windows 7 ultimate opstartprobleem en melding superantispyware

harry
21 Sep, 2012 09:10

hallo

ik merk al een paar dagen dat mijn pc traag opstart

superantispyware geeft x op x aan dat ik pup.b protector heb en dat ie telkens terug komt

mbam geeft niks aan en avast zegt ook dat ik niks heb

sinds 2 dagen heb ik tydelijk google chrome als browser

hier volgt een logje

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:08:28, on 21-9-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\ProgramData\Browser Manager\2.2.580.182\{d1538445-ebd9-4c43-882a-854eff8d928c}\brwmngr.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3227983

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {72cabc40-64b2-46ed-8648-26d831761150} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui

O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: “C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe” /c

O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: Accelerated graphics

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~2\browse~1\22580~1.182\{d1538~1\brwmngr.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.580.182\{d1538445-ebd9-4c43-882a-854eff8d928c}\brwmngr.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

End of file - 8561 bytes

Bewerkt 03 Okt, 2012 09:00
fazantje
21 Sep, 2012 09:45

Hoi Harry,

Google Chroome geeft vaker problemen.

Ik zou Firefox nemen.

Download hier AdwCleaner by Xplode naar je Bureaublad.

Sluit alle openstaande vensters.

Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren…

Klik vervolgens op Delete.

Klik bij AdwCleaner – Information op OK.

Klik bij AdwCleaner – Restart Required op OK.

Alle icoontjes verdwijnen van het Bureaublad,dit is normaal.

Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner.txt ) post de inhoud in een volgende bericht, samen met een nieuw HijackThis logje.

Succes,

Huib;)

harry
21 Sep, 2012 10:28

Ik moest zelf opnieuw opstarten ivm het feit dat ie mekkerde over browser

er is geen logje op bureaublad

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:26:01, on 21-9-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3227983

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {72cabc40-64b2-46ed-8648-26d831761150} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: (no name) - {72cabc40-64b2-46ed-8648-26d831761150} - (no file)

O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui

O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: “C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe” /c

O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: Accelerated graphics

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~2\browse~1\22580~1.182\{d1538~1\brwmngr.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

End of file - 7912 bytes

harry
21 Sep, 2012 10:32

dit krijg ik als ik druk op zoeken …bij adw cleaner

# AdwCleaner v2.002 - Verslag gemaakt op 09/21/2012 om 10:31:31

# Geactualiseerd op 16/09/2012 door Xplode

# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (32 bits)

# Gebruiker : Gebruiker - GEBRUIK-M9FNQAG

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : C:\Users\Gebruiker\Downloads\adwcleaner.exe

# Optie

***** *****

***** *****

***** *****

Sleutel Aanwezig : HKCU\Software\DataMngr_Toolbar

***** *****

-\\ Internet Explorer v9.0.8112.16421

= hxxp://search.conduit.com?SearchSource=10&ctid=CT3227983

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences

De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner.txt - -

AdwCleaner.txt - -

AdwCleaner.txt - -

AdwCleaner.txt - -

########## EOF - C:\AdwCleaner.txt - ##########

fazantje
21 Sep, 2012 10:35

Hoi Harry,

Ik zie dat je IE weer hebt genomen i.p.v. google chroome.

Normaal zou er een logje verschijnen van ADW cleaner, maar we gaan eerst ff verder kijken.

Download combofix.exe hier.

Schakel jou virus scanner nu uit.

Dit doe je rechts onderin jou taakbalk

ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.

Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.

Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de “contents of the ComboFix package has been compromised”.

Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.

Krijg je deze melding dan meld je dit.

Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).

Wees geduldig en denk niet van de scanner is op tilt.

De scantijd en het aanmaken van het logje kan zeker, afhankelijk van de besmettingen, varieren van 40 minuten tot wel 1 1/2 uur.

Post de inhoud van dit bestandje samen met een nieuw HijackThis logje.

Succes,

Huib;)

harry
22 Sep, 2012 09:52

Sorry voor mij late reactie

moest onverwachts werken ivm ziekte collega

heb nu weer internet exploder erop gedaan / nu update

en de melding is weg naar you tip / combofix

hier volgt nog een logje ter controle

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:49:51, on 22-9-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe

C:\Program Files\NewsLeecher\newsLeecher.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/?ocid=OIE9HP

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui

O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: Accelerated graphics

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - http://quickscan.bitdefender.com/qsax/qsax.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

End of file - 7395 bytes

fazantje
22 Sep, 2012 10:12

Hoi Harry,

Ik zou wel even graag het logje van combo willen zien.

Deze kun je vinden onder:

C:\ComboFix.txt

Groetjes Huib;)

harry
22 Sep, 2012 12:42

ComboFix 12-09-20.03 - Gebruiker 21-09-2012 18:39:51.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.1791.1019

Gestart vanuit: c:\users\Gebruiker\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Gebruiker\AppData\Roaming\inst.exe

c:\users\Gebruiker\AppData\Roaming\vso_ts_preview.xml

c:\users\Gebruiker\Favorites\Videos.url

c:\users\Gebruiker\Internet Explorer.lnk

c:\windows\system32\Thumbs.db

.

Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-08-21 to 2012-09-21 ))))))))))))))))))))))))))))))

.

.

2012-09-21 16:59 . 2012-09-21 17:02 ——– d—–w- c:\users\Gebruiker\AppData\Local\temp

2012-09-21 16:59 . 2012-09-21 16:59 ——– d—–w- c:\users\Default\AppData\Local\temp

2012-09-21 08:37 . 2012-08-30 08:17 6980552 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A20D0E2-0718-4289-BED3-2B134930B360}\mpengine.dll

2012-09-21 08:21 . 2012-09-21 08:21 46 —-a-w- c:\windows\DeleteOnReboot.bat

2012-09-21 07:48 . 2012-09-21 07:48 102400 —-a-w- c:\windows\RegBootClean.exe

2012-09-21 07:44 . 2010-01-10 16:40 118784 —-a-w- c:\windows\system32\MSSTDFMT.DLL

2012-09-21 07:43 . 2012-09-21 07:47 ——– d—–w- c:\program files\SpywareBlaster

2012-09-21 05:08 . 2012-09-21 05:08 ——– d—–w- c:\program files\ESET

2012-09-20 15:25 . 2012-09-20 15:25 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Registry Mechanic

2012-09-20 15:00 . 2008-04-02 13:54 1101824 —-a-w- c:\windows\system32\UniBox210.ocx

2012-09-20 15:00 . 2008-04-02 13:53 212992 —-a-w- c:\windows\system32\UniBoxVB12.ocx

2012-09-20 15:00 . 2008-04-02 13:53 880640 —-a-w- c:\windows\system32\UniBox10.ocx

2012-09-20 15:00 . 2012-08-21 12:44 38560 —-a-w- c:\windows\system32\CleanMFT32.exe

2012-09-20 15:00 . 2008-09-17 19:17 658432 —-a-w- c:\windows\system32\MSCOMCT2.OCX

2012-09-20 15:00 . 2012-08-21 12:44 513696 —-a-w- c:\windows\system32\msxml.dll

2012-09-20 15:00 . 2012-09-20 15:00 ——– d—–w- c:\program files\Common Files\PC Tools

2012-09-20 15:00 . 2012-09-20 15:00 ——– d—–w- c:\program files\PC Tools

2012-09-20 14:57 . 2012-09-20 14:57 ——– d—–w- c:\programdata\PC Tools

2012-09-20 14:57 . 2012-09-20 14:57 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Product_RM

2012-09-19 07:44 . 2012-09-19 07:44 ——– d—–w- c:\windows\system32\searchplugins

2012-09-19 07:44 . 2012-09-19 07:44 ——– d—–w- c:\windows\system32\Extensions

2012-09-17 14:12 . 2012-09-17 14:20 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Belastingdienst

2012-09-17 14:12 . 2012-09-17 14:12 ——– d—–w- c:\program files\Belastingdienst

2012-09-15 06:06 . 2012-09-15 08:46 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\QuickScan

2012-09-14 10:24 . 2012-09-14 10:24 ——– d—–w- c:\users\Gebruiker\AppData\Local\Zylom

2012-09-14 10:23 . 2012-09-14 10:23 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Zylom

2012-09-14 10:22 . 2012-09-14 10:22 ——– d—–w- c:\programdata\Zylom

2012-09-14 10:05 . 2012-09-14 10:05 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\rokapublish

2012-09-12 16:54 . 2012-09-12 16:54 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Seven Sails

2012-09-12 08:26 . 2012-08-22 17:16 712048 —-a-w- c:\windows\system32\drivers\ndis.sys

2012-09-12 08:26 . 2012-07-04 19:45 33280 —-a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-12 08:26 . 2012-08-22 17:16 1292144 —-a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-12 08:26 . 2012-08-22 17:16 240496 —-a-w- c:\windows\system32\drivers\netio.sys

2012-09-12 08:26 . 2012-08-22 17:16 187760 —-a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-12 08:25 . 2012-08-02 16:57 490496 —-a-w- c:\windows\system32\d3d10level9.dll

2012-09-09 12:15 . 2012-09-09 12:15 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Wildfire

2012-09-09 12:09 . 2012-09-09 12:09 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Princess Isabella

2012-09-07 17:54 . 2012-09-07 17:55 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Akhra

2012-09-07 17:45 . 2012-09-07 17:46 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\TOMI2.THE GATES OF FATE

2012-09-06 07:47 . 2012-09-13 06:46 ——– d—–w- c:\users\Gebruiker\AppData\Local\QuickPar

2012-09-06 07:46 . 2012-09-06 07:46 ——– d—–w- c:\program files\QuickPar

2012-09-02 08:10 . 2012-09-02 08:10 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Friday's games

2012-08-31 18:06 . 2012-08-31 18:06 ——– d—–w- c:\programdata\SpinTop Games

2012-08-31 18:04 . 2012-09-14 10:22 ——– d—–w- c:\program files\Zylom Games

2012-08-31 17:26 . 2012-08-31 17:26 93672 —-a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-08-30 14:44 . 2012-08-30 14:44 ——– d—–w- c:\program files\Yamicsoft

2012-08-29 14:57 . 2012-08-29 15:09 ——– d—–w- c:\users\Gebruiker\Orchestral Manoeuvres In The Dark - The Best Of OMD

2012-08-29 14:57 . 2012-08-29 15:09 ——– d—–w- c:\users\Gebruiker\hits andclips greatesthits16

2012-08-29 08:02 . 2012-08-29 08:42 ——– d—–w- c:\users\Gebruiker\AppData\Local\Pirate

2012-08-27 15:47 . 2012-08-27 15:47 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\SUPERAntiSpyware.com

2012-08-27 15:47 . 2012-09-08 15:07 ——– d—–w- c:\program files\SUPERAntiSpyware

2012-08-27 09:53 . 2012-08-27 09:53 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\AnySend

2012-08-27 09:53 . 2012-08-27 09:54 ——– d—–w- c:\programdata\AnySend

2012-08-26 07:30 . 2012-08-26 07:30 ——– d—–w- c:\program files\FileConverter_1.4

2012-08-24 17:24 . 2012-08-24 17:24 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\GameDevo

2012-08-24 16:49 . 2012-08-24 16:49 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\JoyBits

2012-08-24 16:47 . 2012-08-24 16:47 ——– d—–w- c:\users\Gebruiker\AppData\Local\MumboJumbo

2012-08-24 16:45 . 2012-08-24 16:46 ——– d—–w- c:\program files\Luxor Amun Rising HD

2012-08-24 07:45 . 2009-06-30 08:37 28552 —-a-w- c:\windows\system32\drivers\pavboot.sys

2012-08-24 07:44 . 2012-08-24 07:44 ——– d—–w- c:\program files\Panda Security

2012-08-24 05:47 . 2012-08-24 05:47 ——– d—–w- c:\programdata\SUPERAntiSpyware.com

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-07 15:04 . 2012-06-10 12:29 22856 —-a-w- c:\windows\system32\drivers\mbam.sys

2012-09-02 05:32 . 2012-06-10 09:17 73416 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-02 05:32 . 2012-06-10 09:17 696520 —-a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-31 17:26 . 2012-06-10 16:57 821736 —-a-w- c:\windows\system32\npdeployJava1.dll

2012-08-31 17:26 . 2012-06-10 12:58 746984 —-a-w- c:\windows\system32\deployJava1.dll

2012-08-21 09:13 . 2012-06-08 19:39 355632 —-a-w- c:\windows\system32\drivers\aswSP.sys

2012-08-21 09:13 . 2012-06-08 19:38 729752 —-a-w- c:\windows\system32\drivers\aswSnx.sys

2012-08-21 09:13 . 2012-06-08 19:38 54232 —-a-w- c:\windows\system32\drivers\aswTdi.sys

2012-08-21 09:13 . 2012-06-08 19:38 44784 —-a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-08-21 09:13 . 2012-06-08 19:38 58680 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-08-21 09:13 . 2012-06-08 19:39 21256 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-08-21 09:12 . 2012-06-08 19:38 41224 —-a-w- c:\windows\avastSS.scr

2012-08-21 09:12 . 2012-06-08 19:37 227648 —-a-w- c:\windows\system32\aswBoot.exe

2012-07-23 13:59 . 2012-06-10 13:13 22400 —-a-w- c:\windows\system32\RegistryDefragBootTime.exe

2012-07-18 17:47 . 2012-08-15 04:18 2345984 —-a-w- c:\windows\system32\win32k.sys

2012-07-04 21:14 . 2012-08-15 04:18 102912 —-a-w- c:\windows\system32\browser.dll

2012-07-04 21:14 . 2012-08-15 04:18 41984 —-a-w- c:\windows\system32\browcli.dll

2012-06-29 00:16 . 2012-08-15 04:27 1800704 —-a-w- c:\windows\system32\jscript9.dll

2012-06-29 00:09 . 2012-08-15 04:27 1129472 —-a-w- c:\windows\system32\wininet.dll

2012-06-29 00:08 . 2012-08-15 04:27 1427968 —-a-w- c:\windows\system32\inetcpl.cpl

2012-06-29 00:04 . 2012-08-15 04:27 142848 —-a-w- c:\windows\system32\ieUnatt.exe

2012-06-29 00:00 . 2012-08-15 04:27 2382848 —-a-w- c:\windows\system32\mshtml.tlb

2012-06-26 12:26 . 2012-06-26 12:26 47360 —-a-w- c:\users\Gebruiker\AppData\Roaming\pcouffin.sys

2012-05-04 07:04 . 2012-05-04 07:04 2174976 —-a-w- c:\program files\Common Files\atimpenc.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

@=“{472083B0-C522-11CF-8763-00608CC02F24}”

2012-08-21 09:12 121528 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”

.

“avast”=“c:\program files\AVAST Software\Avast\avastUI.exe”

.

“ConsentPromptBehaviorAdmin”= 0 (0x0)

“ConsentPromptBehaviorUser”= 0 (0x0)

“EnableLUA”= 0 (0x0)

“EnableUIADesktopToggle”= 0 (0x0)

“PromptOnSecureDesktop”= 0 (0x0)

.

“NoResolveTrack”= 1 (0x1)

.

“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL”

.

2011-05-04 17:54 551296 —-a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

“aux”=wdmaud.drv

.

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

@=“”

.

backup=c:\windows\pss\OpenOffice.org 3.3 .lnk.Startup

backupExtension=.Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSpeedUp

.

2012-07-27 20:51 919008 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

2012-05-28 13:56 288128 —-a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe

.

2012-05-30 18:06 59280 —-a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

2010-03-13 12:54 91520 —-a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

2012-06-07 17:33 421776 —-a-w- c:\program files\iTunes\iTunesHelper.exe

.

2012-03-08 16:50 4280184 —-a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

2012-08-21 12:43 105120 —-a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

.

2012-07-03 07:04 252848 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

R3 c2wts;Claims voor Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys

S1 aswSnx;aswSnx;

S1 aswSP;aswSP;

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe

S2 aswFsBlk;aswFsBlk;

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys

.

.

— Andere Services/Drivers In Geheugen —

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de ‘Gedeelde Taken’ map

.

2012-09-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

.

2012-09-21 c:\windows\Tasks\DriverScanner.job

- c:\program files\Uniblue\DriverScanner\dsmonitor.exe

.

2012-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3453345529-432745293-659397266-1000Core.job

- c:\users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe

.

2012-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3453345529-432745293-659397266-1000UA.job

- c:\users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe

.

2012-09-21 c:\windows\Tasks\RMAutoUpdate.job

- c:\program files\PC Tools\PC Tools Registry Mechanic\SULauncher.exe

.

2012-09-21 c:\windows\Tasks\RMSchedule.job

- c:\program files\PC Tools\PC Tools Registry Mechanic\RegMech.exe

.

.

——- Bijkomende Scan ——-

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227983

uInternet Settings,ProxyOverride = *.local

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 212.54.35.25 212.54.40.25

.

- - - - ORPHANS VERWIJDERD - - - -

.

URLSearchHooks-{72cabc40-64b2-46ed-8648-26d831761150} - (no file)

Toolbar-Locked - (no file)

Toolbar-{72cabc40-64b2-46ed-8648-26d831761150} - (no file)

WebBrowser-{72CABC40-64B2-46ED-8648-26D831761150} - (no file)

.

.

.

——————— VERGRENDELDE REGISTER SLEUTELS ———————

.

@Denied: (2) (LocalSystem)

“{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}”=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,

8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12

“{18DF081C-E8AD-4283-A596-FA578C2EBDC3}”=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

“{72853161-30C5-4D22-B7F9-0BBC1D38A37E}”=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

“{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}”=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

“{9030D464-4C02-4ABF-8ECC-5164760863C6}”=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

“{9FDDE16B-836F-4806-AB1F-1455CBEFF289}”=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

“{B4F3A835-0E21-4959-BA22-42B3008E02FF}”=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

“{DBC80044-A445-435B-BC74-9C25C1C588A9}”=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

“{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}”=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

.

@Denied: (2) (LocalSystem)

“Timestamp”=hex:60,cc,52,1d,94,73,cd,01

.

@Denied: (2) (LocalSystem)

“88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977”=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,73,8b,e1,74,af,dc,41,b5,07,4f,\

“2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81”=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,73,8b,e1,74,af,dc,41,b5,07,4f,\

.

@Denied: (A 2) (Everyone)

@=“FlashBroker”

“LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101”

.

“Enabled”=dword:00000001

.

@=“c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe”

.

@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

.

@Denied: (A 2) (Everyone)

@=“IFlashBroker5”

.

@=“{00020424-0000-0000-C000-000000000046}”

.

@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

“Version”=“1.0”

.

@Denied: (Full) (Everyone)

.

———————— Andere Aktieve Processen ————————

.

c:\windows\system32\nvvsvc.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conhost.exe

c:\windows\system32\taskhost.exe

c:\program files\IObit\Advanced SystemCare 5\ASCTooltips.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Voltooingstijd: 2012-09-21 19:09:04 - machine werd herstart

ComboFix-quarantined-files.txt 2012-09-21 17:09

.

Pre-Run: 111.413.714.944 bytes beschikbaar

Post-Run: 111.151.415.296 bytes beschikbaar

.

- - End Of File - - 3C1D3A25FF8ADF9875DE46C36ECD1FFE

harry
23 Sep, 2012 08:47

Heb ze niet meer…geen spyware oid meer

hoe was mijn logje ?

gr en thanks

 

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.