Settings\user\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5190 (Adware.DoubleD) -> Files: 797 -> Delete on reboot.

C:\Documents and Settings\user\Local Settings\Application Data\Customized Platform Advancer (Adware.DoubleD) -> Delete on reboot.

C:\Documents and Settings\user\Local Settings\Application Data\Customized Platform Advancer\3.1.0.1630 (Adware.DoubleD) -> Delete on reboot.

C:\Documents and Settings\user\Local Settings\Application Data\Customized Platform Advancer\3.1.0.1630 (Adware.DoubleD) -> Files: 801 -> Delete on reboot.

C:\Documents and Settings\user\Local Settings\Application Data\HottieStar Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Application Data\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Application Data\Textual Content Provider (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Application Data\Textual Content Provider\1.1.0.1610 (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Application Data\Textual Content Provider\1.1.0.1610\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Application Data\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Application Data\Web Search Operator\3.1.0.1840 (Adware.DoubleD) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

C:\Program Files\Web Search Operator\3.1.0.1840\FF\components\WSOFFAddOn.dll (Adware.DoubleD) -> Delete on reboot.

C:\Program Files\Web Search Operator\3.1.0.1840\WSO.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bpssc1.1.dll (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Application Data\WinAntiVirus Pro 2006\PGE.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACECommon.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Delete on reboot.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components\ACEFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Content Management Wizard\1.1.0.1870\cmwsh.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Content Management Wizard\1.1.0.1870\config.mx (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Content Management Wizard\1.1.0.1870\data.mx (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Content Management Wizard\1.1.0.1870\exclude.mx (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Content Management Wizard\1.1.0.1870\MatchingData.zd5 (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Content Management Wizard\1.1.0.1870\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Content Management Wizard\1.1.0.1870\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Content Management Wizard\1.1.0.1870\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPACommon.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Customized Platform Advancer\3.1.0.1630\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Customized Platform Advancer\3.1.0.1630\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Customized Platform Advancer\3.1.0.1630\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome\CPAAddOn.jar (Adware.Agent) -> Delete on reboot.

C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome\content\CPAAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\components\CPAFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\components\CPAFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Internet Today\1.1.0.1190\InternetToday.ico (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Internet Today\1.1.0.1190\InternetToday.skf (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Internet Today\1.1.0.1190\mfc80.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Internet Today\1.1.0.1190\Microsoft.VC80.MFC.manifest (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Internet Today\1.1.0.1190\SkinCrafterDll.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Internet Today\1.1.0.1190\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Internet Today\1.1.0.1190\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\QuestService\questservice.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Program Files\Textual Content Provider\1.1.0.1610\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Textual Content Provider\1.1.0.1610\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Textual Content Provider\1.1.0.1610\data\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Textual Content Provider\1.1.0.1610\data\TP_Config.mx (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Textual Content Provider\1.1.0.1610\data\TP_Data.mx (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Textual Content Provider\1.1.0.1610\data\TP_DomainExcludeList.mx (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\WSOCommon.dll (Adware.Agent) -> Delete on reboot.

C:\Program Files\Web Search Operator\3.1.0.1840\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Delete on reboot.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Application Data\Textual Content Provider\1.1.0.1610\Data\TP_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Application Data\Textual Content Provider\1.1.0.1610\Data\TP_Data.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Application Data\Textual Content Provider\1.1.0.1610\Data\TP_DomainExcludeList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Application Data\Web Search Operator\3.1.0.1840\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\stera.job (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

(had dit ook al eerder gedaan en erna alles gewist)

NIEUWE LOG HJT

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:18:11, on 10/08/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\spider.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pac.telenet.be:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

O4 - HKCU\..\Run: [PoivY] "C:\Program Files\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

--

End of file - 4613 bytes

groetjes

kape · 10 augustus 2010

Oeps ... behoorlijke berg rotzooi die Malwarebytes heeft opgevist. Is wel een logje van gisteren. Ik neem aan dat je ondertussen de PC al terug opgestart hebt en dat alle items met "delete on reboot" ook zullen verwijderd zijn. Voor alle zekerheid toch even een actueel logje maken, maar eerst dit uitvoeren :

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

En dan een nieuw logje van HijckThis en dat van Malwarebytes in je volgende bericht hangen.

Inloggen

alles supertraag: opstart pc + internet

Aanbevolen berichten

Link naar reactie

Delen op andere sites

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Belangrijke informatie