Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
glenn
Zegt mij niks vertel….
kom uit holland en werk niet met proxy hide ip oid
Hallo glenn,
1. Start HijackThis;
Klik met de rechtermuis op het programma Hijackthis en kies voor “Uitvoeren als Administrator”
Kies voor ‘Do a system scan only’.
Selecteer alle regels die hier onder staan:
O17 - HKLM\System\CCS\Services\Tcpip\..\{44B7DDEE-EA59-47B0-9C9C-C51672A8F138}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{77BF9EC4-708F-44E9-8305-D33291DCA91A}: NameServer = 8.26.56.26,156.154.70.22
Sluit alle open vensters(behalve HijackThis), klik daarna op Fix checked en bevestig het door in het volgende scherm op Ja te klikken.
2. Download ComboFix van één van deze locaties:
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.
1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze elkaar tegen werken.
Avast
•Klik met de rechtermuisknop op het pictogram Avast rechts onder.
•Klik op Avast schilden instellingen.
En dan kan je Avast uitschakkelen.
2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de ‘tool’ vastlopen.
* Noot !!! Als er een error wordt getoond met de melding “Illegal operation attempted on a registery key that has been marked for deletion.” herstart dan de computer.
5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken.
Het kan enige tijd duren voordat het logje van combofix komt, dus denk niet van hij is op tilt.
Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht samen met een nieuw hijackThis logje.
Gr.Ben
deze 2 krijg ik met geen mogelijkheid weg wat ik ook probeer
O17 - HKLM\System\CCS\Services\Tcpip\..\{44B7DDEE-EA59-47B0-9C9C-C51672A8F138}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{77BF9EC4-708F-44E9-8305-D33291DCA91A}: NameServer = 8.26.56.26,156.154.70.22
en combofix lukt niet
gr
Sorry ben
beetje laat maar combofix had tyd nodig
p.s mijn naam weggelaten
ComboFix 12-01-13.03 - 13-01-2012 23:00:06.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1791.817
Gestart vanuit: c:\users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HSJT12F\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\\AppData\Roaming\Czuauc.exe
c:\users\\AppData\Roaming\inst.exe
c:\users\\AppData\Roaming\mkOEHGtpUt.txt
c:\users\\AppData\Roaming\vNikXSkTNN.txt
c:\users\\AppData\Roaming\vso_ts_preview.xml
c:\users\\AppData\Roaming\wienbsade.exe
c:\users\\vlc-1.1.11-win32.exe
c:\windows\IsUn0413.exe
c:\windows\system32\system
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-13 to 2012-01-13 ))))))))))))))))))))))))))))))
.
.
2012-01-13 22:19 . 2012-01-13 22:19 ——– d—–w- c:\users\\AppData\Local\temp
2012-01-13 22:19 . 2012-01-13 22:19 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-13 22:19 . 2012-01-13 22:19 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-01-13 21:50 . 2012-01-13 21:50 56200 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6358D95B-CC4B-408A-A6AD-0DDD81FA4CB8}\offreg.dll
2012-01-13 20:18 . 2012-01-13 20:18 388096 —-a-r- c:\users\\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-13 19:00 . 2012-01-13 19:00 ——– d—–w- c:\users\\AppData\Roaming\Nend Software
2012-01-13 19:00 . 2010-01-06 12:13 506368 —-a-w- c:\windows\system32\sqlite3.dll
2012-01-13 19:00 . 2012-01-13 19:00 ——– d—–w- c:\program files\Nend Software
2012-01-13 17:08 . 2012-01-13 17:08 ——– d—–w- c:\users\AppData\Roaming\Crown
2012-01-13 17:08 . 2012-01-13 17:08 ——– d—–w- c:\programdata\Crown
2012-01-13 17:07 . 2011-11-21 10:47 6823496 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6358D95B-CC4B-408A-A6AD-0DDD81FA4CB8}\mpengine.dll
2012-01-13 16:37 . 2012-01-13 16:46 ——– d—–w- c:\users\\AppData\Roaming\thecleaner
2012-01-12 16:10 . 2012-01-12 16:10 ——– d—–w- c:\users\\AppData\Roaming\DriverDokterSoftware
2012-01-12 16:10 . 2012-01-12 16:10 ——– d—–w- c:\users\\AppData\Roaming\DeviceDoctorSoftware
2012-01-11 16:21 . 2011-11-17 06:48 440192 —-a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-11 16:21 . 2011-11-16 16:23 278528 —-a-w- c:\windows\system32\schannel.dll
2012-01-11 16:21 . 2011-11-16 16:21 1259008 —-a-w- c:\windows\system32\lsasrv.dll
2012-01-11 16:21 . 2011-11-16 16:23 377344 —-a-w- c:\windows\system32\winhttp.dll
2012-01-11 16:21 . 2011-11-16 16:23 72704 —-a-w- c:\windows\system32\secur32.dll
2012-01-11 16:21 . 2011-11-16 14:12 9728 —-a-w- c:\windows\system32\lsass.exe
2012-01-11 14:23 . 2011-10-14 16:03 189952 —-a-w- c:\windows\system32\winmm.dll
2012-01-11 14:23 . 2011-10-14 16:00 23552 —-a-w- c:\windows\system32\mciseq.dll
2012-01-11 14:23 . 2011-11-18 20:23 1205064 —-a-w- c:\windows\system32\ntdll.dll
2012-01-11 14:23 . 2011-11-18 17:47 66560 —-a-w- c:\windows\system32\packager.dll
2012-01-11 14:23 . 2011-11-25 15:59 376320 —-a-w- c:\windows\system32\winsrv.dll
2012-01-11 14:23 . 2011-12-01 15:21 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 14:23 . 2011-10-25 15:58 1314816 —-a-w- c:\windows\system32\quartz.dll
2012-01-11 14:23 . 2011-10-25 15:58 497152 —-a-w- c:\windows\system32\qdvd.dll
2012-01-10 17:58 . 2012-01-10 17:58 ——– d—–w- c:\users\\AppData\Roaming\Alawar Entertainment
2012-01-07 15:44 . 2012-01-07 15:44 ——– d—–w- c:\users\\AppData\Roaming\PlayPond
2012-01-06 19:03 . 2012-01-06 19:03 ——– d—–w- c:\users\\AppData\Roaming\Boolat Games
2012-01-01 14:27 . 2011-10-19 21:16 20312 —-a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-29 11:55 . 2011-12-29 11:55 ——– d—–w- c:\users\\AppData\Roaming\game
2011-12-29 11:32 . 2012-01-06 18:50 ——– d—–w- c:\program files\Hidden World of Art - NL
2011-12-29 11:31 . 2012-01-06 18:49 ——– d—–w- c:\program files\Hidden World of Art 2 - NL
2011-12-28 19:54 . 2011-12-28 19:54 ——– d—–w- c:\users\\AppData\Roaming\Playrix Entertainment
2011-12-28 19:18 . 2011-12-28 19:18 ——– d—–w- c:\users\\AppData\Roaming\Frozen Kingdom
2011-12-28 11:41 . 2011-12-28 11:41 ——– d—–w- c:\program files\Macabre Mysteries - Curse of the Nightingale
2011-12-25 09:47 . 2011-12-25 09:47 ——– d—–w- c:\users\\AppData\Roaming\DVD Flick
2011-12-25 09:46 . 2003-01-26 12:41 40960 —-a-w- c:\windows\system32\ssubtmr6.dll
2011-12-25 09:46 . 2008-08-31 12:27 28672 —-a-w- c:\windows\system32\mousewheel.ocx
2011-12-25 09:46 . 2007-08-31 17:36 36864 —-a-w- c:\windows\system32\trayicon_handler.ocx
2011-12-25 09:46 . 2004-03-08 23:00 662288 —-a-w- c:\windows\system32\mscomct2.ocx
2011-12-25 09:46 . 2004-03-08 23:00 609824 —-a-w- c:\windows\system32\comctl32.ocx
2011-12-25 09:46 . 2004-03-08 23:00 212240 —-a-w- c:\windows\system32\richtx32.ocx
2011-12-25 09:46 . 1998-06-23 23:00 164144 —-a-w- c:\windows\system32\comct232.ocx
2011-12-25 09:46 . 2011-12-25 09:46 ——– d—–w- c:\program files\DVD Flick
2011-12-20 18:31 . 2011-12-20 18:31 ——– d—–w- c:\users\\AppData\Roaming\gogii
2011-12-20 18:31 . 2011-12-20 18:31 ——– d—–w- c:\programdata\gogii
2011-12-18 10:37 . 2011-12-18 10:37 ——– d—–w- c:\users\AppData\Roaming\Casual Arts
2011-12-18 10:37 . 2011-12-18 10:37 ——– d—–w- c:\programdata\Casual Arts
2011-12-16 18:21 . 2011-12-16 18:21 ——– d—–w- c:\programdata\PDVD
2011-12-16 18:20 . 2011-12-16 18:20 ——– d—–w- c:\users\\AppData\Local\MediaServer
2011-12-16 18:16 . 2011-12-16 18:17 ——– d—–w- c:\programdata\install_clap
2011-12-16 05:25 . 2011-12-16 05:25 637848 —-a-w- c:\windows\system32\npdeployJava1.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 05:25 . 2010-04-17 05:55 567184 —-a-w- c:\windows\system32\deployJava1.dll
2011-12-10 14:24 . 2010-06-25 10:59 20464 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 08:50 . 2011-12-07 08:49 253952 ——w- c:\windows\Setup1.exe
2011-12-07 08:50 . 2011-12-07 08:49 74752 —-a-w- c:\windows\ST6UNST.EXE
2011-11-28 18:01 . 2011-12-01 14:59 41184 —-a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-12-01 14:59 199816 —-a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-12-01 15:00 435032 —-a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-12-01 15:00 314456 —-a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-12-01 15:00 34392 —-a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-12-01 15:00 52952 —-a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-12-01 15:00 55128 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-12-01 15:00 20568 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-23 16:27 . 2011-11-23 16:27 161792 —-a-w- c:\windows\system32\msls31.dll
2011-11-23 16:27 . 2011-11-23 16:27 76800 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-11-23 16:27 . 2011-11-23 16:27 74752 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-11-23 16:27 . 2011-11-23 16:27 86528 —-a-w- c:\windows\system32\iesysprep.dll
2011-11-23 16:27 . 2011-11-23 16:27 63488 —-a-w- c:\windows\system32\tdc.ocx
2011-11-23 16:27 . 2011-11-23 16:27 48640 —-a-w- c:\windows\system32\mshtmler.dll
2011-11-23 16:27 . 2011-11-23 16:27 367104 —-a-w- c:\windows\system32\html.iec
2011-11-23 16:27 . 2011-11-23 16:27 74752 —-a-w- c:\windows\system32\iesetup.dll
2011-11-23 16:27 . 2011-11-23 16:27 23552 —-a-w- c:\windows\system32\licmgr10.dll
2011-11-23 16:27 . 2011-11-23 16:27 152064 —-a-w- c:\windows\system32\wextract.exe
2011-11-23 16:27 . 2011-11-23 16:27 150528 —-a-w- c:\windows\system32\iexpress.exe
2011-11-23 16:27 . 2011-11-23 16:27 420864 —-a-w- c:\windows\system32\vbscript.dll
2011-11-23 16:27 . 2011-11-23 16:27 142848 —-a-w- c:\windows\system32\ieUnatt.exe
2011-11-23 16:27 . 2011-11-23 16:27 11776 —-a-w- c:\windows\system32\mshta.exe
2011-11-23 16:27 . 2011-11-23 16:27 101888 —-a-w- c:\windows\system32\admparse.dll
2011-11-23 16:27 . 2011-11-23 16:27 35840 —-a-w- c:\windows\system32\imgutil.dll
2011-11-23 16:27 . 2011-11-23 16:27 110592 —-a-w- c:\windows\system32\IEAdvpack.dll
2011-11-23 13:37 . 2011-12-14 14:38 2043904 —-a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42 . 2011-12-14 14:38 2048 —-a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-14 20:49 1798144 —-a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-14 20:49 1427456 —-a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 20:49 1127424 —-a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-14 20:49 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01 . 2011-12-14 14:38 3602816 —-a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01 . 2011-12-14 14:38 3550080 —-a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56 . 2011-12-14 14:38 49152 —-a-w- c:\windows\system32\csrsrv.dll
2011-10-25 14:42 . 2011-10-25 14:38 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-17 13:43 . 2009-05-16 19:10 362240 —-a-w- c:\windows\system32\TuneUpDefragService.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
2011-11-28 18:01 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“Advanced SystemCare 5”=“c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe”
.
“RtHDVCpl”=“c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe”
“avast”=“c:\program files\AVAST Software\Avast\avastUI.exe”
.
“AvgUninstallURL”=“start http://www.avg.com/nl.special-uninstallation-feedback-app?lic=OE1FSC1SNk8yUC1WWUtYUy1CQVlXUi1DRTdYWS1XRU1CUg&inst=NzYtOTQ1ODYzNDI0LVQ1LUJBKzEtS1YzKzctWEwrMS1CNC1YTzM2KzEtRDM4MUwrNy1OMUQrMS1QTCs5LUNJUCsyLUREVCswLUk5MCsxLUREOTArMS1TVDkwQV”
“NoIE4StubProcessing”=“c:\windows\system32\reg.exe DELETE HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components”
“*Restore”=“c:\windows\System32\rstrui.exe”
“Malwarebytes Anti-Malware”=“c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe”
.
“EnableUIADesktopToggle”= 0 (0x0)
“HideFastUserSwitching”= 0 (0x0)
.
“AppInit_DLLs”=c:\windows\System32\guard32.dll
.
backup=c:\windows\pss\DesktopVideoPlayer.LNK.Startup
backupExtension=.Startup
.
backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Antivirus
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTD Watchdog Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAIDstP Jmicron Corp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wiodsnhashd
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zesko_McciTrayApp
.
2007-01-18 12:03 79416 —-a-w- c:\program files\Packard Bell\FIJI\ABoard.exe
.
2011-06-06 10:55 937920 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
2011-11-12 09:42 1647448 —-a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
2011-09-27 06:22 59240 —-a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
2010-03-13 13:54 91520 —-a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
2011-11-12 23:24 421736 —-a-w- c:\program files\iTunes\iTunesHelper.exe
.
2011-12-24 16:50 981680 —-a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
2011-12-24 16:50 981680 —-a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
2010-07-01 10:43 220336 ——w- c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe
.
2010-04-16 21:12 3872080 —-a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
2010-03-26 14:10 2114808 —-a-w- c:\program files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe
.
2010-09-30 09:47 93360 ——w- c:\program files\Olympus\ib\olycamdetect.exe
.
2010-11-29 15:38 421888 —-a-w- c:\program files\VistaCodecPack\QT\QTTask.exe
.
2011-09-14 13:48 230696 —-a-w- c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe
.
2011-09-30 11:19 252296 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
“msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe” /background
“DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\daemon.exe” -autorun
“WMPNSCFG”=c:\program files\Windows Media Player\WMPNSCFG.exe
“Czuauc”=c:\users\\AppData\Roaming\Czuauc.exe
.
“HP Software Update”=c:\program files\HP\HP Software Update\HPWuSchd2.exe
“NvMediaCenter”=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
“toolbar_eula_launcher”=c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
“c:\windows\system32\V0260Ext.ax”=c:\windows\system32\RegSvr32.exe /s c:\windows\system32\V0260Ext.ax
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“QuickTime Task”=“c:\program files\VistaCodecPack\QT\QTTask.exe” -atboottime
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe
.
.
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ezSharedSvc
.
2009-03-04 15:32 8192 —-a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2009-11-13 c:\windows\Tasks\Wise Registry Cleaner 4.job
- c:\program files\Wise Registry Cleaner\WiseRegistryCleaner.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: ziggo.nl\thuishelp
TCP: DhcpNameServer = 212.54.35.25 212.54.40.25
TCP: Interfaces\{44B7DDEE-EA59-47B0-9C9C-C51672A8F138}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{77BF9EC4-708F-44E9-8305-D33291DCA91A}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-ctfupd - (no file)
MSConfigStartUp-Czuauc - c:\users\\appdata\roaming\czuauc.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-13 23:19
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
.
C:\## aswSnx private storage
.
Scan succesvol afgerond
verborgen bestanden: 1
.
**************************************************************************
.
“ImagePath”=“\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“OODEFRAG12.00.00.01PROFESSIONAL”=“090497085187CB46C5DCF193739B5628170ECE8D3D640E2D5294BF1D1E7805A4F2CC49E5168D7C28215AABA7E369927E0A1E80E787DFCD910EBB272C1363ED6BAEB07EBFC89F0FCE637BF6988B2B21D1A7D2E9B826432C18E8E7C92B509EE29140429A9199C6084D7425C2B8938A245CDA0126C954798745F7801001C876A082FD1C72F6D050A19A9240F2FEB4F5F0BF6704440D6332F10121F1D6B5007A961016D85034474DC691CD3B5D0540A011FDE13B4995B5613299202BEE761000E771061BF2ACEC13186F8A87CD8B987FC17F3489AD1A463C42BD81A09E93251E6CBD23070BEC42B96BD7829B827434CBF48E1E55DB781F3ED103AAC81E8283FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5558D195FB2E3AC5C888057BD946003E5004171CEDCBB50E068EA79B598EED09ADDAA54E8ECF5CE859142C3A0C2D38BFB1814B2DFBDA781028FBFE1FE85D7EBA809D456D45FC2236F4C8FA367928C4E48E923782926EC5A9A18A00B54661D495EE6DEC8C8BDC84ECEBD7ADD7B5D9ABA982EE50580B5CB37AD110534153F50D59C7C5F0749920A6979FE5C8CAFD191B5DBB212529E5F89EAE69DA2D3026888EE63612FA444BB8EFE6CBBCEFDB7738999A8D8A48921EBEE3A93F2F990C28F5FE7DB3EEC67076B6010C73432B5AC189E32B696DD8C89F7C76026DAC94861367188CED5FAC5C6268C0FCF3C2869886CEE41E3F3C26C3D71E50CB435970B4DAEE08BAD797FF099C728E5EA3C9883AEEC1E7BB08E99F1859C1CDCF7F22D9CD624D31F0A8FE3C7FA7BC870A631AEA262ED560A4118EF981012C46B4F1B1876B592F2E7999557E14B4509FC312BD99ACB154089DF5615106FBCBBC03BC7A84583C9EB7AB9194C084DF807D0604ECCEFF6DE8D0CF8A01E3B16DCE1D9E2A67468C0EF71E4E7BEF6B62842E6252AD1FE5F5597EF941D66E1B160069C2A8F7BD376CC7DB8A3473DD321E79DCD23AC84AB553AE4221F8128FD4089A05318AE1BE4B5703FFA2B9E5E1F2A7B5E676D26445175DEBADC957EF951E43468727B53EF08A3D55476E1D883DC6E36286116FA863495DEE5615B910702D3E56BEC2432F8637109B46C24059FD0BA51766F2733525A413B847244DB8B75F4868E345326C7DF037FA6A23ED639878FE415489B7AC58F36580957192259D9E2658B4440AC04A9708EC7E275A36C4DA2F1A82562A01062E77F3B5E984C549E6DB26A9792E7E53207EF097A0166E6B6DD5DA4C5E0997627FADA3453F1E778F718848D2EEB1DBCB0C5422E3B89406E96DEEBD36D6FFDCF73CBFC640DCB27505E9BD3A80FDAB76B9A6488D17BB1F05889F64BD3E1D88888A4E8D80EE13D5C7E0EE1FD”
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:00000000
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘winlogon.exe’(868)
c:\windows\system32\guard32.dll
.
- - - - - - - > ‘lsass.exe’(776)
c:\windows\system32\guard32.dll
.
Voltooingstijd: 2012-01-13 23:24:46
ComboFix-quarantined-files.txt 2012-01-13 22:24
.
Pre-Run: 147.020.570.624 bytes beschikbaar
Post-Run: 146.961.772.544 bytes beschikbaar
.
- - End Of File - - 1078AC1E69873AA29FCAA55E7DE8EED4
log zoals beloofd
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:42:36, on 13-1-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\explorer.exe
C:\Program Files\TuneUp Utilities 2011\OneClick.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKLM\..\RunOnce: C:\Windows\system32\reg.exe DELETE “HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components” /v “NoIE4StubProcessing” /f
O4 - HKLM\..\RunOnce: cmd.exe /c start http://www.avg.com/nl.special-uninstallation-feedback-app?lic=OE1FSC1SNk8yUC1WWUtYUy1CQVlXUi1DRTdYWS1XRU1CUg“&”inst=NzYtOTQ1ODYzNDI0LVQ1LUJBKzEtS1YzKzctWEwrMS1CNC1YTzM2KzEtRDM4MUwrNy1OMUQrMS1QTCs5LUNJUCsyLUREVCswLUk5MCsxLUREOTArMS1TVDkwQV
O4 - HKLM\..\RunOnce: C:\Windows\System32\rstrui.exe /runonce
O4 - HKLM\..\RunOnce: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe” /AutoStart
O4 - HKUS\S-1-5-21-1844289585-2998590225-2314192525-1004\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-21-1844289585-2998590225-2314192525-1004\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘UpdatusUser’)
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O11 - Options group: Accelerated graphics
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
–
End of file - 7525 bytes
Waar zal ik beginnen
vanmorgen start ik de pc op …eenmaal opgestart 2 meldingen meteen activboard application werkt niet meer en dat dos venster met c users mijn naam appdata roaming czuauc.exe
internet lig / lag eruit en mijn avast krijg ik niet meer aan de praat ( file system shield provider not found )
de pc duurt erg lang voordat hij opstart en eenmaal opgestart duurt het wel 10 min voor ik verbinding heb
hier een logje
hijack en malwarebytes
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Databaseversie: v2012.01.14.01
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
:: PC_VAN_
14-1-2012 9:35:44
mbam-log-2012-01-14 (09-35-44).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 232592
Verstreken tijd: 11 minuut/minuten, 10 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:42:36, on 13-1-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\explorer.exe
C:\Program Files\TuneUp Utilities 2011\OneClick.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKLM\..\RunOnce: C:\Windows\system32\reg.exe DELETE “HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components” /v “NoIE4StubProcessing” /f
O4 - HKLM\..\RunOnce: cmd.exe /c start http://www.avg.com/nl.special-uninstallation-feedback-app?lic=OE1FSC1SNk8yUC1WWUtYUy1CQVlXUi1DRTdYWS1XRU1CUg“&”inst=NzYtOTQ1ODYzNDI0LVQ1LUJBKzEtS1YzKzctWEwrMS1CNC1YTzM2KzEtRDM4MUwrNy1OMUQrMS1QTCs5LUNJUCsyLUREVCswLUk5MCsxLUREOTArMS1TVDkwQV
O4 - HKLM\..\RunOnce: C:\Windows\System32\rstrui.exe /runonce
O4 - HKLM\..\RunOnce: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe” /AutoStart
O4 - HKUS\S-1-5-21-1844289585-2998590225-2314192525-1004\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-21-1844289585-2998590225-2314192525-1004\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘UpdatusUser’)
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O11 - Options group: Accelerated graphics
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
–
End of file - 7525 bytes
Hallo glenn,
Heb je nog last van de Babylon Toolbar ik kom hem nergens tegen. Of heb je de toolbar al uit gezet in je browser?
1. Heb jij Adaware nog op je pc staan zo ja verwijder hem.
(is overgenomen door een dubieus bedrijf)
Verwijder als eerst vanuit: C - configuratiescherm - programma's en onderdelen: (indien aanwezig)
Adaware
Ad-Watch
2. Start HijackThis;
Klik met de rechtermuis op het programma Hijackthis en kies voor “Uitvoeren als Administrator”
Kies voor ‘Do a system scan only’.
Selecteer alle regel die hier onder staan.
O4 - HKLM\..\RunOnce: C:\Windows\system32\reg.exe DELETE “HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components” /v “NoIE4StubProcessing” /f
Sluit alle open vensters(behalve HijackThis), klik daarna op Fix checked en bevestig het door in het volgende scherm op Ja te klikken.
3.* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
Dit heb je niet gedaan plaats ComboFix nu eerst op je Bureablad !!!!
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
Registry::
“Czuauc”=“-”
Sla dit op op je Bureaublad als CFScript.txt
Schakel nu alle antivirus- en antispywareprogramma's uit.
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
4. Doe daarna Hier nog even een online scan.
5. Plaats hierna de logjes van:
Combo.txt
De online scanner
En een nieuw Hijackthis
Gr.Ben
hallo ben
ik heb nu weer avg op mijn pc../ reden bekend vorige log
Adaware
Ad-Watch
deze 2 kan ik nergens vinden
en deze regel vindt ik niet terug in hijack
O4 - HKLM\..\RunOnce: C:\Windows\system32\reg.exe DELETE “HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components” /v “NoIE4StubProcessing” /f
online scannen doe ik nu
je hoort van mij
thanks
