windows 7 ultimate opstartprobleem en melding superantispyware

harry

21-09-2012 09:10

hallo
ik merk al een paar dagen dat mijn pc traag opstart
superantispyware geeft x op x aan dat ik pup.b protector heb en dat ie telkens terug komt
mbam geeft niks aan en avast zegt ook dat ik niks heb
sinds 2 dagen heb ik tydelijk google chrome als browser
hier volgt een logje
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:08:28, on 21-9-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Browser Manager\2.2.580.182\{d1538445-ebd9-4c43-882a-854eff8d928c}\brwmngr.exe
C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3227983
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {72cabc40-64b2-46ed-8648-26d831761150} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe” /c
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\22580~1.182\{d1538~1\brwmngr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.580.182\{d1538445-ebd9-4c43-882a-854eff8d928c}\brwmngr.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
–
End of file - 8561 bytes
fazantje

21-09-2012 09:45

Hoi Harry,
Google Chroome geeft vaker problemen.
Ik zou Firefox nemen.
Download hier AdwCleaner by Xplode naar je Bureaublad.
Sluit alle openstaande vensters.
Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren…
Klik vervolgens op Delete.
Klik bij AdwCleaner – Information op OK.
Klik bij AdwCleaner – Restart Required op OK.
Alle icoontjes verdwijnen van het Bureaublad,dit is normaal.
Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner.txt ) post de inhoud in een volgende bericht, samen met een nieuw HijackThis logje.
Succes,
Huib;)
harry

21-09-2012 10:28

Ik moest zelf opnieuw opstarten ivm het feit dat ie mekkerde over browser
er is geen logje op bureaublad
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:26:01, on 21-9-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3227983
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {72cabc40-64b2-46ed-8648-26d831761150} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {72cabc40-64b2-46ed-8648-26d831761150} - (no file)
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe” /c
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\22580~1.182\{d1538~1\brwmngr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
–
End of file - 7912 bytes
harry

21-09-2012 10:32

dit krijg ik als ik druk op zoeken …bij adw cleaner
# AdwCleaner v2.002 - Verslag gemaakt op 09/21/2012 om 10:31:31
# Geactualiseerd op 16/09/2012 door Xplode
# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Gebruiker : Gebruiker - GEBRUIK-M9FNQAG
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Gebruiker\Downloads\adwcleaner.exe
# Optie
***** *****
***** *****
***** *****
Sleutel Aanwezig : HKCU\Software\DataMngr_Toolbar
***** *****
-\\ Internet Explorer v9.0.8112.16421
= hxxp://search.conduit.com?SearchSource=10&ctid=CT3227983
-\\ Google Chrome v21.0.1180.89
File : C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences
De file bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner.txt - ##########
fazantje

21-09-2012 10:35

Hoi Harry,
Ik zie dat je IE weer hebt genomen i.p.v. google chroome.
Normaal zou er een logje verschijnen van ADW cleaner, maar we gaan eerst ff verder kijken.
Download combofix.exe hier.
Schakel jou virus scanner nu uit.
Dit doe je rechts onderin jou taakbalk
ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de “contents of the ComboFix package has been compromised”.
Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.
Krijg je deze melding dan meld je dit.
Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Wees geduldig en denk niet van de scanner is op tilt.
De scantijd en het aanmaken van het logje kan zeker, afhankelijk van de besmettingen, varieren van 40 minuten tot wel 1 1/2 uur.
Post de inhoud van dit bestandje samen met een nieuw HijackThis logje.
Succes,
Huib;)
harry

22-09-2012 09:52

Sorry voor mij late reactie
moest onverwachts werken ivm ziekte collega
heb nu weer internet exploder erop gedaan / nu update
en de melding is weg naar you tip / combofix
hier volgt nog een logje ter controle
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:49:51, on 22-9-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
C:\Program Files\NewsLeecher\newsLeecher.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/?ocid=OIE9HP
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
–
End of file - 7395 bytes
fazantje

22-09-2012 10:12

Hoi Harry,
Ik zou wel even graag het logje van combo willen zien.
Deze kun je vinden onder:
C:\ComboFix.txt
Groetjes Huib;)
harry

22-09-2012 12:42

ComboFix 12-09-20.03 - Gebruiker 21-09-2012 18:39:51.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.1791.1019
Gestart vanuit: c:\users\Gebruiker\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gebruiker\AppData\Roaming\inst.exe
c:\users\Gebruiker\AppData\Roaming\vso_ts_preview.xml
c:\users\Gebruiker\Favorites\Videos.url
c:\users\Gebruiker\Internet Explorer.lnk
c:\windows\system32\Thumbs.db
.
Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-08-21 to 2012-09-21 ))))))))))))))))))))))))))))))
.
.
2012-09-21 16:59 . 2012-09-21 17:02 ——– d—–w- c:\users\Gebruiker\AppData\Local\temp
2012-09-21 16:59 . 2012-09-21 16:59 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-09-21 08:37 . 2012-08-30 08:17 6980552 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A20D0E2-0718-4289-BED3-2B134930B360}\mpengine.dll
2012-09-21 08:21 . 2012-09-21 08:21 46 —-a-w- c:\windows\DeleteOnReboot.bat
2012-09-21 07:48 . 2012-09-21 07:48 102400 —-a-w- c:\windows\RegBootClean.exe
2012-09-21 07:44 . 2010-01-10 16:40 118784 —-a-w- c:\windows\system32\MSSTDFMT.DLL
2012-09-21 07:43 . 2012-09-21 07:47 ——– d—–w- c:\program files\SpywareBlaster
2012-09-21 05:08 . 2012-09-21 05:08 ——– d—–w- c:\program files\ESET
2012-09-20 15:25 . 2012-09-20 15:25 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Registry Mechanic
2012-09-20 15:00 . 2008-04-02 13:54 1101824 —-a-w- c:\windows\system32\UniBox210.ocx
2012-09-20 15:00 . 2008-04-02 13:53 212992 —-a-w- c:\windows\system32\UniBoxVB12.ocx
2012-09-20 15:00 . 2008-04-02 13:53 880640 —-a-w- c:\windows\system32\UniBox10.ocx
2012-09-20 15:00 . 2012-08-21 12:44 38560 —-a-w- c:\windows\system32\CleanMFT32.exe
2012-09-20 15:00 . 2008-09-17 19:17 658432 —-a-w- c:\windows\system32\MSCOMCT2.OCX
2012-09-20 15:00 . 2012-08-21 12:44 513696 —-a-w- c:\windows\system32\msxml.dll
2012-09-20 15:00 . 2012-09-20 15:00 ——– d—–w- c:\program files\Common Files\PC Tools
2012-09-20 15:00 . 2012-09-20 15:00 ——– d—–w- c:\program files\PC Tools
2012-09-20 14:57 . 2012-09-20 14:57 ——– d—–w- c:\programdata\PC Tools
2012-09-20 14:57 . 2012-09-20 14:57 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Product_RM
2012-09-19 07:44 . 2012-09-19 07:44 ——– d—–w- c:\windows\system32\searchplugins
2012-09-19 07:44 . 2012-09-19 07:44 ——– d—–w- c:\windows\system32\Extensions
2012-09-17 14:12 . 2012-09-17 14:20 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Belastingdienst
2012-09-17 14:12 . 2012-09-17 14:12 ——– d—–w- c:\program files\Belastingdienst
2012-09-15 06:06 . 2012-09-15 08:46 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\QuickScan
2012-09-14 10:24 . 2012-09-14 10:24 ——– d—–w- c:\users\Gebruiker\AppData\Local\Zylom
2012-09-14 10:23 . 2012-09-14 10:23 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Zylom
2012-09-14 10:22 . 2012-09-14 10:22 ——– d—–w- c:\programdata\Zylom
2012-09-14 10:05 . 2012-09-14 10:05 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\rokapublish
2012-09-12 16:54 . 2012-09-12 16:54 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Seven Sails
2012-09-12 08:26 . 2012-08-22 17:16 712048 —-a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 08:26 . 2012-07-04 19:45 33280 —-a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 08:26 . 2012-08-22 17:16 1292144 —-a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 08:26 . 2012-08-22 17:16 240496 —-a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 08:26 . 2012-08-22 17:16 187760 —-a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 08:25 . 2012-08-02 16:57 490496 —-a-w- c:\windows\system32\d3d10level9.dll
2012-09-09 12:15 . 2012-09-09 12:15 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Wildfire
2012-09-09 12:09 . 2012-09-09 12:09 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Princess Isabella
2012-09-07 17:54 . 2012-09-07 17:55 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Akhra
2012-09-07 17:45 . 2012-09-07 17:46 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\TOMI2.THE GATES OF FATE
2012-09-06 07:47 . 2012-09-13 06:46 ——– d—–w- c:\users\Gebruiker\AppData\Local\QuickPar
2012-09-06 07:46 . 2012-09-06 07:46 ——– d—–w- c:\program files\QuickPar
2012-09-02 08:10 . 2012-09-02 08:10 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Friday's games
2012-08-31 18:06 . 2012-08-31 18:06 ——– d—–w- c:\programdata\SpinTop Games
2012-08-31 18:04 . 2012-09-14 10:22 ——– d—–w- c:\program files\Zylom Games
2012-08-31 17:26 . 2012-08-31 17:26 93672 —-a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-30 14:44 . 2012-08-30 14:44 ——– d—–w- c:\program files\Yamicsoft
2012-08-29 14:57 . 2012-08-29 15:09 ——– d—–w- c:\users\Gebruiker\Orchestral Manoeuvres In The Dark - The Best Of OMD
2012-08-29 14:57 . 2012-08-29 15:09 ——– d—–w- c:\users\Gebruiker\hits andclips greatesthits16
2012-08-29 08:02 . 2012-08-29 08:42 ——– d—–w- c:\users\Gebruiker\AppData\Local\Pirate
2012-08-27 15:47 . 2012-08-27 15:47 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\SUPERAntiSpyware.com
2012-08-27 15:47 . 2012-09-08 15:07 ——– d—–w- c:\program files\SUPERAntiSpyware
2012-08-27 09:53 . 2012-08-27 09:53 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\AnySend
2012-08-27 09:53 . 2012-08-27 09:54 ——– d—–w- c:\programdata\AnySend
2012-08-26 07:30 . 2012-08-26 07:30 ——– d—–w- c:\program files\FileConverter_1.4
2012-08-24 17:24 . 2012-08-24 17:24 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\GameDevo
2012-08-24 16:49 . 2012-08-24 16:49 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\JoyBits
2012-08-24 16:47 . 2012-08-24 16:47 ——– d—–w- c:\users\Gebruiker\AppData\Local\MumboJumbo
2012-08-24 16:45 . 2012-08-24 16:46 ——– d—–w- c:\program files\Luxor Amun Rising HD
2012-08-24 07:45 . 2009-06-30 08:37 28552 —-a-w- c:\windows\system32\drivers\pavboot.sys
2012-08-24 07:44 . 2012-08-24 07:44 ——– d—–w- c:\program files\Panda Security
2012-08-24 05:47 . 2012-08-24 05:47 ——– d—–w- c:\programdata\SUPERAntiSpyware.com
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 15:04 . 2012-06-10 12:29 22856 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-09-02 05:32 . 2012-06-10 09:17 73416 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-02 05:32 . 2012-06-10 09:17 696520 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-31 17:26 . 2012-06-10 16:57 821736 —-a-w- c:\windows\system32\npdeployJava1.dll
2012-08-31 17:26 . 2012-06-10 12:58 746984 —-a-w- c:\windows\system32\deployJava1.dll
2012-08-21 09:13 . 2012-06-08 19:39 355632 —-a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-06-08 19:38 729752 —-a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-06-08 19:38 54232 —-a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-06-08 19:38 44784 —-a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-06-08 19:38 58680 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-06-08 19:39 21256 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-06-08 19:38 41224 —-a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-06-08 19:37 227648 —-a-w- c:\windows\system32\aswBoot.exe
2012-07-23 13:59 . 2012-06-10 13:13 22400 —-a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-18 17:47 . 2012-08-15 04:18 2345984 —-a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14 . 2012-08-15 04:18 102912 —-a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 04:18 41984 —-a-w- c:\windows\system32\browcli.dll
2012-06-29 00:16 . 2012-08-15 04:27 1800704 —-a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-15 04:27 1129472 —-a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-15 04:27 1427968 —-a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 04:27 142848 —-a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 04:27 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2012-06-26 12:26 . 2012-06-26 12:26 47360 —-a-w- c:\users\Gebruiker\AppData\Roaming\pcouffin.sys
2012-05-04 07:04 . 2012-05-04 07:04 2174976 —-a-w- c:\program files\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
2012-08-21 09:12 121528 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
.
“avast”=“c:\program files\AVAST Software\Avast\avastUI.exe”
.
“ConsentPromptBehaviorAdmin”= 0 (0x0)
“ConsentPromptBehaviorUser”= 0 (0x0)
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
“PromptOnSecureDesktop”= 0 (0x0)
.
“NoResolveTrack”= 1 (0x1)
.
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL”
.
2011-05-04 17:54 551296 —-a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
“aux”=wdmaud.drv
.
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
@=“”
.
backup=c:\windows\pss\OpenOffice.org 3.3 .lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSpeedUp
.
2012-07-27 20:51 919008 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
2012-05-28 13:56 288128 —-a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
2012-05-30 18:06 59280 —-a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
2010-03-13 12:54 91520 —-a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
2012-06-07 17:33 421776 —-a-w- c:\program files\iTunes\iTunesHelper.exe
.
2012-03-08 16:50 4280184 —-a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
2012-08-21 12:43 105120 —-a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
.
2012-07-03 07:04 252848 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
R3 c2wts;Claims voor Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys
S1 aswSnx;aswSnx;
S1 aswSP;aswSP;
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys
.
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - WS2IFSL
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-09-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-09-21 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe
.
2012-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3453345529-432745293-659397266-1000Core.job
- c:\users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe
.
2012-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3453345529-432745293-659397266-1000UA.job
- c:\users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe
.
2012-09-21 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files\PC Tools\PC Tools Registry Mechanic\SULauncher.exe
.
2012-09-21 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools\PC Tools Registry Mechanic\RegMech.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227983
uInternet Settings,ProxyOverride = *.local
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.54.35.25 212.54.40.25
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{72cabc40-64b2-46ed-8648-26d831761150} - (no file)
Toolbar-Locked - (no file)
Toolbar-{72cabc40-64b2-46ed-8648-26d831761150} - (no file)
WebBrowser-{72CABC40-64B2-46ED-8648-26D831761150} - (no file)
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (2) (LocalSystem)
“{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}”=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
“{18DF081C-E8AD-4283-A596-FA578C2EBDC3}”=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
“{72853161-30C5-4D22-B7F9-0BBC1D38A37E}”=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
“{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}”=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
“{9030D464-4C02-4ABF-8ECC-5164760863C6}”=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
“{9FDDE16B-836F-4806-AB1F-1455CBEFF289}”=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
“{B4F3A835-0E21-4959-BA22-42B3008E02FF}”=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
“{DBC80044-A445-435B-BC74-9C25C1C588A9}”=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
“{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}”=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
@Denied: (2) (LocalSystem)
“Timestamp”=hex:60,cc,52,1d,94,73,cd,01
.
@Denied: (2) (LocalSystem)
“88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,73,8b,e1,74,af,dc,41,b5,07,4f,\
“2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,73,8b,e1,74,af,dc,41,b5,07,4f,\
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\IObit\Advanced SystemCare 5\ASCTooltips.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Voltooingstijd: 2012-09-21 19:09:04 - machine werd herstart
ComboFix-quarantined-files.txt 2012-09-21 17:09
.
Pre-Run: 111.413.714.944 bytes beschikbaar
Post-Run: 111.151.415.296 bytes beschikbaar
.
- - End Of File - - 3C1D3A25FF8ADF9875DE46C36ECD1FFE
Ben

22-09-2012 15:08

Hallo,
Hoe staat het nu met je problemen.
Gr.Ben
Antivirusprikbord.nl
harry

23-09-2012 08:47

Heb ze niet meer…geen spyware oid meer
hoe was mijn logje ?
gr en thanks

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

windows 7 ultimate opstartprobleem en melding superantispyware

harry

fazantje

harry

harry

fazantje

harry

fazantje

harry

Ben

harry