trage pc en ellende

marcelS

11-07-2013 18:57

Hallo
mijn laptop was niet meer voor uit te branden
na alle acties gedaan te hebben is t wel beter
geen virussen/malware gevonden
Logfile of random's system information tool 1.09 (written by random/random)
Run by marcel at 2013-07-11 18:45:54
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 86 GB (60%) free of 143 GB
Total RAM: 954 MB (29% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:46:51, on 11-7-2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19437)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Users\marcel\Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\marcel.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Presario&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Presario&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
R3 - URLSearchHook: (no name) - {46735dee-f862-49d1-876d-6382794dc625} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
–
End of file - 6440 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
======Registry dump======
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
“Windows Defender”=C:\Program Files\Windows Defender\MSASCui.exe
“IgfxTray”=C:\Windows\system32\igfxtray.exe
“HotKeysCmds”=C:\Windows\system32\hkcmd.exe
“Persistence”=C:\Windows\system32\igfxpers.exe
“”=
“MSC”=c:\Program Files\Microsoft Security Client\msseces.exe
“SunJavaUpdateSched”=C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Users\marcel\AppData\Roaming\Okivy\ykeho.exe
c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\marcel\AppData\Local\Temp\MsgPlusUninstall.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxdev.dll
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableUIADesktopToggle”=0
“BindDirectlyToPropertySetStorage”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVYU”=msyuv.dll
“VIDC.IYUV”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“VIDC.YVU9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“vidc.cvid”=iccvid.dll
“msacm.l3codecp”=l3codecp.acm
“MSVideo8”=VfWWDM32.dll
“msacm.siren”=sirenacm.dll
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“aux1”=wdmaud.drv
“wave2”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer2”=wdmaud.drv
“aux2”=wdmaud.drv
“wave3”=wdmaud.drv
“midi3”=wdmaud.drv
“mixer3”=wdmaud.drv
“aux3”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2013-07-11 18:45:56 —-D—- C:\Program Files\trend micro
2013-07-11 18:45:54 —-D—- C:\rsit
2013-07-11 16:33:16 —-D—- C:\Program Files\ESET
2013-07-11 15:56:53 —-D—- C:\ProgramData\Messenger Plus!
2013-07-11 15:02:07 —-A—- C:\AdwCleaner.txt
2013-06-16 20:40:37 —-A—- C:\Windows\system32\cryptdlg.dll
2013-06-16 20:40:29 —-A—- C:\Windows\system32\drivers\tcpip.sys
2013-06-16 20:40:28 —-A—- C:\Windows\system32\drivers\tcpipreg.sys
2013-06-16 20:37:40 —-A—- C:\Windows\system32\mshtml.dll
2013-06-16 20:37:37 —-A—- C:\Windows\system32\urlmon.dll
2013-06-16 20:37:37 —-A—- C:\Windows\system32\ieframe.dll
2013-06-16 20:37:34 —-A—- C:\Windows\system32\msfeeds.dll
2013-06-16 20:37:32 —-A—- C:\Windows\system32\wininet.dll
2013-06-16 20:37:32 —-A—- C:\Windows\system32\mstime.dll
2013-06-16 20:37:31 —-A—- C:\Windows\system32\iertutil.dll
2013-06-16 20:37:29 —-A—- C:\Windows\system32\iedkcs32.dll
2013-06-16 20:37:28 —-A—- C:\Windows\system32\ieui.dll
2013-06-16 20:37:27 —-A—- C:\Windows\system32\occache.dll
2013-06-16 20:37:27 —-A—- C:\Windows\system32\iepeers.dll
2013-06-16 20:37:25 —-A—- C:\Windows\system32\ieUnatt.exe
2013-06-16 20:37:24 —-A—- C:\Windows\system32\url.dll
2013-06-16 20:37:24 —-A—- C:\Windows\system32\iesysprep.dll
2013-06-16 20:37:23 —-A—- C:\Windows\system32\mshtmled.dll
2013-06-16 20:37:23 —-A—- C:\Windows\system32\iesetup.dll
2013-06-16 20:37:22 —-A—- C:\Windows\system32\msfeedsbs.dll
2013-06-16 20:37:22 —-A—- C:\Windows\system32\licmgr10.dll
2013-06-16 20:37:22 —-A—- C:\Windows\system32\jsproxy.dll
2013-06-16 20:37:22 —-A—- C:\Windows\system32\iernonce.dll
2013-06-16 20:37:21 —-A—- C:\Windows\system32\msfeedssync.exe
2013-06-16 20:37:21 —-A—- C:\Windows\system32\ie4uinit.exe
2013-06-16 20:37:09 —-A—- C:\Windows\system32\win32spl.dll
2013-06-16 20:37:07 —-A—- C:\Windows\system32\printcom.dll
2013-06-16 20:28:46 —-A—- C:\Windows\system32\certutil.exe
2013-06-16 20:28:42 —-A—- C:\Windows\system32\crypt32.dll
2013-06-16 20:28:39 —-A—- C:\Windows\system32\cryptsvc.dll
2013-06-16 20:28:36 —-A—- C:\Windows\system32\cryptnet.dll
2013-06-16 20:28:35 —-A—- C:\Windows\system32\certenc.dll
2013-06-16 20:27:11 —-A—- C:\Windows\system32\ntkrnlpa.exe
2013-06-16 20:27:04 —-A—- C:\Windows\system32\ntoskrnl.exe
======List of files/folders modified in the last 1 month======
2013-07-11 18:45:56 —-RD—- C:\Program Files
2013-07-11 18:45:50 —-D—- C:\Windows\Temp
2013-07-11 16:33:20 —-SD—- C:\Windows\Downloaded Program Files
2013-07-11 16:13:52 —-D—- C:\Windows\rescache
2013-07-11 15:56:57 —-D—- C:\Windows\Debug
2013-07-11 15:56:53 —-HD—- C:\ProgramData
2013-07-11 15:47:03 —-D—- C:\Windows\system32\catroot
2013-07-11 15:46:59 —-D—- C:\Windows\winsxs
2013-07-11 15:45:42 —-D—- C:\Windows\system32\catroot2
2013-07-11 15:34:33 —-D—- C:\Windows\system32\drivers
2013-07-11 15:29:21 —-D—- C:\Program Files\Malwarebytes' Anti-Malware
2013-07-11 15:25:44 —-D—- C:\Program Files\Messenger Plus! Live
2013-07-11 15:23:49 —-D—- C:\Windows\system32\Tasks
2013-07-11 15:15:20 —-A—- C:\Windows\system32\FlashPlayerApp.exe
2013-07-11 15:12:59 —-A—- C:\ProgramData\hpqp.ini
2013-07-11 14:59:56 —-D—- C:\Windows\Prefetch
2013-07-11 14:53:01 —-SHD—- C:\System Volume Information
2013-06-18 18:37:46 —-D—- C:\Windows\system32\migration
2013-06-18 18:37:46 —-D—- C:\Windows\System32
2013-06-18 18:37:46 —-D—- C:\Program Files\Internet Explorer
2013-06-18 18:37:44 —-D—- C:\Windows\system32\nl-NL
2013-06-18 16:46:51 —-A—- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys
R3 usbvideo;USB-videoapparaat (WDM); C:\Windows\System32\Drivers\usbvideo.sys
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys
S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys
S3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys
S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys
S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys
S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys
S3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\Windows\system32\drivers\usbaudio.sys
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
—————–EOF—————–
# AdwCleaner v2.304 - Verslag gemaakt op 11/07/2013 om 15:02:07
# Geactualiseerd op 03/07/2013 door Xplode
# Besturingssysteem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Gebruiker : marcel - PC_VAN_MARCEL
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\marcel\Desktop\adwcleaner.exe
# Optie
***** *****
***** *****
File Verwijderd : C:\Users\marcel\AppData\Local\Temp\Uninstall.exe
Map Verwijderd : C:\Program Files\Conduit
Map Verwijderd : C:\Program Files\ConduitEngine
Map Verwijderd : C:\Program Files\Messenger_Plus_Live_Netherlands
Map Verwijderd : C:\ProgramData\AVG Security Toolbar
Map Verwijderd : C:\Users\marcel\AppData\LocalLow\AVG Security Toolbar
Map Verwijderd : C:\Users\marcel\AppData\LocalLow\Conduit
Map Verwijderd : C:\Users\marcel\AppData\LocalLow\ConduitEngine
Map Verwijderd : C:\Users\marcel\AppData\LocalLow\Messenger_Plus_Live_Netherlands
Map Verwijderd : C:\Users\marcel\AppData\LocalLow\PriceGong
***** *****
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Conduit
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\conduitEngine
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Messenger_Plus_Live_Netherlands
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\PriceGong
Sleutel Verwijderd : HKCU\Software\AppDataLow\Toolbar
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask.com Search Assistant
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Messenger_Plus_Live_Netherlands Toolbar
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2AB2732-A124-4FB2-8DA5-4A6A9E379331}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E9DE51A-2870-4F1A-968B-E906533AD1B6}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2AB2732-A124-4FB2-8DA5-4A6A9E379331}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijderd : HKCU\Software\Softonic
Sleutel Verwijderd : HKCU\Software\YahooPartnerToolbar
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{2E9DE51A-2870-4F1A-968B-E906533AD1B6}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{D2AB2732-A124-4FB2-8DA5-4A6A9E379331}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Conduit.Engine
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT2567693
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Sleutel Verwijderd : HKLM\Software\Conduit
Sleutel Verwijderd : HKLM\Software\conduitEngine
Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Sleutel Verwijderd : HKLM\Software\Messenger_Plus_Live_Netherlands
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C44F7FC-0F34-4AAF-81C5-1418906CAA83}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA1D09B6-920D-42E1-A991-31CCC660A5CB}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2AB2732-A124-4FB2-8DA5-4A6A9E379331}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E9DE51A-2870-4F1A-968B-E906533AD1B6}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger_Plus_Live_Netherlands Toolbar
Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
***** *****
-\\ Internet Explorer v8.0.6001.19437
Het register bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner.txt - ##########
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.07.11.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19437
marcel :: PC_VAN_MARCEL
11-7-2013 15:34:43
mbam-log-2013-07-11 (15-34-43).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 206794
Verstreken tijd: 21 minuut/minuten, 25 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Ben

11-07-2013 19:16

Hallo,
Download zoek.exe naar het bureaublad.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
* Dubbelklik op Zoek.exe om de tool te starten.
* Kopieer nu het onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
firefoxlook;
chromelook;
standardsearch;
{2bae58c2-79f9-45d1-a286-81f911301c3a};c
{46735dee-f862-49d1-876d-6382794dc625};c
resethosts;
filesrcm;
autoclean;
startupall;
*Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post nu de inhoud van het geopende logje in het volgende bericht.
Gr.Ben
marcelS

11-07-2013 20:04

gedaan
Zoek.exe Version 4.0.0.4 Updated 10-July-2013
Tool run by marcel on do 11-07-2013 at 19:37:25,73.
Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
==== System Restore Info ======================
11-7-2013 19:38:37 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4121608466-1781277045-2440283951-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2bae58c2-79f9-45d1-a286-81f911301c3a} deleted successfully
HKEY_USERS\S-1-5-21-4121608466-1781277045-2440283951-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2bae58c2-79f9-45d1-a286-81f911301c3a} deleted successfully
HKEY_USERS\S-1-5-21-4121608466-1781277045-2440283951-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{46735dee-f862-49d1-876d-6382794dc625} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-4121608466-1781277045-2440283951-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{2bae58c2-79f9-45d1-a286-81f911301c3a} deleted successfully
HKEY_USERS\S-1-5-21-4121608466-1781277045-2440283951-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{46735dee-f862-49d1-876d-6382794dc625} deleted successfully
==== Running Processes ======================
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SMINST\BLService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\conime.exe
C:\Users\marcel\Documents\Downloads\zoek.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
“C:\ProgramData\hpqp.txt” deleted
“C:\Users\marcel\AppData\Roaming\Teavka\nuoxm.ycs” deleted
“C:\Users\marcel\AppData\Roaming\AVG8” deleted
“C:\Users\marcel\AppData\Roaming\Foce” deleted
“C:\Users\marcel\AppData\Roaming\Okivy” deleted
“C:\Users\marcel\AppData\Roaming\Teavka” deleted
==== System Specs ======================
Windows: Windows Vista Home Basic Edition Service Pack 2 (Build 6002)
Memory (RAM): 955 MB
CPU Info: Genuine Intel(R) CPU T1600 @ 1.66GHz
CPU Speed: 614,8 MHz
Sound Card: Luidsprekers (Conexant High Def |
Display Adapters: Mobile Intel(R) 4 Series Express Chipset Family | Mobile Intel(R) 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver
Monitors: 1x; Algemeen PnP-beeldscherm |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Atheros AR5007 802.11b/g WiFi Adapter | Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
CD / DVD Drives: 1x (E: | ) E: SlimtypeDVD A DS8A2L-A
Ports: COM3 LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 139,2GB | D: 9,9GB
Hard Disks - Free: C: 83,3GB | D: 1,4GB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE | 02/04/09 | HPQOEM - 1
Time Zone: West-Europa (standaardtijd)
Motherboard *: Wistron 3612
Internet Explorer Version: 8.0.6001.19437
Sun Java version: 1.7.0_25
Country: Nederland
Language: NLD
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\marcel\AppData\Local\Temp ====
2013-07-11 13:25:26 6789EB507A7EC6C9BCDF413CFF426938 886680 —-a-w- C:\Users\marcel\AppData\Local\Temp\MsgPlusUninstall.exe
====== C:\Windows\system32 =====
2013-07-11 17:08:35 1D9B3568CFDB55316985A053D6D96030 94632 —-a-w- C:\Windows\System32\WindowsAccessBridge.dll
====== C:\Windows\system32\drivers =====
2013-06-16 18:40:29 078218D74C4EFC2CE7E4C6DF22A94F2F 914792 —-a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-16 18:40:28 4C11A1820DDC37FA653913AD680ACCAE 31232 —-a-w- C:\Windows\System32\drivers\tcpipreg.sys
====== C:\Windows\Tasks ======
2013-07-11 13:23:49 A53C21B00447780463404D2B69DEE6C5 3034 —-a-w- C:\Windows\system32\Tasks\{920B0703-1ED2-4504-A12A-1C807BA9B69F}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-07-11 16:45:56 ——– d—–w- C:\Program Files\trend micro
2013-07-11 14:33:16 ——– d—–w- C:\Program Files\ESET
======= C: =====
2013-07-11 13:02:07 C31B8FC0BA53B8DCED6ADD46B7CF6BA9 6900 —-a-w- C:\AdwCleaner.txt
====== C:\Users\marcel\AppData\Roaming ======
====== C:\Users\marcel ======
2013-07-11 13:56:53 ——– d—–w- C:\ProgramData\Messenger Plus!
2013-07-11 12:54:35 1078C8BD8C62CF4DEE6FE1058C3D56A7 650027 —-a-w- C:\Users\marcel\Desktop\adwcleaner.exe
====== C: exe-files ==
2013-07-11 16:45:56 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\marcel.exe
2013-07-11 16:44:57 69CA82A7482A00D8EE063D2B97FC4338 781383 —-a-w- C:\Users\marcel\Documents\Downloads\RSIT.exe
2013-07-11 14:33:17 6D4ED8A5C071F29730A6F0B943FEEA3A 122584 —-a-w- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2013-07-11 13:25:26 6789EB507A7EC6C9BCDF413CFF426938 886680 —-a-w- C:\Users\marcel\AppData\Local\Temp\MsgPlusUninstall.exe
2013-07-11 12:54:35 1078C8BD8C62CF4DEE6FE1058C3D56A7 650027 —-a-w- C:\Users\marcel\Desktop\adwcleaner.exe
=== C: other files ==
2013-07-11 13:56:49 4CC5F8E7803D6E5F06D581EC92E21997 1710 —-a-w- C:\Users\marcel\AppData\Local\Temp\MsgPlusUninst.bat
==== Startup Registry Enabled ======================
“WindowsWelcomeCenter”=“rundll32.exe oobefldr.dll,ShowWelcomeCenter”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /detectMem”
“WindowsWelcomeCenter”=“rundll32.exe oobefldr.dll,ShowWelcomeCenter”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /detectMem”
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe”
“IgfxTray”=“C:\Windows\system32\igfxtray.exe”
“HotKeysCmds”=“C:\Windows\system32\hkcmd.exe”
“Persistence”=“C:\Windows\system32\igfxpers.exe”
“MSC”=“c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”
“SunJavaUpdateSched”=“C:\Program Files\Common Files\Java\Java Update\jusched.exe”
“Windows Defender”=“%ProgramFiles%\Windows Defender\MSASCui.exe -hide”
==== Startup Registry Disabled ======================
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Adobe Reader Speed Launcher”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Goyskia”
“hkey”=“HKCU”
“command”=“C:\\Users\\marcel\\AppData\\Roaming\\Okivy\\ykeho.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“HP Health Check Scheduler”
“hkey”=“HKLM”
“command”=“c:\\Program Files\\Hewlett-Packard\\HP Health Check\\HPHC_Scheduler.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“HP Software Update”
“hkey”=“HKLM”
“command”=“C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“hpWirelessAssistant”
“hkey”=“HKLM”
“command”=“C:\\Program Files\\Hewlett-Packard\\HP Wireless Assistant\\HPWAMain.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“LightScribe Control Panel”
“hkey”=“HKCU”
“command”=“C:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce”
“item”=“MessengerPlusLiveUninstall”
“hkey”=“HKLM”
“command”=“\”C:\\Users\\marcel\\AppData\\Local\\Temp\\MsgPlusUninstall.exe\“ /Cleanup”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“msnmsgr”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\“ /background”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“QlbCtrl.exe”
“hkey”=“HKLM”
“command”=“C:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe /Start”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“QPService”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\HP\\QuickPlay\\QPService.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“QuickTime Task”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\QuickTime\\QTTask.exe\“ -atboottime”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“SunJavaUpdateSched”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“UCam_Menu”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\CyberLink\\YouCam\\MUITransfer\\MUIStartMenu.exe\“ \”C:\\Program Files\\CyberLink\\YouCam\“ UpdateWithCreateOnce \”Software\\CyberLink\\YouCam\\2.0\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“UpdateP2GoShortCut”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\CyberLink\\Power2Go\\MUITransfer\\MUIStartMenu.exe\“ \”C:\\Program Files\\CyberLink\\Power2Go\“ UpdateWithCreateOnce \”SOFTWARE\\CyberLink\\Power2Go\\6.0\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“UpdatePDIRShortCut”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\CyberLink\\PowerDirector\\MUITransfer\\MUIStartMenu.exe\“ \”C:\\Program Files\\CyberLink\\PowerDirector\“ UpdateWithCreateOnce \”SOFTWARE\\CyberLink\\PowerDirector\\7.0\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“UpdatePSTShortCut”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\CyberLink\\DVD Suite\\MUITransfer\\MUIStartMenu.exe\“ \”C:\\Program Files\\CyberLink\\DVD Suite\“ UpdateWithCreateOnce \”Software\\CyberLink\\PowerStarter\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“WMPNSCFG”
“hkey”=“HKCU”
“command”=“C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe”
“item”=“OneNote 2007 Schermopname en Snel starten”
“path”=“C:\\Users\\marcel\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2007 Schermopname en Snel starten.lnk”
“backup”=“C:\\Windows\\pss\\OneNote 2007 Schermopname en Snel starten.lnk.Startup”
“backupExtension”=“.Startup”
“command”=“C:\\PROGRA~1\\MICROS~2\\Office12\\ONENOTEM.EXE”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.google.com/”
“Default_Page_URL”=“http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Presario&pf=cnnb”
“Start Page”=“http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Presario&pf=cnnb”
“Default_Page_URL”=“http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Presario&pf=cnnb”
New Values:
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Start Page”=“http://www.google.com/”
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url=“http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC”
{1025F6D9-7F15-4FC0-B55F-A3C5AB1D2E5B} Kelkoo Url=“http://nl.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913935”
{147C2DFB-60F2-40B6-B33F-76CF3ACA9666} Yahoo//nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
{B5446023-6B00-47CE-A3A1-DDCF5EEC9DE5} AOL Zoeken Url=“http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1172&query={searchTerms}&invocationType=tb50hpcnnbie7-nl-nl”
==== HijackThis Entries ======================
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\marcel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\marcel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\marcel\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
“C:\Users\marcel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat” not found
==== EOF on do 11-07-2013 at 19:59:05,70 ======================
Ben

11-07-2013 20:09

Hallo,
Hoe draait je pc hierna?
Gr.Ben
marcelS

11-07-2013 20:11

ja perfect
thanks Ben
Ben

11-07-2013 20:13

Hallo,
Dat is mooi (tu)
Download: http://www.bleepingcomputer.com/download/securitycheck/ en sla het op je Bureaublad op.
Start Security Check.
Volg de Instructies in het scherm.
Aan het eind verschijnt een log (checkup.txt) plaats de inhoud ervan in je volgende antwoord.
Gr.Ben
marcelS

11-07-2013 21:20

Results of screen317's Security Check version 0.99.68
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 25
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Ben

12-07-2013 08:22

Hallo,
Update alles wat rood word aangegeven, doe daarna:
Malwarebytes kan je laten staan en één maal in de week (na te hebben geupdate) je pc mee scannen.
Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:
Download
Delfix by Xplode naar het bureaublad.
Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:
Activate UAC
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings
Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.
Mochten er nog tools overgebleven zijn dan kan je die zelf verwijderen.
Gr.Ben
marcelS

12-07-2013 14:34

hoi Ben gedaan wat jij vroeg
groet
Ben

12-07-2013 14:36

Hallo,
Oke dan sluiten we het af bedankt en graag gedaan.
Gr.Ben

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

trage pc en ellende

marcelS

Ben

marcelS

Ben

marcelS

Ben

marcelS

Ben

marcelS

Ben