re probleem met CDKSDK

DennisAA

27-11-2012 14:32

goedenmiddag
had een topic op hardware forum liep via huib en jos
moest nu logje hier plaatsen
*-+# AdwCleaner v2.009 - Verslag gemaakt op 27/11/2012 om 14:24:12
# Geactualiseerd op 24/11/2012 door Xplode
# Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)
# Gebruiker : manon - UW-259CBE6449D1
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Documents and Settings\manon\Bureaublad\adwcleaner.exe
# Optie
***** *****
***** *****
Map Verwijdert : C:\Documents and Settings\All Users\Application Data\Ask
Map Verwijdert : C:\Documents and Settings\All Users\Application Data\Trymedia
Map Verwijdert : C:\Documents and Settings\janneke\Application Data\imeshbandmltbpi
Map Verwijdert : C:\Documents and Settings\janneke\Application Data\mediabarim
Map Verwijdert : C:\Documents and Settings\janneke\Local Settings\Application Data\Conduit
Map Verwijdert : C:\Documents and Settings\janneke\Local Settings\Application Data\ConduitEngine
Map Verwijdert : C:\Documents and Settings\janneke\Local Settings\Application Data\P2P_Energy
Map Verwijdert : C:\Documents and Settings\janneke\Local Settings\Application Data\PHPNukeDU
Map Verwijdert : C:\Documents and Settings\manon\Application Data\imeshbandmltbpi
Map Verwijdert : C:\Documents and Settings\manon\Application Data\mediabarim
Map Verwijdert : C:\Documents and Settings\manon\Application Data\PriceGong
Map Verwijdert : C:\Documents and Settings\manon\Local Settings\Application Data\AskToolbar
Map Verwijdert : C:\Documents and Settings\manon\Local Settings\Application Data\Conduit
Map Verwijdert : C:\Documents and Settings\manon\Local Settings\Application Data\P2P_Energy
Map Verwijdert : C:\Documents and Settings\manon\Local Settings\Application Data\PHPNukeDU
Map Verwijdert : C:\Program Files\Conduit
Map Verwijdert : C:\Program Files\P2P_Energy
Map Verwijdert : C:\Program Files\PHPNukeDU
***** *****
Data Verwijdert : HKLM\..\Windows = C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll
Data Verwijdert : HKLM\..\Windows = C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
Sleutel Verwijdert : HKCU\Software\AppDataLow\AskBarDis
Sleutel Verwijdert : HKCU\Software\Conduit
Sleutel Verwijdert : HKCU\Software\DataMngr
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2BAE58C2-79F9-45D1-A286-81F911301C3A}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{46735DEE-F862-49D1-876D-6382794DC625}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2BAE58C2-79F9-45D1-A286-81F911301C3A}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46735DEE-F862-49D1-876D-6382794DC625}
Sleutel Verwijdert : HKCU\Software\P2P_Energy
Sleutel Verwijdert : HKCU\Software\PHPNukeDU
Sleutel Verwijdert : HKCU\Software\PriceGong
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{256E6274-7CFC-4235-B1E1-A4D8EC1F3A48}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{2BAE58C2-79F9-45D1-A286-81F911301C3A}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{46735DEE-F862-49D1-876D-6382794DC625}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{616B770D-70DA-45AF-8A3C-B63083BD88F8}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Sleutel Verwijdert : HKLM\Software\Conduit
Sleutel Verwijdert : HKLM\Software\DataMngr
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iMesh 1 MediaBar
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\P2P_Energy Toolbar
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PHPNukeDU Toolbar
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wincore MediaBar
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2BAE58C2-79F9-45D1-A286-81F911301C3A}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46735DEE-F862-49D1-876D-6382794DC625}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh 1 MediaBar
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2P_Energy Toolbar
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PHPNukeDU Toolbar
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar
Sleutel Verwijdert : HKLM\Software\P2P_Energy
Sleutel Verwijdert : HKLM\Software\PHPNukeDU
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
***** *****
-\\ Internet Explorer v8.0.6001.18702
Het register bevat geen enkele ongeoorloofde invoer.
-\\ Google Chrome v23.0.1271.64
File : C:\Documents and Settings\manon\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
De file bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner.txt - ##########
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:32:06, on 27-11-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\manon\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (file missing)
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: HDAShCut.exe
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: ALCMTR.EXE
O4 - HKLM\..\Run: C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Lokale service’)
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353790306718
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - c:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
–
End of file - 8337 bytes
Ben

27-11-2012 16:06

Hallo,
“zoek.exe” gebruiken
Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens gebruik soms als trojan aangezien.
(hier of hier) kan je lezen hoe je dat doet.
Download daarna zoek.exe naar het bureaublad.
Windows 2000 en Windows XP: start de tool middels dubbelklik op “zoek.exe”.
Windows Vista en Windows 7: start de tool middels rechtsklik op “zoek.exe” en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal er na een tijdje een venster geopend worden.
Zet een vinkje bij "Create System Restore Point".
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
Kopieer nu onderstaande Vet gedrukte en plak die in het grote invulvenster:
startupall;
filesrcm;
{28387537-e3f9-4ed7-860c-11e69af4a8a0};c
{474597C5-AB09-49d6-A4D5-2E8D7341384E};c
C:\PROGRA~1\IMESHA~1;fs
emptyclsid;
emptyjava;
emptyflash;
emptyiecache;
emptytemp;
Sluit nu eerst alle nog openstaande programmavensters!
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Gr.Ben
Antivirusprikbord.nl
DennisAA

27-11-2012 17:11

Hoi Ben
logje
Zoek.exe Version 3.0.0.4 Updated 26-November-2012
Tool run by manon on di 27-11-2012 at 16:57:49,87.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
==== System Restore Info ======================
27-11-2012 17:00:33 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49d6-A4D5-2E8D7341384E} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49d6-A4D5-2E8D7341384E} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49d6-A4D5-2E8D7341384E} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49d6-A4D5-2E8D7341384E} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{474597C5-AB09-49d6-A4D5-2E8D7341384E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully
HKEY_USERS\S-1-5-21-83265092-2990293034-2559932795-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully
==== Deleting Files \ Folders ======================
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
2012-11-24 19:24:13 E185BDA84E5F03F4E1D8DCA30E209277 1912 -c–a-w- C:\WINDOWS\epplauncher.mif
====== C:\WINDOWS\TEMP ====
====== C:\WINDOWS\system32 =====
2012-11-24 20:16:53 E69D7BEBBE41D971EE15D1E00CB5F3C8 132560 -c–a-w- C:\WINDOWS\System32\esdevapp.exe
2012-11-24 20:16:53 218755A1BE798AE3C39262415E74DFE7 12800 -c–a-w- C:\WINDOWS\System32\escdev.dll
2012-11-24 20:16:44 53886BD63B137AAFF945353239CB60CB 342016 -c–a-w- C:\WINDOWS\System32\eswiaud.dll
2012-11-24 19:35:23 D11DBD089AF8B0EE3A5AF739C8BA9189 237072 -c—-w- C:\WINDOWS\System32\MpSigStub.exe
====== C:\WINDOWS\system32\drivers =====
====== C:\WINDOWS\Tasks ======
2012-11-24 19:43:33 CE0E0352D400866A63F3BD7D41C98C60 386 -c-ha-w- C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C: =====
2012-11-27 13:24:12 E5EC8B4EB1AE62369DA09E18B70110D2 6636 -c–a-w- C:\AdwCleaner.txt
====== C:\Documents and Settings\manon\Application Data ======
====== C:\Documents and Settings\manon ======
2012-11-27 05:45:45 ——– dc-h–r- C:\Documents and Settings\manon\Onlangs geopend
====== C: exe-files ==
2012-11-27 13:22:21 C9A3B1AEBABCBA3DD2354E9B41360066 480125 -c–a-w- C:\Documents and Settings\manon\Bureaublad\adwcleaner.exe
2012-11-24 21:13:54 9A2347903D6EDB84C10F288BC0578C1C 388608 -c–a-w- C:\Documents and Settings\manon\Bureaublad\HijackThis.exe
2012-11-24 19:04:09 899EBE6338245D0F1BACD2DE6CF40C83 11101672 -c–a-w- C:\Documents and Settings\manon\Bureaublad\mseinstall.exe
=== C: other files ==
2012-11-24 20:16:53 218755A1BE798AE3C39262415E74DFE7 12800 -c–a-w- C:\WINDOWS\system32\escdev.dll
2012-11-24 20:16:52 C22006F5EC9B51CA86C1D2FCE3F765FC 131072 -c–a-w- C:\WINDOWS\twain_32\ESCNDV\ES00C7\esres.dll
2012-11-24 20:16:52 376E8A08C2417A90FF61DE9A39355EB2 454656 -c–a-w- C:\WINDOWS\twain_32\ESCNDV\ES00C7\esdtr2.dll
2012-11-24 20:16:52 2B3B52FFC14976C04A3F88BA86680866 425984 -c–a-w- C:\WINDOWS\twain_32\ESCNDV\ES00C7\esdtr.dll
2012-11-24 20:16:51 C1871F0567EDAD6F8BE1F513C07477F1 1060864 -c–a-w- C:\WINDOWS\twain_32\ESCNDV\ES00C7\esui.dll
2012-11-24 20:16:51 ABF3A7F9D9758A9AC892F798C3B2B83A 122880 -c–a-w- C:\WINDOWS\twain_32\ESCNDV\ES00C7\esutwb.dll
2012-11-24 20:16:51 79C2FF6C4D9A225DC54A589CE211DC42 266240 -c–a-w- C:\WINDOWS\twain_32\ESCNDV\ES00C7\estwpmg.dll
2012-11-24 20:16:50 60F2CB1EDCB0520CAC9E821CF7004B4E 1961984 -c–a-w- C:\WINDOWS\twain_32\ESCNDV\ES00C7\esimgdet.dll
2012-11-24 20:16:50 0E4FF54154F0C60FCED51FFDBC4DBDE0 462848 -c–a-w- C:\WINDOWS\twain_32\ESCNDV\ES00C7\esscncl.dll
2012-11-24 20:16:49 F326C428354CB7267266EAD11B130DDC 36864 -c–a-w- C:\WINDOWS\twain_32\ESCNDV\ES00C7\esdscl.dll
2012-11-24 20:16:49 E8C06DE7FFF02963AB7A06F9A5EB33E6 217088 -c–a-w- C:\WINDOWS\twain_32\ESCNDV\ES00C7\esimgctl.dll
2012-11-24 20:16:49 98799FF2AB11A413DD088341A7B84575 192512 -c–a-w- C:\WINDOWS\twain_32\ESCNDV\ES00C7\esfit.dll
2012-11-24 20:16:49 383B4F5D6B9B2905B3503E9649CF8EFE 53248 -c–a-w- C:\WINDOWS\twain_32\ESCNDV\ES00C7\esicm.dll
2012-11-24 20:16:49 2178A17DD4695FE65B557C2C6F1A3C86 626688 -c–a-w- C:\WINDOWS\twain_32\ESCNDV\ES00C7\esimfl.dll
2012-11-24 20:16:48 C14B3E862EA6BAF4A195D925B4F7FD6F 147456 -c–a-w- C:\WINDOWS\twain_32\ESCNDV\ES00C7\esdevif.dll
2012-11-24 20:16:48 65950BD5B34603314069368D0663324E 90112 -c–a-w- C:\WINDOWS\twain_32\ESCNDV\ES00C7\esddc.dll
2012-11-24 20:16:48 5450D30F82D16C90D454E1A63036D6C9 196608 -c–a-w- C:\WINDOWS\twain_32\ESCNDV\ES00C7\esdevcl.dll
2012-11-24 20:16:48 08E9B29E63729B8001CC0941CB975226 94208 -c–a-w- C:\WINDOWS\twain_32\ESCNDV\ES00C7\esdde.dll
2012-11-24 20:16:46 87DAB46EA3771DD25FCF7E7CB3DF23B6 3571712 -c–a-w- C:\WINDOWS\twain_32\ESCNDV\ES00C7\escires.dll
2012-11-24 20:16:44 53886BD63B137AAFF945353239CB60CB 342016 -c–a-w- C:\WINDOWS\system32\eswiaud.dll
==== Startup Registry Enabled ======================
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE”
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE”
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE”
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe”
“msnmsgr”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background”
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE”
“Snelkoppeling naar eigenschappenvenster voor High Definition Audio”=“HDAShCut.exe”
“RTHDCPL”=“RTHDCPL.EXE”
“Alcmtr”=“ALCMTR.EXE”
“RIMBBLaunchAgent.exe”=“C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe”
“MSC”=“c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe -atboottime”
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe”
“msnmsgr”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background”
==== Startup Registry Disabled ======================
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“cli”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\“ runtime -Delay”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“RunDll32 cmcnfgu”
“hkey”=“HKLM”
“command”=“RunDll32 cmcnfgu.cpl,CMICtrlWnd”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“iTunesHelper”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\iTunes\\iTunesHelper.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“_uninstop”
“hkey”=“HKLM”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“msnmsgr”
“hkey”=“HKCU”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“NeroCheck”
“hkey”=“HKLM”
“command”=“C:\\WINDOWS\\system32\\NeroCheck.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“qttask”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\QuickTime\\qttask.exe\“ -atboottime”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Skype”
“hkey”=“HKCU”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“jusched”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“GoogleToolbarNotifier”
“hkey”=“HKCU”
“command”=“C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Res”
“hkey”=“HKLM”
“command”=“C:\\Program Files\\USB Disk Win98 Driver\\Res.EXE”
“path”=“C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Adobe Reader Snelle start.lnk”
“backup”=“C:\\WINDOWS\\pss\\Adobe Reader Snelle start.lnkCommon Startup”
“command”=“C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE ”
“item”=“Adobe Reader Snelle start”
“path”=“C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\BlueSoleil.lnk”
“backup”=“C:\\WINDOWS\\pss\\BlueSoleil.lnkCommon Startup”
“command”=“C:\\PROGRA~1\\IVTCOR~1\\BLUESO~1\\BLUESO~1.EXE ”
“item”=“BlueSoleil”
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\AppleSoftwareUpdate.job –a–c— C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-83265092-2990293034-2559932795-1007Core.job –a–c— C:\Documents and Settings\manon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-83265092-2990293034-2559932795-1007UA.job –a–c— C:\Documents and Settings\manon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job –ah-c— C:\Program Files\Microsoft Security Client\MpCmdRun.exe
==== Empty IE Cache ======================
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\janneke\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\janneke\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\manon\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Deleting Files / Folders ======================
“C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat” not deleted
“C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat” not found
Ben

27-11-2012 17:21

Hallo,
Plaats even een nieuw HijackThis logje en vertel hoe het gaat.
Gr.Ben
Antivirusprikbord.nl
DennisAA

27-11-2012 17:34

hoi Ben
t draaid
goed alleen de melding ‘Kan volume niet ten behoeve van directe toegang openen’ wanneer Chkdsk wordt uitgevoerd bij het opstarten
en ik zie AVg er nog tussen staan in deze log
die is eraf gehaald en draai MSE
logje hijack
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:27:35, on 27-11-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\manon\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: HDAShCut.exe
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: ALCMTR.EXE
O4 - HKLM\..\Run: C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Lokale service’)
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353790306718
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - c:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
–
End of file - 7797 bytes
Ben

27-11-2012 17:55

Hallo,
Start HijackThis en kies voor “Do a systemscan only”.
Vink vervolgens enkel deze onderstaande regels aan:
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (file missing)
Sluit vervolgens alle vensters, behalve HijackThis. Klik daarna op “Fix checked”.
Wanneer je een vraag krijgt of je het zeker weet, bevestig deze dan met "Ja".
Herstart je pc.
Verwijder hierna de dik gedrukte map: C:\Program Files\AVG
Ga naar start>uitvoeren en geef daar het volgende commando op sfc /scannow (Let op! de spatie na sfc)
Waarschijnlijk wordt er gevraagd om de Windows cd of dvd.
Vertel hoe het hierna gaat.
Gr.Ben
Antivirusprikbord.nl
DennisAA

27-11-2012 18:49

Hoi
gedaan wat Ben vroeg
sfc /scannow gedaan duurde wel ff maar toen ie klaar was floepte ie weg
dus zal wel niets gevonden hebben,vroeg ook niet om cd
gr Dennis,
Ben

27-11-2012 18:50

Hallo,
Krijg je nou nog die melding?
Gr.Ben
Antivirusprikbord.nl
DennisAA

27-11-2012 18:53

yeps :X
Ben

27-11-2012 18:58

Hallo,
Had je dit al uitgevoerd wat Jos aangaf?
http://support.microsoft.com/kb/315265/nl
Gr.Ben
Antivirusprikbord.nl

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

re probleem met CDKSDK

DennisAA

Ben

DennisAA

Ben

DennisAA

Ben

DennisAA

Ben

DennisAA

Ben