Volledige versie bekijken : Pc heel traag bij opstart en internetverbinding
lex11 26 October 2012, 11:18 Hallo,
mijn pc is heel langzaam bij opstart en internetverbinding.
moet er wel bij vermelden dat ik windows 7 heb geinstalleerd, die niet meer gebruikt en terug windows xp gebruik; beide systemen staan er dus op.
hier mijn logje
alvast dank
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:15:49, on 26/10/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\AVAST Software\Avast\AvastSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\System32\svchost.exe
D:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\AVAST Software\Avast\avastUI.exe
D:\program files\canon\myprinter\bjmyprt.exe
D:\program files\ati technologies\ati control panel\atiptaxx.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
D:\program files\messenger\msmsgs.exe
D:\WINDOWS\System32\msiexec.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=115293&tt=101012_24_4112_7&babsrc=HP_ss&mntrId=dc2cdfd500000000000022664165b7a4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\s wg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [avast] "D:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] d:\program files\common files\adobe\arm\1.0\adobearm.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] d:\program files\canon\solutionmenu\cnslmain.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] d:\program files\canon\myprinter\bjmyprt.exe /logon
O4 - HKLM\..\Run: [ATIPTA] d:\program files\ati technologies\ati control panel\atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 6.0 Free] 0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O20 - AppInit_DLLs: d:\docume~1\alluse~1\applic~1\browse~1\23765~1.24\ {16cdf~1\browse~1.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - Unknown owner - D:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Browser Manager - Unknown owner - D:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 7062 bytes
EvelineGirl 26 October 2012, 12:32 Hoi,
1.
Download MalwareBytes' Anti-Malware (http://www.malwarebytes.org/mbam/program/mbam-setup.exe) (website (https://store.malwarebytes.org/342/cookie?affiliate=21030&redirectto=http%3A%2F%2Fwww.malwarebytes.org%2Fpro ducts%2Fmalwarebytes_pro)) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:
Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Je krijgt hier ook de keuze om de evaluatie versie van MBAM te gebruiken, indien je dit niet wilt vink dit dan uit.
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Bij problemen!!! (Lees de onderstaande instructies)
Malwarebytes' Anti-Malware Chameleon (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=231&t=5650&p=21861#p21861)
Problemen bij het installeren van Malwarebytes' Anti-Malware (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=207&t=3419)
Problemen bij het updaten van Malwarebytes' Anti-Malware (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=207&t=3420)
Problemen bij het starten van Malwarebytes' Anti-Malware (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=207&t=3421)
Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.
2.
Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
Download AdwCleaner (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner) by Xplode naar het bureaublad.
http://i341.photobucket.com/albums/o365/EvelineGirl/A3qkP9RCEAAOZhQ.jpg
Sluit alle openstaande vensters.
Vista en Windows 7 gebruikers: Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
Voor XP: Gewoon dubbelklikken op AdwCleaner.
Klik vervolgens op Verwijderen.
Klik bij AdwCleaner – Informatie op OK
Klik bij AdwCleaner – Herstarten Noodzakelijk op OK
Dat tijdens de aktie de snelkoppelingen verdwijnen, is normaal.
Nadat de PC opnieuw is opgestart, opent een logfile.
Post aansluitend de inhoud van dit log in je volgende bericht.
3.
Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download (http://download.bleepingcomputer.com/sUBs/dds.com).
DDS - Bleeping Computer download (http://download.bleepingcomputer.com/sUBs/dds.scr).
DDS - Infospyware (http://www.infospyware.net/sUBs/dds).
Schakel je beveiligings software uit voordat je DDS uitvoert!
(hier (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=231&t=5401) of hier (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=231&t=5402)) kan je lezen hoe je dat doet.
Klik met de rechtermuisknop op DDS en kies de optie "Configureren"
http://www.imgdumper.nl/uploads6/507d432a0bedd/507d432a0ab50-dds-b.jpg
Windows Vista en 7 gebruikers zullen een melding van het gebruikersaccountbeheer krijgen, sta hier toe dat DDS wordt uitgevoerd.
Vink in het onderstaande scherm DDS.txt en Attacht.txt aan en klik op "Start Scan"
http://www.imgdumper.nl/uploads6/507d4431dd21c/507d4431d9f57-dds-d.jpg
Nu zal automatisch het volgende scherm verschijnen.
http://www.imgdumper.nl/uploads6/507d44ab93e17/507d44ab8eff2-dds-e.jpg
Als de scan gereed is krijgt u het volgende scherm te zien.
http://www.imgdumper.nl/uploads6/507d44ce8e15a/507d44ce8ae92-dds-f.jpg
Klik hier op "OK" nu zal automatisch het DDS logje geopend worden in kladblok.
Het DDS logje is samen met het attach logje opgeslagen op het bureaublad. (Plaats het attach logje alleen indien hierom wordt gevraagd!)
Post het DDS in het volgende bericht.
lex11 26 October 2012, 13:59 Ziehier het gevraagde
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Databaseversie: v2012.10.26.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Eigenaar :: HILDE [administrator]
26/10/2012 13:36:51
mbam-log-2012-10-26 (13-36-51).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 238416
Verstreken tijd: 10 minuut/minuten, 5 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
# AdwCleaner v2.005 - Verslag gemaakt op 26/10/2012 om 13:53:49
# Geactualiseerd op 14/10/2012 door Xplode
# Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)
# Gebruiker : Eigenaar - HILDE
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : D:\Documents and Settings\Eigenaar\Mijn documenten\Downloads\adwcleaner.exe
# Optie [Zoeken]
***** [Diensten] *****
Aanwezig : Browser Manager
***** [Files / Mappen] *****
Map Aanwezig : D:\Documents and Settings\ALEX\Local Settings\Application Data\Conduit
Map Aanwezig : D:\Documents and Settings\All Users\Application Data\Babylon
Map Aanwezig : D:\Documents and Settings\All Users\Application Data\Browser Manager
Map Aanwezig : D:\Documents and Settings\Eigenaar\Application Data\Babylon
Map Aanwezig : D:\Documents and Settings\Eigenaar\Local Settings\Application Data\Conduit
Map Aanwezig : D:\Documents and Settings\Eigenaar\Menu Start\Programma's\Browser Manager
***** [Register] *****
Data Aanwezig : HKLM\..\Windows [AppInit_DLLs] = d:\docume~1\alluse~1\applic~1\browse~1\23765~1.24\ {16cdf~1\browse~1.dll
Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\Conduit
Sleutel Aanwezig : HKCU\Software\Conduit
Sleutel Aanwezig : HKCU\Software\DataMngr
Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \bProtectSettings
Sleutel Aanwezig : HKCU\Software\SmartBar
Sleutel Aanwezig : HKCU\Software\Softonic
Sleutel Aanwezig : HKLM\Software\Babylon
Sleutel Aanwezig : HKLM\Software\DataMngr
Sleutel Aanwezig : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmp klohkojmllohdhomoefph
Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Waarde Aanwezig : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
***** [Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=115293&tt=101012_24_4112_7&babsrc=HP_ss&mntrId=dc2cdfd500000000000022664165b7a4
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://search.babylon.com/?affID=115293&tt=101012_24_4112_7&babsrc=HP_ss&mntrId=dc2cdfd500000000000022664165b7a4
-\\ Google Chrome v [Onmogelijk de versie te verkrijgen]
File : D:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Aanwezig [l.11] : homepage = "hxxp://search.babylon.com/?affID=115293&tt=101012_24_4112_7&babsrc=HP_ss&mntrId=dc2cdfd500000000000022664165b7a4",
Aanwezig [l.1487] : homepage = "hxxp://search.babylon.com/?affID=115293&tt=101012_24_4112_7&babsrc=HP_ss&mntrId=dc2cdfd500000000000022664165b7a4",
File : D:\Documents and Settings\ALEX\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] De file bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner[R1].txt - [3185 octets] - [26/10/2012 13:53:49]
########## EOF - D:\AdwCleaner[R1].txt - [3245 octets] ##########
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Eigenaar at 13:56:20 on 2012-10-26
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.511.189 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
D:\Program Files\AVAST Software\Avast\AvastSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\AVAST Software\Avast\avastUI.exe
D:\program files\canon\myprinter\bjmyprt.exe
D:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
D:\program files\ati technologies\ati control panel\atiptaxx.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
D:\program files\messenger\msmsgs.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\WINDOWS\notepad.exe
D:\Program Files\Microsoft Office\Office12\WINWORD.EXE
D:\Documents and Settings\Eigenaar\Mijn documenten\Downloads\adwcleaner.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\System32\svchost.exe -k LocalService
D:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=115293&tt=101012_24_4112_7&babsrc=HP_ss&mntrId=dc2cdfd500000000000022664165b7a4
uWindow Title = Microsoft Internet Explorer aangeboden door Telenet Internet
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - d:\program files\google\googletoolbarnotifier\5.7.7529.1424\s wg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [CTFMON.EXE] d:\windows\system32\ctfmon.exe
uRun: [swg] "d:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
uRun: [Wisdom-soft ScreenHunter 6.0 Free] 0
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [avast] "d:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] d:\program files\common files\adobe\arm\1.0\adobearm.exe
mRun: [CanonSolutionMenu] d:\program files\canon\solutionmenu\cnslmain.exe /logon
mRun: [CanonMyPrinter] d:\program files\canon\myprinter\bjmyprt.exe /logon
mRun: [ATIPTA] d:\program files\ati technologies\ati control panel\atiptaxx.exe
mRunOnce: [Malwarebytes Anti-Malware] d:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xporteren naar Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349894763625
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{B6B32A64-9506-480A-9381-2FCE9E52AC62} : DHCPNameServer = 192.168.0.1
.
============= SERVICES / DRIVERS ===============
.
R0 viasraid;viasraid;d:\windows\system32\drivers\vias raid.sys [2012-10-7 77312]
R1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.s ys [2012-10-10 729752]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2012-10-10 355632]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswF sBlk.sys [2012-10-10 21256]
R2 avast! Antivirus;avast! Antivirus;d:\program files\avast software\avast\AvastSvc.exe [2012-10-10 44808]
R2 Browser Manager;Browser Manager;d:\documents and settings\all users\application data\browser manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-14 2203160]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files\iobit\advanced systemcare 5\ascservice.exe --> d:\program files\iobit\advanced systemcare 5\ASCService.exe [?]
S2 gupdate;Google Update-service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2012-10-10 136176]
S3 gupdatem;Google Update-service (gupdatem);d:\program files\google\update\GoogleUpdate.exe [2012-10-10 136176]
S3 WinRM;Windows Remote Management (WS-Management);d:\windows\system32\svchost.exe -k WINRM [2003-4-8 14336]
.
=============== Created Last 30 ================
.
2012-10-26 11:30:10 22856 ----a-w- d:\windows\system32\drivers\mbam.sys
2012-10-26 11:30:08 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2012-10-26 09:15:31 388096 ----a-r- d:\documents and settings\eigenaar\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-10-26 09:15:30 -------- d-----w- d:\program files\Trend Micro
2012-10-26 09:13:21 -------- d--h--r- d:\documents and settings\eigenaar\Onlangs geopend
2012-10-26 08:11:30 -------- d-----w- d:\documents and settings\eigenaar\application data\Malwarebytes
2012-10-26 08:11:08 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
2012-10-24 06:17:31 -------- d-----w- d:\program files\CCleaner
2012-10-24 05:55:07 -------- d-----w- d:\documents and settings\eigenaar\AppData
2012-10-23 18:01:01 -------- d-----w- d:\windows\system32\wbem\repository\FS
2012-10-23 18:01:01 -------- d-----w- d:\windows\system32\wbem\Repository
2012-10-19 05:12:27 -------- d-----w- d:\documents and settings\eigenaar\PrivacIE
2012-10-17 14:40:12 -------- d-----w- d:\windows\system32\winrm
2012-10-17 14:40:12 -------- d-----w- d:\windows\system32\GroupPolicy
2012-10-17 14:40:01 -------- dc-h--w- d:\windows\$968930Uinstall_KB968930$
2012-10-17 14:39:33 14048 ------w- d:\windows\system32\spmsg2.dll
2012-10-15 12:24:34 214256 ----a-w- d:\windows\system32\muweb.dll
2012-10-15 12:24:33 18160 ----a-w- d:\windows\system32\mucltui.dll.mui
2012-10-15 12:24:32 275696 ----a-w- d:\windows\system32\mucltui.dll
2012-10-15 08:38:15 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\Temp
2012-10-15 08:38:15 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\Adobe
2012-10-14 18:28:08 33104 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\msonpppr .dll
2012-10-14 18:28:08 31640 ----a-w- d:\windows\system32\msonpmon.dll
2012-10-14 18:22:48 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\Microsoft Help
2012-10-14 12:10:07 -------- d-----w- d:\windows\system32\Extensions
2012-10-14 12:10:04 -------- d-----w- d:\windows\system32\searchplugins
2012-10-14 12:09:46 -------- d-----w- d:\documents and settings\all users\application data\Browser Manager
2012-10-14 12:09:20 -------- d-----w- d:\documents and settings\all users\application data\Babylon
2012-10-14 12:09:19 -------- d-----w- d:\documents and settings\eigenaar\application data\Babylon
2012-10-13 17:04:09 -------- d-----w- d:\windows\system32\XPSViewer
2012-10-13 17:03:34 89088 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
2012-10-13 17:03:14 89088 -c----w- d:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2012-10-13 17:03:14 597504 -c----w- d:\windows\system32\dllcache\printfilterpipelinesv c.exe
2012-10-13 17:03:14 597504 ------w- d:\windows\system32\spool\prtprocs\w32x86\printfil terpipelinesvc.exe
2012-10-13 17:03:14 575488 -c----w- d:\windows\system32\dllcache\xpsshhdr.dll
2012-10-13 17:03:14 575488 ------w- d:\windows\system32\xpsshhdr.dll
2012-10-13 17:03:14 117760 ------w- d:\windows\system32\prntvpt.dll
2012-10-13 17:03:13 1676288 -c----w- d:\windows\system32\dllcache\xpssvcs.dll
2012-10-13 17:03:13 1676288 ------w- d:\windows\system32\xpssvcs.dll
2012-10-13 07:10:20 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\NeoSmart_Technologies
2012-10-13 07:00:48 -------- d-----w- d:\program files\NeoSmart Technologies
2012-10-13 06:04:39 -------- d-sh--w- d:\documents and settings\eigenaar\IETldCache
2012-10-13 05:27:18 521728 -c----w- d:\windows\system32\dllcache\jsdbgui.dll
2012-10-13 05:24:53 6144 -c----w- d:\windows\system32\dllcache\iecompat.dll
2012-10-13 05:24:07 -------- d-----w- d:\windows\ie8updates
2012-10-13 05:23:24 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll
2012-10-13 05:23:21 630272 -c----w- d:\windows\system32\dllcache\msfeeds.dll
2012-10-13 05:23:21 55296 -c----w- d:\windows\system32\dllcache\msfeedsbs.dll
2012-10-13 05:23:20 2000384 -c----w- d:\windows\system32\dllcache\iertutil.dll
2012-10-13 05:23:19 247808 -c----w- d:\windows\system32\dllcache\ieproxy.dll
2012-10-13 05:23:17 11111424 -c----w- d:\windows\system32\dllcache\ieframe.dll
2012-10-13 05:23:16 743424 -c----w- d:\windows\system32\dllcache\iedvtool.dll
2012-10-13 05:20:49 -------- dc-h--w- d:\windows\ie8
2012-10-12 17:23:05 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\Conduit
2012-10-12 17:22:38 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\CRE
2012-10-12 17:14:09 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\Wisdom-soft
2012-10-12 17:13:51 -------- d-----w- d:\program files\Wisdom-soft ScreenHunter 6.0 Free
2012-10-12 16:58:23 78336 -c----w- d:\windows\system32\dllcache\browser.dll
2012-10-12 16:58:23 78336 ----a-w- d:\windows\system32\SET464.tmp
2012-10-12 16:58:23 337920 -c----w- d:\windows\system32\dllcache\netapi32.dll
2012-10-12 16:58:23 337920 ----a-w- d:\windows\system32\SET463.tmp
2012-10-12 16:57:49 139784 -c----w- d:\windows\system32\dllcache\rdpwd.sys
2012-10-12 16:57:15 604672 -c----w- d:\windows\system32\dllcache\crypt32.dll
2012-10-12 16:57:15 604672 ----a-w- d:\windows\system32\SET45B.tmp
2012-10-12 16:54:06 347136 -c----w- d:\windows\system32\dllcache\localspl.dll
2012-10-12 16:52:53 1172480 -c----w- d:\windows\system32\dllcache\msxml3.dll
2012-10-12 16:52:53 1172480 ----a-w- d:\windows\system32\SET409.tmp
2012-10-12 16:52:21 152576 ------w- d:\windows\system32\SET405.tmp
2012-10-12 16:51:44 8509952 ------w- d:\windows\system32\SET401.tmp
2012-10-12 16:49:53 1866240 -c----w- d:\windows\system32\dllcache\win32k.sys
2012-10-12 16:49:15 177664 -c----w- d:\windows\system32\dllcache\wintrust.dll
2012-10-12 16:49:15 148480 -c----w- d:\windows\system32\dllcache\imagehlp.dll
2012-10-12 16:48:46 3072 -c----w- d:\windows\system32\dllcache\iacenc.dll
2012-10-12 16:48:46 3072 ------w- d:\windows\system32\iacenc.dll
2012-10-12 16:48:17 293888 ------w- d:\windows\system32\SET3DC.tmp
2012-10-12 16:47:47 23040 -c----w- d:\windows\system32\dllcache\mciseq.dll
2012-10-12 16:47:47 179200 -c----w- d:\windows\system32\dllcache\winmm.dll
2012-10-12 16:47:47 179200 ----a-w- d:\windows\system32\SET3D5.tmp
2012-10-12 16:46:48 354816 -c----w- d:\windows\system32\dllcache\winhttp.dll
2012-10-12 16:46:48 354816 ----a-w- d:\windows\system32\SET3CD.tmp
2012-10-12 16:46:16 386560 -c----w- d:\windows\system32\dllcache\qdvd.dll
2012-10-12 16:45:34 60928 -c----w- d:\windows\system32\dllcache\packager.exe
2012-10-12 16:42:27 1288192 ------w- d:\windows\system32\SET3A1.tmp
2012-10-12 16:39:16 456320 -c----w- d:\windows\system32\dllcache\mrxsmb.sys
2012-10-12 16:38:43 10496 -c----w- d:\windows\system32\dllcache\ndistapi.sys
2012-10-12 16:37:59 33280 -c----w- d:\windows\system32\dllcache\csrsrv.dll
2012-10-12 16:37:59 293888 -c----w- d:\windows\system32\dllcache\winsrv.dll
2012-10-12 16:37:10 758784 -c--a-w- d:\windows\system32\dllcache\vgx.dll
2012-10-12 16:36:44 551936 -c----w- d:\windows\system32\dllcache\oleaut32.dll
2012-10-12 16:36:17 105472 -c----w- d:\windows\system32\dllcache\mup.sys
2012-10-12 16:35:49 471552 -c----w- d:\windows\system32\dllcache\aclayers.dll
2012-10-12 16:35:18 45568 -c----w- d:\windows\system32\dllcache\dnsrslvr.dll
2012-10-12 16:35:18 45568 ----a-w- d:\windows\system32\SET342.tmp
2012-10-12 16:35:18 361600 -c----w- d:\windows\system32\dllcache\tcpip.sys
2012-10-12 16:35:18 247296 -c----w- d:\windows\system32\dllcache\mswsock.dll
2012-10-12 16:35:18 247296 ----a-w- d:\windows\system32\SET341.tmp
2012-10-12 16:35:18 149504 -c----w- d:\windows\system32\dllcache\dnsapi.dll
2012-10-12 16:35:18 149504 ----a-w- d:\windows\system32\SET343.tmp
2012-10-12 16:35:18 138496 -c----w- d:\windows\system32\dllcache\afd.sys
2012-10-12 16:34:51 726528 -c--a-w- d:\windows\system32\dllcache\jscript.dll
2012-10-12 16:34:51 512000 ----a-w- d:\windows\system32\SET339.tmp
2012-10-12 16:34:50 420864 -c--a-w- d:\windows\system32\dllcache\vbscript.dll
2012-10-12 16:34:20 290432 -c----w- d:\windows\system32\dllcache\atmfd.dll
2012-10-12 16:33:23 357888 -c----w- d:\windows\system32\dllcache\srv.sys
2012-10-12 16:32:30 677888 -c----w- d:\windows\system32\dllcache\lhmstsc.exe
2012-10-12 16:32:29 2067456 -c----w- d:\windows\system32\dllcache\lhmstscx.dll
2012-10-12 16:32:02 270848 -c----w- d:\windows\system32\dllcache\sbe.dll
2012-10-12 16:32:02 186880 -c----w- d:\windows\system32\dllcache\encdec.dll
2012-10-12 16:31:32 135680 -c----w- d:\windows\system32\dllcache\shsvcs.dll
2012-10-12 16:31:32 135680 ----a-w- d:\windows\system32\SET2FB.tmp
2012-10-12 16:29:55 8509952 -c----w- d:\windows\system32\dllcache\shell32.dll
2012-10-12 16:29:55 441344 -c----w- d:\windows\system32\dllcache\shimgvw.dll
2012-10-12 16:29:30 301568 ------w- d:\windows\system32\SET2D9.tmp
2012-10-12 16:29:02 536576 -c----w- d:\windows\system32\dllcache\msado15.dll
2012-10-12 16:29:02 249856 -c----w- d:\windows\system32\dllcache\odbc32.dll
2012-10-12 16:29:02 249856 ----a-w- d:\windows\system32\SET2B8.tmp
2012-10-12 16:29:02 200704 -c----w- d:\windows\system32\dllcache\msadox.dll
2012-10-12 16:29:02 180224 -c----w- d:\windows\system32\dllcache\msadomd.dll
2012-10-12 16:29:02 143360 -c----w- d:\windows\system32\dllcache\msadco.dll
2012-10-12 16:29:02 102400 -c----w- d:\windows\system32\dllcache\msjro.dll
2012-10-12 16:28:38 40960 -c----w- d:\windows\system32\dllcache\ndproxy.sys
2012-10-12 16:28:16 86016 -c----w- d:\windows\system32\dllcache\isign32.dll
2012-10-12 16:27:52 45568 -c----w- d:\windows\system32\dllcache\wab.exe
2012-10-12 16:27:29 590848 -c----w- d:\windows\system32\dllcache\rpcrt4.dll
2012-10-12 16:27:29 590848 ----a-w- d:\windows\system32\SET2A5.tmp
2012-10-12 16:26:40 978944 -c----w- d:\windows\system32\dllcache\mfc42.dll
2012-10-12 16:26:40 953856 -c----w- d:\windows\system32\dllcache\mfc40u.dll
2012-10-12 16:25:42 617472 -c----w- d:\windows\system32\dllcache\comctl32.dll
2012-10-12 16:25:04 1288192 -c----w- d:\windows\system32\dllcache\ole32.dll
2012-10-12 16:23:53 58880 -c----w- d:\windows\system32\dllcache\spoolsv.exe
2012-10-12 16:23:53 58880 ----a-w- d:\windows\system32\SET273.tmp
2012-10-12 16:23:25 406016 -c----w- d:\windows\system32\dllcache\usp10.dll
2012-10-12 16:23:25 406016 ----a-w- d:\windows\system32\SET26B.tmp
2012-10-12 16:22:59 3558912 -c----w- d:\windows\system32\dllcache\moviemk.exe
2012-10-12 16:21:47 744448 -c----w- d:\windows\system32\dllcache\helpsvc.exe
2012-10-12 16:21:22 65536 -c----w- d:\windows\system32\dllcache\asycfilt.dll
2012-10-12 16:20:36 692736 -c----w- d:\windows\system32\dllcache\inetcomm.dll
2012-10-12 16:20:18 293376 ------w- d:\windows\system32\browserchoice.exe
2012-10-12 16:19:52 226880 -c----w- d:\windows\system32\dllcache\tcpip6.sys
2012-10-12 16:19:52 100864 -c----w- d:\windows\system32\dllcache\6to4svc.dll
2012-10-12 16:19:35 87040 -c----w- d:\windows\system32\dllcache\cabview.dll
2012-10-12 16:18:59 345600 -c----w- d:\windows\system32\dllcache\mspaint.exe
2012-10-12 16:18:36 8704 -c----w- d:\windows\system32\dllcache\tsbyuv.dll
2012-10-12 16:18:36 85504 -c----w- d:\windows\system32\dllcache\avifil32.dll
2012-10-12 16:18:36 48128 -c----w- d:\windows\system32\dllcache\iyuv_32.dll
2012-10-12 16:18:36 11264 -c----w- d:\windows\system32\dllcache\msrle32.dll
2012-10-12 16:18:14 17920 -c----w- d:\windows\system32\dllcache\msyuv.dll
2012-10-12 16:18:13 1296384 -c----w- d:\windows\system32\dllcache\quartz.dll
2012-10-12 16:17:56 474624 -c----w- d:\windows\system32\dllcache\shlwapi.dll
2012-10-12 16:17:56 474624 ----a-w- d:\windows\system32\SET207.tmp
2012-10-12 16:17:37 81920 -c----w- d:\windows\system32\dllcache\fontsub.dll
2012-10-12 16:17:37 119808 -c----w- d:\windows\system32\dllcache\t2embed.dll
2012-10-12 16:16:44 270848 -c----w- d:\windows\system32\dllcache\oakley.dll
2012-10-12 16:16:44 270848 ----a-w- d:\windows\system32\SET1E5.tmp
2012-10-12 16:16:27 79872 -c----w- d:\windows\system32\dllcache\raschap.dll
2012-10-12 16:16:27 79872 ----a-w- d:\windows\system32\SET1DF.tmp
2012-10-12 16:16:27 150016 -c----w- d:\windows\system32\dllcache\rastls.dll
2012-10-12 16:16:27 150016 ----a-w- d:\windows\system32\SET1DE.tmp
2012-10-12 16:14:59 58880 -c----w- d:\windows\system32\dllcache\msasn1.dll
2012-10-12 16:14:59 58880 ----a-w- d:\windows\system32\SET1B6.tmp
2012-10-12 16:14:16 153088 -c----w- d:\windows\system32\dllcache\triedit.dll
2012-10-12 16:14:02 132096 -c----w- d:\windows\system32\dllcache\wkssvc.dll
2012-10-12 16:13:47 205312 -c----w- d:\windows\system32\dllcache\mswebdvd.dll
2012-10-12 16:13:31 79872 -c----w- d:\windows\system32\dllcache\telnet.exe
2012-10-12 16:13:13 58880 -c----w- d:\windows\system32\dllcache\atl.dll
2012-10-12 16:13:13 58880 ----a-w- d:\windows\system32\SET19C.tmp
2012-10-12 16:10:40 331776 -c----w- d:\windows\system32\dllcache\msadce.dll
2012-10-12 16:10:09 272640 -c----w- d:\windows\system32\dllcache\bthport.sys
2012-10-12 16:09:50 203136 -c----w- d:\windows\system32\dllcache\rmcast.sys
2012-10-12 16:09:39 -------- d-----w- d:\windows\system32\PreInstall
2012-10-12 16:09:31 -------- d--h--w- d:\windows\$hf_mig$
2012-10-12 15:56:50 24088 ----a-w- d:\windows\system32\wucltui.dll.mui
2012-10-12 15:56:50 -------- d-----w- d:\windows\system32\SoftwareDistribution
2012-10-12 15:56:49 18456 ----a-w- d:\windows\system32\wuaueng.dll.mui
2012-10-12 15:56:48 15896 ----a-w- d:\windows\system32\wuaucpl.cpl.mui
2012-10-12 15:56:47 15896 ----a-w- d:\windows\system32\wuapi.dll.mui
2012-10-12 15:55:45 22400 ----a-w- d:\windows\system32\RegistryDefragBootTime.exe
2012-10-12 15:48:04 -------- d-----w- d:\documents and settings\all users\application data\IObit
2012-10-12 15:47:48 -------- d-----w- d:\documents and settings\eigenaar\application data\IObit
2012-10-12 15:47:31 -------- d-----w- d:\program files\IObit
2012-10-10 19:21:14 729752 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2012-10-10 19:20:21 41224 ----a-w- d:\windows\avastSS.scr
2012-10-10 19:19:55 -------- d-----w- d:\program files\AVAST Software
2012-10-10 19:19:55 -------- d-----w- d:\documents and settings\all users\application data\AVAST Software
2012-10-10 19:05:59 7168 ------w- d:\windows\system32\bitsprx4.dll
2012-10-10 19:03:55 8192 -c----w- d:\windows\system32\dllcache\asferror.dll
2012-10-10 19:02:21 -------- d-----w- d:\windows\network diagnostic
2012-10-10 19:02:20 144384 ------w- d:\windows\system32\drivers\hdaudbus.sys
2012-10-10 19:02:19 10240 ------w- d:\windows\system32\drivers\sffp_mmc.sys
2012-10-10 18:40:05 -------- d-----w- d:\windows\system32\wbem\AutoRecover
2012-10-10 18:31:03 -------- d-----w- d:\windows\ServicePackFiles
2012-10-10 18:27:51 26144 ----a-w- d:\windows\system32\spupdsvc.exe
2012-10-10 18:25:51 -------- d-----w- d:\windows\EHome
2012-10-10 17:47:12 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\Identities
2012-10-10 17:34:24 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\Google
2012-10-08 10:22:49 -------- d-sh--w- D:\$RECYCLE.BIN
2012-10-07 15:51:53 159744 ----a-r- d:\windows\system32\drivers\Fasttx2k.sys
2012-10-07 15:51:53 118784 ----a-r- d:\windows\system32\ptipbmf.dll
2012-10-07 14:17:07 -------- d-sh--w- d:\documents and settings\eigenaar\UserData
2012-10-07 13:57:16 -------- d--h--w- d:\documents and settings\all users\application data\CanonIJSolutionMenu
2012-10-07 13:57:13 -------- d--h--w- d:\documents and settings\all users\application data\CanonIJMyPrinter
2012-10-07 13:56:58 -------- d-----w- d:\documents and settings\all users\application data\CanonIJPLM
2012-10-07 13:55:39 303104 ----a-w- d:\windows\system32\CNC550L.dll
2012-10-07 13:55:39 110592 ----a-w- d:\windows\system32\CNC550I.dll
2012-10-07 13:55:38 15872 ----a-w- d:\windows\system32\CNHMCA.dll
2012-10-07 13:55:38 15104 ----a-w- d:\windows\system32\drivers\usbscan.sys
2012-10-07 13:55:38 1310720 ----a-w- d:\windows\system32\CNC550C.dll
2012-10-07 13:55:38 106496 ----a-w- d:\windows\system32\CNC550U.dll
2012-10-07 13:55:01 -------- d-----w- d:\program files\common files\CANON
2012-10-07 13:52:36 70656 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\CNMPP9Z. DLL
2012-10-07 13:52:36 27648 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\CNMPD9Z. DLL
2012-10-07 13:52:35 272384 ----a-w- d:\windows\system32\CNMLM9Z.DLL
2012-10-07 13:52:28 90112 ----a-w- d:\windows\system32\CNC550O.dll
2012-10-07 13:52:25 178176 ----a-w- d:\windows\system32\CNMIU9Z.DLL
2012-10-07 13:51:38 -------- d-----w- d:\program files\Canon
2012-10-07 13:18:42 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys
2012-10-07 13:18:32 32128 ----a-w- d:\windows\system32\drivers\usbccgp.sys
.
==================== Find3M ====================
.
2012-10-07 11:36:45 44 ----a-w- d:\windows\system32\msssc.dll
2012-08-30 20:33:49 670208 ----a-w- d:\windows\system32\SET424.tmp
2012-08-30 20:33:49 628736 ----a-w- d:\windows\system32\SET425.tmp
2012-08-30 20:33:49 37888 ----a-w- d:\windows\system32\SET426.tmp
2012-08-30 20:33:49 1510400 ----a-w- d:\windows\system32\SET428.tmp
2012-08-30 20:33:48 3109888 ----a-w- d:\windows\system32\SET42B.tmp
2012-08-30 20:33:47 1025024 ----a-w- d:\windows\system32\SET42D.tmp
2012-08-28 15:17:28 916992 ----a-w- d:\windows\system32\wininet.dll
2012-08-28 15:17:20 43520 ------w- d:\windows\system32\licmgr10.dll
2012-08-28 15:17:19 1469440 ------w- d:\windows\system32\inetcpl.cpl
2012-08-28 12:07:32 385024 ------w- d:\windows\system32\html.iec
2012-08-24 13:53:52 177664 ----a-w- d:\windows\system32\wintrust.dll
2012-08-24 13:53:52 177664 ------w- d:\windows\system32\SET448.tmp
2012-08-23 06:27:36 2197248 ----a-w- d:\windows\system32\ntoskrnl.exe
2012-08-23 06:27:36 2073984 ----a-w- d:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 13:57:10,37 ===========
EvelineGirl 26 October 2012, 14:20 Hoi,
1.
Sluit alle openstaande vensters en start Adwcleaner opnieuw.
Vista en Windows 7 gebruikers: Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
Voor XP: Gewoon dubbelklikken op AdwCleaner.
Klik vervolgens op Verwijderen.
Klik bij AdwCleaner – Informatie op OK
Klik bij AdwCleaner – Herstarten Noodzakelijk op OK.
Na de herstart post je het logje wat je hebt gekregen.
2.
Post een nieuw DDS log ter controle.
lex11 26 October 2012, 14:43 # AdwCleaner v2.005 - Verslag gemaakt op 26/10/2012 om 14:37:22
# Geactualiseerd op 14/10/2012 door Xplode
# Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)
# Gebruiker : Eigenaar - HILDE
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : D:\Documents and Settings\Eigenaar\Mijn documenten\Downloads\adwcleaner.exe
# Optie [Verwijderen]
***** [Diensten] *****
***** [Files / Mappen] *****
Verwijdert bij het opstarten : D:\Documents and Settings\All Users\Application Data\Browser Manager
***** [Register] *****
Data Verwijdert : HKLM\..\Windows [AppInit_DLLs] = d:\docume~1\alluse~1\applic~1\browse~1\23765~1.24\ {16cdf~1\browse~1.dll
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \bProtectSettings
***** [Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Het register bevat geen enkele ongeoorloofde invoer.
-\\ Google Chrome v [Onmogelijk de versie te verkrijgen]
File : D:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] De file bevat geen enkele ongeoorloofde invoer.
File : D:\Documents and Settings\ALEX\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] De file bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner[R1].txt - [3314 octets] - [26/10/2012 13:53:49]
AdwCleaner[R2].txt - [3374 octets] - [26/10/2012 13:54:06]
AdwCleaner[R3].txt - [3438 octets] - [26/10/2012 14:27:46]
AdwCleaner[S2].txt - [3509 octets] - [26/10/2012 14:29:58]
AdwCleaner[S3].txt - [1582 octets] - [26/10/2012 14:37:22]
########## EOF - D:\AdwCleaner[S3].txt - [1642 octets] ##########
EvelineGirl 26 October 2012, 15:16 Nu nog een nieuw DDS logje aub.
lex11 26 October 2012, 15:25 DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Eigenaar at 15:23:53 on 2012-10-26
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.511.127 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
D:\Program Files\AVAST Software\Avast\AvastSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\AVAST Software\Avast\avastUI.exe
D:\program files\canon\myprinter\bjmyprt.exe
D:\program files\ati technologies\ati control panel\atiptaxx.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
D:\program files\messenger\msmsgs.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\System32\svchost.exe -k LocalService
D:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Microsoft Internet Explorer aangeboden door Telenet Internet
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - d:\program files\google\googletoolbarnotifier\5.7.7529.1424\s wg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [CTFMON.EXE] d:\windows\system32\ctfmon.exe
uRun: [swg] "d:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
uRun: [Wisdom-soft ScreenHunter 6.0 Free] 0
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [avast] "d:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] d:\program files\common files\adobe\arm\1.0\adobearm.exe
mRun: [CanonSolutionMenu] d:\program files\canon\solutionmenu\cnslmain.exe /logon
mRun: [CanonMyPrinter] d:\program files\canon\myprinter\bjmyprt.exe /logon
mRun: [ATIPTA] d:\program files\ati technologies\ati control panel\atiptaxx.exe
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xporteren naar Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349894763625
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{B6B32A64-9506-480A-9381-2FCE9E52AC62} : DHCPNameServer = 192.168.0.1
.
============= SERVICES / DRIVERS ===============
.
R0 viasraid;viasraid;d:\windows\system32\drivers\vias raid.sys [2012-10-7 77312]
R1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.s ys [2012-10-10 729752]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2012-10-10 355632]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswF sBlk.sys [2012-10-10 21256]
R2 avast! Antivirus;avast! Antivirus;d:\program files\avast software\avast\AvastSvc.exe [2012-10-10 44808]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files\iobit\advanced systemcare 5\ascservice.exe --> d:\program files\iobit\advanced systemcare 5\ASCService.exe [?]
S2 gupdate;Google Update-service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2012-10-10 136176]
S3 gupdatem;Google Update-service (gupdatem);d:\program files\google\update\GoogleUpdate.exe [2012-10-10 136176]
S3 WinRM;Windows Remote Management (WS-Management);d:\windows\system32\svchost.exe -k WINRM [2003-4-8 14336]
.
=============== Created Last 30 ================
.
2012-10-26 13:23:35 -------- d--h--w- d:\windows\PIF
2012-10-26 11:30:10 22856 ----a-w- d:\windows\system32\drivers\mbam.sys
2012-10-26 11:30:08 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2012-10-26 09:15:31 388096 ----a-r- d:\documents and settings\eigenaar\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-10-26 09:15:30 -------- d-----w- d:\program files\Trend Micro
2012-10-26 09:13:21 -------- d--h--r- d:\documents and settings\eigenaar\Onlangs geopend
2012-10-26 08:11:30 -------- d-----w- d:\documents and settings\eigenaar\application data\Malwarebytes
2012-10-26 08:11:08 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
2012-10-24 06:17:31 -------- d-----w- d:\program files\CCleaner
2012-10-24 05:55:07 -------- d-----w- d:\documents and settings\eigenaar\AppData
2012-10-23 18:01:01 -------- d-----w- d:\windows\system32\wbem\repository\FS
2012-10-23 18:01:01 -------- d-----w- d:\windows\system32\wbem\Repository
2012-10-19 05:12:27 -------- d-----w- d:\documents and settings\eigenaar\PrivacIE
2012-10-17 14:40:12 -------- d-----w- d:\windows\system32\winrm
2012-10-17 14:40:12 -------- d-----w- d:\windows\system32\GroupPolicy
2012-10-17 14:40:01 -------- dc-h--w- d:\windows\$968930Uinstall_KB968930$
2012-10-17 14:39:33 14048 ------w- d:\windows\system32\spmsg2.dll
2012-10-15 12:24:34 214256 ----a-w- d:\windows\system32\muweb.dll
2012-10-15 12:24:33 18160 ----a-w- d:\windows\system32\mucltui.dll.mui
2012-10-15 12:24:32 275696 ----a-w- d:\windows\system32\mucltui.dll
2012-10-15 08:38:15 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\Temp
2012-10-15 08:38:15 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\Adobe
2012-10-14 18:28:08 33104 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\msonpppr .dll
2012-10-14 18:28:08 31640 ----a-w- d:\windows\system32\msonpmon.dll
2012-10-14 18:22:48 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\Microsoft Help
2012-10-14 12:10:07 -------- d-----w- d:\windows\system32\Extensions
2012-10-14 12:10:04 -------- d-----w- d:\windows\system32\searchplugins
2012-10-13 17:04:09 -------- d-----w- d:\windows\system32\XPSViewer
2012-10-13 17:03:34 89088 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
2012-10-13 17:03:14 89088 -c----w- d:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2012-10-13 17:03:14 597504 -c----w- d:\windows\system32\dllcache\printfilterpipelinesv c.exe
2012-10-13 17:03:14 597504 ------w- d:\windows\system32\spool\prtprocs\w32x86\printfil terpipelinesvc.exe
2012-10-13 17:03:14 575488 -c----w- d:\windows\system32\dllcache\xpsshhdr.dll
2012-10-13 17:03:14 575488 ------w- d:\windows\system32\xpsshhdr.dll
2012-10-13 17:03:14 117760 ------w- d:\windows\system32\prntvpt.dll
2012-10-13 17:03:13 1676288 -c----w- d:\windows\system32\dllcache\xpssvcs.dll
2012-10-13 17:03:13 1676288 ------w- d:\windows\system32\xpssvcs.dll
2012-10-13 07:10:20 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\NeoSmart_Technologies
2012-10-13 07:00:48 -------- d-----w- d:\program files\NeoSmart Technologies
2012-10-13 06:04:39 -------- d-sh--w- d:\documents and settings\eigenaar\IETldCache
2012-10-13 05:27:18 521728 -c----w- d:\windows\system32\dllcache\jsdbgui.dll
2012-10-13 05:24:53 6144 -c----w- d:\windows\system32\dllcache\iecompat.dll
2012-10-13 05:24:07 -------- d-----w- d:\windows\ie8updates
2012-10-13 05:23:24 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll
2012-10-13 05:23:21 630272 -c----w- d:\windows\system32\dllcache\msfeeds.dll
2012-10-13 05:23:21 55296 -c----w- d:\windows\system32\dllcache\msfeedsbs.dll
2012-10-13 05:23:20 2000384 -c----w- d:\windows\system32\dllcache\iertutil.dll
2012-10-13 05:23:19 247808 -c----w- d:\windows\system32\dllcache\ieproxy.dll
2012-10-13 05:23:17 11111424 -c----w- d:\windows\system32\dllcache\ieframe.dll
2012-10-13 05:23:16 743424 -c----w- d:\windows\system32\dllcache\iedvtool.dll
2012-10-13 05:20:49 -------- dc-h--w- d:\windows\ie8
2012-10-12 17:22:38 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\CRE
2012-10-12 17:14:09 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\Wisdom-soft
2012-10-12 17:13:51 -------- d-----w- d:\program files\Wisdom-soft ScreenHunter 6.0 Free
2012-10-12 16:58:23 78336 -c----w- d:\windows\system32\dllcache\browser.dll
2012-10-12 16:58:23 78336 ----a-w- d:\windows\system32\SET464.tmp
2012-10-12 16:58:23 337920 -c----w- d:\windows\system32\dllcache\netapi32.dll
2012-10-12 16:58:23 337920 ----a-w- d:\windows\system32\SET463.tmp
2012-10-12 16:57:49 139784 -c----w- d:\windows\system32\dllcache\rdpwd.sys
2012-10-12 16:57:15 604672 -c----w- d:\windows\system32\dllcache\crypt32.dll
2012-10-12 16:57:15 604672 ----a-w- d:\windows\system32\SET45B.tmp
2012-10-12 16:54:06 347136 -c----w- d:\windows\system32\dllcache\localspl.dll
2012-10-12 16:52:53 1172480 -c----w- d:\windows\system32\dllcache\msxml3.dll
2012-10-12 16:52:53 1172480 ----a-w- d:\windows\system32\SET409.tmp
2012-10-12 16:52:21 152576 ------w- d:\windows\system32\SET405.tmp
2012-10-12 16:51:44 8509952 ------w- d:\windows\system32\SET401.tmp
2012-10-12 16:49:53 1866240 -c----w- d:\windows\system32\dllcache\win32k.sys
2012-10-12 16:49:15 177664 -c----w- d:\windows\system32\dllcache\wintrust.dll
2012-10-12 16:49:15 148480 -c----w- d:\windows\system32\dllcache\imagehlp.dll
2012-10-12 16:48:46 3072 -c----w- d:\windows\system32\dllcache\iacenc.dll
2012-10-12 16:48:46 3072 ------w- d:\windows\system32\iacenc.dll
2012-10-12 16:48:17 293888 ------w- d:\windows\system32\SET3DC.tmp
2012-10-12 16:47:47 23040 -c----w- d:\windows\system32\dllcache\mciseq.dll
2012-10-12 16:47:47 179200 -c----w- d:\windows\system32\dllcache\winmm.dll
2012-10-12 16:47:47 179200 ----a-w- d:\windows\system32\SET3D5.tmp
2012-10-12 16:46:48 354816 -c----w- d:\windows\system32\dllcache\winhttp.dll
2012-10-12 16:46:48 354816 ----a-w- d:\windows\system32\SET3CD.tmp
2012-10-12 16:46:16 386560 -c----w- d:\windows\system32\dllcache\qdvd.dll
2012-10-12 16:45:34 60928 -c----w- d:\windows\system32\dllcache\packager.exe
2012-10-12 16:42:27 1288192 ------w- d:\windows\system32\SET3A1.tmp
2012-10-12 16:39:16 456320 -c----w- d:\windows\system32\dllcache\mrxsmb.sys
2012-10-12 16:38:43 10496 -c----w- d:\windows\system32\dllcache\ndistapi.sys
2012-10-12 16:37:59 33280 -c----w- d:\windows\system32\dllcache\csrsrv.dll
2012-10-12 16:37:59 293888 -c----w- d:\windows\system32\dllcache\winsrv.dll
2012-10-12 16:37:10 758784 -c--a-w- d:\windows\system32\dllcache\vgx.dll
2012-10-12 16:36:44 551936 -c----w- d:\windows\system32\dllcache\oleaut32.dll
2012-10-12 16:36:17 105472 -c----w- d:\windows\system32\dllcache\mup.sys
2012-10-12 16:35:49 471552 -c----w- d:\windows\system32\dllcache\aclayers.dll
2012-10-12 16:35:18 45568 -c----w- d:\windows\system32\dllcache\dnsrslvr.dll
2012-10-12 16:35:18 45568 ----a-w- d:\windows\system32\SET342.tmp
2012-10-12 16:35:18 361600 -c----w- d:\windows\system32\dllcache\tcpip.sys
2012-10-12 16:35:18 247296 -c----w- d:\windows\system32\dllcache\mswsock.dll
2012-10-12 16:35:18 247296 ----a-w- d:\windows\system32\SET341.tmp
2012-10-12 16:35:18 149504 -c----w- d:\windows\system32\dllcache\dnsapi.dll
2012-10-12 16:35:18 149504 ----a-w- d:\windows\system32\SET343.tmp
2012-10-12 16:35:18 138496 -c----w- d:\windows\system32\dllcache\afd.sys
2012-10-12 16:34:51 726528 -c--a-w- d:\windows\system32\dllcache\jscript.dll
2012-10-12 16:34:51 512000 ----a-w- d:\windows\system32\SET339.tmp
2012-10-12 16:34:50 420864 -c--a-w- d:\windows\system32\dllcache\vbscript.dll
2012-10-12 16:34:20 290432 -c----w- d:\windows\system32\dllcache\atmfd.dll
2012-10-12 16:33:23 357888 -c----w- d:\windows\system32\dllcache\srv.sys
2012-10-12 16:32:30 677888 -c----w- d:\windows\system32\dllcache\lhmstsc.exe
2012-10-12 16:32:29 2067456 -c----w- d:\windows\system32\dllcache\lhmstscx.dll
2012-10-12 16:32:02 270848 -c----w- d:\windows\system32\dllcache\sbe.dll
2012-10-12 16:32:02 186880 -c----w- d:\windows\system32\dllcache\encdec.dll
2012-10-12 16:31:32 135680 -c----w- d:\windows\system32\dllcache\shsvcs.dll
2012-10-12 16:31:32 135680 ----a-w- d:\windows\system32\SET2FB.tmp
2012-10-12 16:29:55 8509952 -c----w- d:\windows\system32\dllcache\shell32.dll
2012-10-12 16:29:55 441344 -c----w- d:\windows\system32\dllcache\shimgvw.dll
2012-10-12 16:29:30 301568 ------w- d:\windows\system32\SET2D9.tmp
2012-10-12 16:29:02 536576 -c----w- d:\windows\system32\dllcache\msado15.dll
2012-10-12 16:29:02 249856 -c----w- d:\windows\system32\dllcache\odbc32.dll
2012-10-12 16:29:02 249856 ----a-w- d:\windows\system32\SET2B8.tmp
2012-10-12 16:29:02 200704 -c----w- d:\windows\system32\dllcache\msadox.dll
2012-10-12 16:29:02 180224 -c----w- d:\windows\system32\dllcache\msadomd.dll
2012-10-12 16:29:02 143360 -c----w- d:\windows\system32\dllcache\msadco.dll
2012-10-12 16:29:02 102400 -c----w- d:\windows\system32\dllcache\msjro.dll
2012-10-12 16:28:38 40960 -c----w- d:\windows\system32\dllcache\ndproxy.sys
2012-10-12 16:28:16 86016 -c----w- d:\windows\system32\dllcache\isign32.dll
2012-10-12 16:27:52 45568 -c----w- d:\windows\system32\dllcache\wab.exe
2012-10-12 16:27:29 590848 -c----w- d:\windows\system32\dllcache\rpcrt4.dll
2012-10-12 16:27:29 590848 ----a-w- d:\windows\system32\SET2A5.tmp
2012-10-12 16:26:40 978944 -c----w- d:\windows\system32\dllcache\mfc42.dll
2012-10-12 16:26:40 953856 -c----w- d:\windows\system32\dllcache\mfc40u.dll
2012-10-12 16:25:42 617472 -c----w- d:\windows\system32\dllcache\comctl32.dll
2012-10-12 16:25:04 1288192 -c----w- d:\windows\system32\dllcache\ole32.dll
2012-10-12 16:23:53 58880 -c----w- d:\windows\system32\dllcache\spoolsv.exe
2012-10-12 16:23:53 58880 ----a-w- d:\windows\system32\SET273.tmp
2012-10-12 16:23:25 406016 -c----w- d:\windows\system32\dllcache\usp10.dll
2012-10-12 16:23:25 406016 ----a-w- d:\windows\system32\SET26B.tmp
2012-10-12 16:22:59 3558912 -c----w- d:\windows\system32\dllcache\moviemk.exe
2012-10-12 16:21:47 744448 -c----w- d:\windows\system32\dllcache\helpsvc.exe
2012-10-12 16:21:22 65536 -c----w- d:\windows\system32\dllcache\asycfilt.dll
2012-10-12 16:20:36 692736 -c----w- d:\windows\system32\dllcache\inetcomm.dll
2012-10-12 16:20:18 293376 ------w- d:\windows\system32\browserchoice.exe
2012-10-12 16:19:52 226880 -c----w- d:\windows\system32\dllcache\tcpip6.sys
2012-10-12 16:19:52 100864 -c----w- d:\windows\system32\dllcache\6to4svc.dll
2012-10-12 16:19:35 87040 -c----w- d:\windows\system32\dllcache\cabview.dll
2012-10-12 16:18:59 345600 -c----w- d:\windows\system32\dllcache\mspaint.exe
2012-10-12 16:18:36 8704 -c----w- d:\windows\system32\dllcache\tsbyuv.dll
2012-10-12 16:18:36 85504 -c----w- d:\windows\system32\dllcache\avifil32.dll
2012-10-12 16:18:36 48128 -c----w- d:\windows\system32\dllcache\iyuv_32.dll
2012-10-12 16:18:36 11264 -c----w- d:\windows\system32\dllcache\msrle32.dll
2012-10-12 16:18:14 17920 -c----w- d:\windows\system32\dllcache\msyuv.dll
2012-10-12 16:18:13 1296384 -c----w- d:\windows\system32\dllcache\quartz.dll
2012-10-12 16:17:56 474624 -c----w- d:\windows\system32\dllcache\shlwapi.dll
2012-10-12 16:17:56 474624 ----a-w- d:\windows\system32\SET207.tmp
2012-10-12 16:17:37 81920 -c----w- d:\windows\system32\dllcache\fontsub.dll
2012-10-12 16:17:37 119808 -c----w- d:\windows\system32\dllcache\t2embed.dll
2012-10-12 16:16:44 270848 -c----w- d:\windows\system32\dllcache\oakley.dll
2012-10-12 16:16:44 270848 ----a-w- d:\windows\system32\SET1E5.tmp
2012-10-12 16:16:27 79872 -c----w- d:\windows\system32\dllcache\raschap.dll
2012-10-12 16:16:27 79872 ----a-w- d:\windows\system32\SET1DF.tmp
2012-10-12 16:16:27 150016 -c----w- d:\windows\system32\dllcache\rastls.dll
2012-10-12 16:16:27 150016 ----a-w- d:\windows\system32\SET1DE.tmp
2012-10-12 16:14:59 58880 -c----w- d:\windows\system32\dllcache\msasn1.dll
2012-10-12 16:14:59 58880 ----a-w- d:\windows\system32\SET1B6.tmp
2012-10-12 16:14:16 153088 -c----w- d:\windows\system32\dllcache\triedit.dll
2012-10-12 16:14:02 132096 -c----w- d:\windows\system32\dllcache\wkssvc.dll
2012-10-12 16:13:47 205312 -c----w- d:\windows\system32\dllcache\mswebdvd.dll
2012-10-12 16:13:31 79872 -c----w- d:\windows\system32\dllcache\telnet.exe
2012-10-12 16:13:13 58880 -c----w- d:\windows\system32\dllcache\atl.dll
2012-10-12 16:13:13 58880 ----a-w- d:\windows\system32\SET19C.tmp
2012-10-12 16:10:40 331776 -c----w- d:\windows\system32\dllcache\msadce.dll
2012-10-12 16:10:09 272640 -c----w- d:\windows\system32\dllcache\bthport.sys
2012-10-12 16:09:50 203136 -c----w- d:\windows\system32\dllcache\rmcast.sys
2012-10-12 16:09:39 -------- d-----w- d:\windows\system32\PreInstall
2012-10-12 16:09:31 -------- d--h--w- d:\windows\$hf_mig$
2012-10-12 15:56:50 24088 ----a-w- d:\windows\system32\wucltui.dll.mui
2012-10-12 15:56:50 -------- d-----w- d:\windows\system32\SoftwareDistribution
2012-10-12 15:56:49 18456 ----a-w- d:\windows\system32\wuaueng.dll.mui
2012-10-12 15:56:48 15896 ----a-w- d:\windows\system32\wuaucpl.cpl.mui
2012-10-12 15:56:47 15896 ----a-w- d:\windows\system32\wuapi.dll.mui
2012-10-12 15:55:45 22400 ----a-w- d:\windows\system32\RegistryDefragBootTime.exe
2012-10-12 15:48:04 -------- d-----w- d:\documents and settings\all users\application data\IObit
2012-10-12 15:47:48 -------- d-----w- d:\documents and settings\eigenaar\application data\IObit
2012-10-12 15:47:31 -------- d-----w- d:\program files\IObit
2012-10-10 19:21:14 729752 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2012-10-10 19:20:21 41224 ----a-w- d:\windows\avastSS.scr
2012-10-10 19:19:55 -------- d-----w- d:\program files\AVAST Software
2012-10-10 19:19:55 -------- d-----w- d:\documents and settings\all users\application data\AVAST Software
2012-10-10 19:05:59 7168 ------w- d:\windows\system32\bitsprx4.dll
2012-10-10 19:03:55 8192 -c----w- d:\windows\system32\dllcache\asferror.dll
2012-10-10 19:02:21 -------- d-----w- d:\windows\network diagnostic
2012-10-10 19:02:20 144384 ------w- d:\windows\system32\drivers\hdaudbus.sys
2012-10-10 19:02:19 10240 ------w- d:\windows\system32\drivers\sffp_mmc.sys
2012-10-10 18:40:05 -------- d-----w- d:\windows\system32\wbem\AutoRecover
2012-10-10 18:31:03 -------- d-----w- d:\windows\ServicePackFiles
2012-10-10 18:27:51 26144 ----a-w- d:\windows\system32\spupdsvc.exe
2012-10-10 18:25:51 -------- d-----w- d:\windows\EHome
2012-10-10 17:47:12 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\Identities
2012-10-10 17:34:24 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\Google
2012-10-08 10:22:49 -------- d-sh--w- D:\$RECYCLE.BIN
2012-10-07 15:51:53 159744 ----a-r- d:\windows\system32\drivers\Fasttx2k.sys
2012-10-07 15:51:53 118784 ----a-r- d:\windows\system32\ptipbmf.dll
2012-10-07 14:17:07 -------- d-sh--w- d:\documents and settings\eigenaar\UserData
2012-10-07 13:57:16 -------- d--h--w- d:\documents and settings\all users\application data\CanonIJSolutionMenu
2012-10-07 13:57:13 -------- d--h--w- d:\documents and settings\all users\application data\CanonIJMyPrinter
2012-10-07 13:56:58 -------- d-----w- d:\documents and settings\all users\application data\CanonIJPLM
2012-10-07 13:55:39 303104 ----a-w- d:\windows\system32\CNC550L.dll
2012-10-07 13:55:39 110592 ----a-w- d:\windows\system32\CNC550I.dll
2012-10-07 13:55:38 15872 ----a-w- d:\windows\system32\CNHMCA.dll
2012-10-07 13:55:38 15104 ----a-w- d:\windows\system32\drivers\usbscan.sys
2012-10-07 13:55:38 1310720 ----a-w- d:\windows\system32\CNC550C.dll
2012-10-07 13:55:38 106496 ----a-w- d:\windows\system32\CNC550U.dll
2012-10-07 13:55:01 -------- d-----w- d:\program files\common files\CANON
2012-10-07 13:52:36 70656 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\CNMPP9Z. DLL
2012-10-07 13:52:36 27648 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\CNMPD9Z. DLL
2012-10-07 13:52:35 272384 ----a-w- d:\windows\system32\CNMLM9Z.DLL
2012-10-07 13:52:28 90112 ----a-w- d:\windows\system32\CNC550O.dll
2012-10-07 13:52:25 178176 ----a-w- d:\windows\system32\CNMIU9Z.DLL
2012-10-07 13:51:38 -------- d-----w- d:\program files\Canon
2012-10-07 13:18:42 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys
2012-10-07 13:18:32 32128 ----a-w- d:\windows\system32\drivers\usbccgp.sys
.
==================== Find3M ====================
.
2012-10-07 11:36:45 44 ----a-w- d:\windows\system32\msssc.dll
2012-08-30 20:33:49 670208 ----a-w- d:\windows\system32\SET424.tmp
2012-08-30 20:33:49 628736 ----a-w- d:\windows\system32\SET425.tmp
2012-08-30 20:33:49 37888 ----a-w- d:\windows\system32\SET426.tmp
2012-08-30 20:33:49 1510400 ----a-w- d:\windows\system32\SET428.tmp
2012-08-30 20:33:48 3109888 ----a-w- d:\windows\system32\SET42B.tmp
2012-08-30 20:33:47 1025024 ----a-w- d:\windows\system32\SET42D.tmp
2012-08-28 15:17:28 916992 ----a-w- d:\windows\system32\wininet.dll
2012-08-28 15:17:20 43520 ------w- d:\windows\system32\licmgr10.dll
2012-08-28 15:17:19 1469440 ------w- d:\windows\system32\inetcpl.cpl
2012-08-28 12:07:32 385024 ------w- d:\windows\system32\html.iec
2012-08-24 13:53:52 177664 ----a-w- d:\windows\system32\wintrust.dll
2012-08-24 13:53:52 177664 ------w- d:\windows\system32\SET448.tmp
2012-08-23 06:27:36 2197248 ----a-w- d:\windows\system32\ntoskrnl.exe
2012-08-23 06:27:36 2073984 ----a-w- d:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 15:24:40,54 ===============
EvelineGirl 26 October 2012, 16:20 Hoi,
Dat moet al een berg schelen denk ik maar we zijn er nog niet helemaal.
1.
Download ComboFix van één van deze locaties:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) kunt u lezen hoe u Combofix dient te gebruiken.
1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
* (hier (http://www.bleepingcomputer.com/forums/topic114351.html) of hier (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) staat een handleiding over hoe je deze kan uitschakelen
2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.
* Noot !!! Als er een error wordt getoond met de melding "Er is geprobeert een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering" of "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.
5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt of c:/combofix/combofix.txt) in je volgende bericht.
lex11 26 October 2012, 17:58 ComboFix 12-10-26.03 - Eigenaar 26/10/2012 17:39:24.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.511.128 [GMT 2:00]
Gestart vanuit: D:\Documents and Settings\Eigenaar\Mijn documenten\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
D:\Documents and Settings\Eigenaar\WINDOWS
D:\WINDOWS\system32\_000006_.tmp.dll
D:\WINDOWS\system32\_000007_.tmp.dll
D:\WINDOWS\system32\_000008_.tmp.dll
D:\WINDOWS\system32\_000009_.tmp.dll
D:\WINDOWS\system32\_000010_.tmp.dll
D:\WINDOWS\system32\_000011_.tmp.dll
D:\WINDOWS\system32\_000015_.tmp.dll
D:\WINDOWS\system32\_000019_.tmp.dll
D:\WINDOWS\system32\_000020_.tmp.dll
D:\WINDOWS\system32\_000021_.tmp.dll
D:\WINDOWS\system32\_000022_.tmp.dll
D:\WINDOWS\system32\dllcache\wmpvis.dll
D:\WINDOWS\system32\drivers\etc\hosts.ics
D:\WINDOWS\system32\msssc.dll
D:\WINDOWS\system32\SET166.tmp
D:\WINDOWS\system32\SET19C.tmp
D:\WINDOWS\system32\SET1B6.tmp
D:\WINDOWS\system32\SET1C4.tmp
D:\WINDOWS\system32\SET1C5.tmp
D:\WINDOWS\system32\SET1C7.tmp
D:\WINDOWS\system32\SET1DE.tmp
D:\WINDOWS\system32\SET1DF.tmp
D:\WINDOWS\system32\SET1E5.tmp
D:\WINDOWS\system32\SET207.tmp
D:\WINDOWS\system32\SET246.tmp
D:\WINDOWS\system32\SET26B.tmp
D:\WINDOWS\system32\SET273.tmp
D:\WINDOWS\system32\SET2A5.tmp
D:\WINDOWS\system32\SET2B8.tmp
D:\WINDOWS\system32\SET2D9.tmp
D:\WINDOWS\system32\SET2FB.tmp
D:\WINDOWS\system32\SET314.tmp
D:\WINDOWS\system32\SET339.tmp
D:\WINDOWS\system32\SET341.tmp
D:\WINDOWS\system32\SET342.tmp
D:\WINDOWS\system32\SET343.tmp
D:\WINDOWS\system32\SET397.tmp
D:\WINDOWS\system32\SET398.tmp
D:\WINDOWS\system32\SET399.tmp
D:\WINDOWS\system32\SET3A1.tmp
D:\WINDOWS\system32\SET3CD.tmp
D:\WINDOWS\system32\SET3D5.tmp
D:\WINDOWS\system32\SET3DC.tmp
D:\WINDOWS\system32\SET401.tmp
D:\WINDOWS\system32\SET405.tmp
D:\WINDOWS\system32\SET409.tmp
D:\WINDOWS\system32\SET424.tmp
D:\WINDOWS\system32\SET425.tmp
D:\WINDOWS\system32\SET426.tmp
D:\WINDOWS\system32\SET428.tmp
D:\WINDOWS\system32\SET42B.tmp
D:\WINDOWS\system32\SET42D.tmp
D:\WINDOWS\system32\SET448.tmp
D:\WINDOWS\system32\SET45B.tmp
D:\WINDOWS\system32\SET463.tmp
D:\WINDOWS\system32\SET464.tmp
Besmet exemplaar van D:\WINDOWS\system32\userinit.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - D:\WINDOWS\ServicePackFiles\i386\userinit.exe
(((((((((((((((((((( Bestanden Gemaakt van 2012-09-26 to 2012-10-26 ))))))))))))))))))))))))))))))
2012-10-14 18:21:34 . 2012-10-14 18:21:34 -------- d-----r- D:\MSOCache
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2012-08-28 15:17:28 . 2003-04-08 12:00:00 916992 ----a-w- D:\WINDOWS\system32\wininet.dll
2012-08-28 15:17:20 . 2003-04-08 12:00:00 43520 ------w- D:\WINDOWS\system32\licmgr10.dll
2012-08-28 15:17:19 . 2003-04-08 12:00:00 1469440 ------w- D:\WINDOWS\system32\inetcpl.cpl
2012-08-24 13:53:52 . 2003-04-08 12:00:00 177664 ----a-w- D:\WINDOWS\system32\wintrust.dll
2012-08-23 06:27:36 . 2003-04-08 12:00:00 2197248 ----a-w- D:\WINDOWS\system32\ntoskrnl.exe
2012-08-23 06:27:36 . 2002-09-09 13:17:46 2073984 ----a-w- D:\WINDOWS\system32\ntkrnlpa.exe
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12:09 121528 ----a-w- D:\Program Files\AVAST Software\Avast\ashShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Wisdom-soft ScreenHunter 6.0 Free"="0" [X]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2012-10-10 19:23:00 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 07:06:56 118784]
"avast"="D:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-08-21 09:12:26 4282728]
"Adobe ARM"="d:\program files\common files\adobe\arm\1.0\adobearm.exe" [2012-07-27 20:51:26 919008]
"CanonSolutionMenu"="d:\program files\canon\solutionmenu\cnslmain.exe" [2009-03-18 00:40:00 767312]
"CanonMyPrinter"="d:\program files\canon\myprinter\bjmyprt.exe" [2009-07-27 02:10:00 1983816]
"ATIPTA"="d:\program files\ati technologies\ati control panel\atiptaxx.exe" [2003-06-25 13:30:00 335872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 20:32:54 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
R0 viasraid;viasraid;D:\WINDOWS\system32\drivers\vias raid.sys [7/10/2012 13:36:31 77312]
R1 aswSnx;aswSnx;D:\WINDOWS\system32\drivers\aswSnx.s ys [10/10/2012 21:21:14 729752]
R1 aswSP;aswSP;D:\WINDOWS\system32\drivers\aswSP.sys [10/10/2012 21:21:17 355632]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\drivers\aswF sBlk.sys [10/10/2012 21:21:18 21256]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;D:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe --> D:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [?]
S2 gupdate;Google Update-service (gupdate);D:\Program Files\Google\Update\GoogleUpdate.exe [10/10/2012 21:21:22 136176]
S3 gupdatem;Google Update-service (gupdatem);D:\Program Files\Google\Update\GoogleUpdate.exe [10/10/2012 21:21:22 136176]
--- Andere Services/Drivers In Geheugen ---
*NewlyCreated* - WS2IFSL
Inhoud van de 'Gedeelde Taken' map
2012-10-26 D:\WINDOWS\Tasks\avast! Emergency Update.job
- D:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-10 19:20:14 . 2012-08-21 09:12:25]
2012-10-26 D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- D:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-10 19:21:22 . 2012-10-10 19:21:21]
2012-10-26 D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- D:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-10 19:21:22 . 2012-10-10 19:21:21]
2012-10-25 D:\WINDOWS\Tasks\User_Feed_Synchronization-{522EE3EE-FD45-42E1-AA2C-ADA2825DEFF1}.job
- D:\WINDOWS\system32\msfeedssync.exe [2009-03-08 02:31:54 . 2009-03-08 02:31:54]
------- Bijkomende Scan -------
uStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-26 17:48:30
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\€–}|ÿÿÿÿÀ•}|ù•9~�*]
"3140110900063D11C8EF10054038389C"="D?\\WINDOWS\\System32\\FM20ENU.DLL"
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(2728)
D:\WINDOWS\system32\webcheck.dll
EvelineGirl 26 October 2012, 19:32 Hoi,
Gestart vanuit: D:\Documents and Settings\Eigenaar\Mijn documenten\Downloads
Volgens de instrusties die ik je gaf stond duidelijk dat je ComboFix op het bureaublad moest zetten.
Verplaats ComboFix naar het bureaublad (je hoeft hem niet opnieuw uit te voeren).
Hoe gaat het nu?
lex11 27 October 2012, 08:51 Is sneller maar nog niet zo snel als vroeger.
zou het te maken hebben met de installatie windows 7
wat was het probleem eigenlijk tot nu toe, heb ik maleware binnengehaald bij het ophalen van servicepack 2 en 3
Alvast veel dank voor de tijd en de moeite!!
Groetjes
EvelineGirl 29 October 2012, 08:47 Een hoop ongewenste troep binnen gehaald in de vorm van toolbars, deze komen vaak mee met gedownloade software.
Next, Next, Volgende.
Lees ook dit eens door: http://www.minatica.be/content/2723-Next-Next-Volgende
En er was een windows bestand geinfecteerd namelijk userinit.exe en deze is vervangen door combofix.
Verder is het moeilijk te zeggen waardoor de traagheid verder door veroorzaakt wordt maar daar kunnen we nog wel het een en ander aan proberen te veranderen.
Wil je me nu als eerste even een nieuw DDS logje geven?
Weet je hoeveel RAM geheugen er in de computer zit?
lex11 29 October 2012, 17:30 DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Eigenaar at 16:25:15 on 2012-10-29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.511.119 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
D:\Program Files\AVAST Software\Avast\AvastSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\AVAST Software\Avast\avastUI.exe
D:\program files\canon\myprinter\bjmyprt.exe
D:\program files\ati technologies\ati control panel\atiptaxx.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\system32\svchost.exe -k DcomLaunch
D:\WINDOWS\system32\svchost.exe -k rpcss
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\svchost.exe -k netsvcs
D:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - d:\program files\google\googletoolbarnotifier\5.7.7529.1424\s wg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [swg] "d:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [Wisdom-soft ScreenHunter 6.0 Free] 0
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [avast] "d:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] d:\program files\common files\adobe\arm\1.0\adobearm.exe
mRun: [CanonSolutionMenu] d:\program files\canon\solutionmenu\cnslmain.exe /logon
mRun: [CanonMyPrinter] d:\program files\canon\myprinter\bjmyprt.exe /logon
mRun: [ATIPTA] d:\program files\ati technologies\ati control panel\atiptaxx.exe
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xporteren naar Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349894763625
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{B6B32A64-9506-480A-9381-2FCE9E52AC62} : DHCPNameServer = 192.168.0.1
.
============= SERVICES / DRIVERS ===============
.
R0 viasraid;viasraid;d:\windows\system32\drivers\vias raid.sys [2012-10-7 77312]
R1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.s ys [2012-10-10 729752]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2012-10-10 355632]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswF sBlk.sys [2012-10-10 21256]
R2 avast! Antivirus;avast! Antivirus;d:\program files\avast software\avast\AvastSvc.exe [2012-10-10 44808]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files\iobit\advanced systemcare 5\ascservice.exe --> d:\program files\iobit\advanced systemcare 5\ASCService.exe [?]
S2 gupdate;Google Update-service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2012-10-10 136176]
S3 gupdatem;Google Update-service (gupdatem);d:\program files\google\update\GoogleUpdate.exe [2012-10-10 136176]
S3 WinRM;Windows Remote Management (WS-Management);d:\windows\system32\svchost.exe -k WINRM [2003-4-8 14336]
.
=============== Created Last 30 ================
.
2012-10-29 15:23:33 -------- d--h--r- d:\documents and settings\eigenaar\Onlangs geopend
2012-10-29 08:55:08 -------- d-----w- d:\documents and settings\all users\application data\tmp
2012-10-29 08:55:05 -------- d-----w- d:\documents and settings\all users\application data\hps
2012-10-29 08:36:43 -------- d-----w- d:\program files\ALDI Foto Service
2012-10-26 15:13:48 98816 ----a-w- d:\windows\sed.exe
2012-10-26 15:13:48 256000 ----a-w- d:\windows\PEV.exe
2012-10-26 15:13:48 208896 ----a-w- d:\windows\MBR.exe
2012-10-26 13:23:35 -------- d--h--w- d:\windows\PIF
2012-10-26 09:15:30 -------- d-----w- d:\program files\Trend Micro
2012-10-26 08:11:30 -------- d-----w- d:\documents and settings\eigenaar\application data\Malwarebytes
2012-10-26 08:11:08 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
2012-10-24 06:17:31 -------- d-----w- d:\program files\CCleaner
2012-10-24 05:55:07 -------- d-----w- d:\documents and settings\eigenaar\AppData
2012-10-23 18:01:01 -------- d-----w- d:\windows\system32\wbem\repository\FS
2012-10-23 18:01:01 -------- d-----w- d:\windows\system32\wbem\Repository
2012-10-19 05:12:27 -------- d-----w- d:\documents and settings\eigenaar\PrivacIE
2012-10-17 14:40:12 -------- d-----w- d:\windows\system32\winrm
2012-10-17 14:40:12 -------- d-----w- d:\windows\system32\GroupPolicy
2012-10-17 14:40:01 -------- dc-h--w- d:\windows\$968930Uinstall_KB968930$
2012-10-17 14:39:33 14048 ------w- d:\windows\system32\spmsg2.dll
2012-10-15 12:24:34 214256 ----a-w- d:\windows\system32\muweb.dll
2012-10-15 12:24:33 18160 ----a-w- d:\windows\system32\mucltui.dll.mui
2012-10-15 12:24:32 275696 ----a-w- d:\windows\system32\mucltui.dll
2012-10-15 08:38:15 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\Temp
2012-10-15 08:38:15 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\Adobe
2012-10-14 18:28:08 33104 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\msonpppr .dll
2012-10-14 18:28:08 31640 ----a-w- d:\windows\system32\msonpmon.dll
2012-10-14 18:22:48 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\Microsoft Help
2012-10-14 12:10:07 -------- d-----w- d:\windows\system32\Extensions
2012-10-14 12:10:04 -------- d-----w- d:\windows\system32\searchplugins
2012-10-13 17:04:09 -------- d-----w- d:\windows\system32\XPSViewer
2012-10-13 17:03:34 89088 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
2012-10-13 17:03:14 89088 -c----w- d:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2012-10-13 17:03:14 597504 -c----w- d:\windows\system32\dllcache\printfilterpipelinesv c.exe
2012-10-13 17:03:14 597504 ------w- d:\windows\system32\spool\prtprocs\w32x86\printfil terpipelinesvc.exe
2012-10-13 17:03:14 575488 -c----w- d:\windows\system32\dllcache\xpsshhdr.dll
2012-10-13 17:03:14 575488 ------w- d:\windows\system32\xpsshhdr.dll
2012-10-13 17:03:14 117760 ------w- d:\windows\system32\prntvpt.dll
2012-10-13 17:03:13 1676288 -c----w- d:\windows\system32\dllcache\xpssvcs.dll
2012-10-13 17:03:13 1676288 ------w- d:\windows\system32\xpssvcs.dll
2012-10-13 07:10:20 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\NeoSmart_Technologies
2012-10-13 07:00:48 -------- d-----w- d:\program files\NeoSmart Technologies
2012-10-13 06:04:39 -------- d-sh--w- d:\documents and settings\eigenaar\IETldCache
2012-10-13 05:27:18 521728 -c----w- d:\windows\system32\dllcache\jsdbgui.dll
2012-10-13 05:24:53 6144 -c----w- d:\windows\system32\dllcache\iecompat.dll
2012-10-13 05:24:07 -------- d-----w- d:\windows\ie8updates
2012-10-13 05:23:24 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll
2012-10-13 05:23:21 630272 -c----w- d:\windows\system32\dllcache\msfeeds.dll
2012-10-13 05:23:21 55296 -c----w- d:\windows\system32\dllcache\msfeedsbs.dll
2012-10-13 05:23:20 2000384 -c----w- d:\windows\system32\dllcache\iertutil.dll
2012-10-13 05:23:19 247808 -c----w- d:\windows\system32\dllcache\ieproxy.dll
2012-10-13 05:23:17 11111424 -c----w- d:\windows\system32\dllcache\ieframe.dll
2012-10-13 05:23:16 743424 -c----w- d:\windows\system32\dllcache\iedvtool.dll
2012-10-13 05:20:49 -------- dc-h--w- d:\windows\ie8
2012-10-12 17:22:38 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\CRE
2012-10-12 17:14:09 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\Wisdom-soft
2012-10-12 17:13:51 -------- d-----w- d:\program files\Wisdom-soft ScreenHunter 6.0 Free
2012-10-12 16:58:23 78336 -c----w- d:\windows\system32\dllcache\browser.dll
2012-10-12 16:58:23 337920 -c----w- d:\windows\system32\dllcache\netapi32.dll
2012-10-12 16:57:49 139784 -c----w- d:\windows\system32\dllcache\rdpwd.sys
2012-10-12 16:57:15 604672 -c----w- d:\windows\system32\dllcache\crypt32.dll
2012-10-12 16:55:14 1212416 -c----w- d:\windows\system32\dllcache\urlmon.dll
2012-10-12 16:55:14 105984 -c----w- d:\windows\system32\dllcache\url.dll
2012-10-12 16:55:13 916992 -c----w- d:\windows\system32\dllcache\wininet.dll
2012-10-12 16:55:13 67072 -c----w- d:\windows\system32\dllcache\mshtmled.dll
2012-10-12 16:55:13 611840 -c----w- d:\windows\system32\dllcache\mstime.dll
2012-10-12 16:55:13 184320 -c----w- d:\windows\system32\dllcache\iepeers.dll
2012-10-12 16:55:13 1025024 -c----w- d:\windows\system32\dllcache\browseui.dll
2012-10-12 16:55:12 6008832 -c----w- d:\windows\system32\dllcache\mshtml.dll
2012-10-12 16:55:12 1510400 -c----w- d:\windows\system32\dllcache\shdocvw.dll
2012-10-12 16:54:06 347136 -c----w- d:\windows\system32\dllcache\localspl.dll
2012-10-12 16:52:53 1172480 -c----w- d:\windows\system32\dllcache\msxml3.dll
2012-10-12 16:49:53 1866240 -c----w- d:\windows\system32\dllcache\win32k.sys
2012-10-12 16:49:15 177664 -c----w- d:\windows\system32\dllcache\wintrust.dll
2012-10-12 16:49:15 148480 -c----w- d:\windows\system32\dllcache\imagehlp.dll
2012-10-12 16:48:46 3072 -c----w- d:\windows\system32\dllcache\iacenc.dll
2012-10-12 16:48:46 3072 ------w- d:\windows\system32\iacenc.dll
2012-10-12 16:47:47 23040 -c----w- d:\windows\system32\dllcache\mciseq.dll
2012-10-12 16:47:47 179200 -c----w- d:\windows\system32\dllcache\winmm.dll
2012-10-12 16:46:48 354816 -c----w- d:\windows\system32\dllcache\winhttp.dll
2012-10-12 16:46:16 386560 -c----w- d:\windows\system32\dllcache\qdvd.dll
2012-10-12 16:45:34 60928 -c----w- d:\windows\system32\dllcache\packager.exe
2012-10-12 16:39:16 456320 -c----w- d:\windows\system32\dllcache\mrxsmb.sys
2012-10-12 16:38:43 10496 -c----w- d:\windows\system32\dllcache\ndistapi.sys
2012-10-12 16:37:59 33280 -c----w- d:\windows\system32\dllcache\csrsrv.dll
2012-10-12 16:37:59 293888 -c----w- d:\windows\system32\dllcache\winsrv.dll
2012-10-12 16:37:10 758784 -c--a-w- d:\windows\system32\dllcache\vgx.dll
2012-10-12 16:36:44 551936 -c----w- d:\windows\system32\dllcache\oleaut32.dll
2012-10-12 16:36:17 105472 -c----w- d:\windows\system32\dllcache\mup.sys
2012-10-12 16:35:49 471552 -c----w- d:\windows\system32\dllcache\aclayers.dll
2012-10-12 16:35:18 45568 -c----w- d:\windows\system32\dllcache\dnsrslvr.dll
2012-10-12 16:35:18 361600 -c----w- d:\windows\system32\dllcache\tcpip.sys
2012-10-12 16:35:18 247296 -c----w- d:\windows\system32\dllcache\mswsock.dll
2012-10-12 16:35:18 149504 -c----w- d:\windows\system32\dllcache\dnsapi.dll
2012-10-12 16:35:18 138496 -c----w- d:\windows\system32\dllcache\afd.sys
2012-10-12 16:34:51 726528 -c--a-w- d:\windows\system32\dllcache\jscript.dll
2012-10-12 16:34:50 420864 -c--a-w- d:\windows\system32\dllcache\vbscript.dll
2012-10-12 16:34:20 290432 -c----w- d:\windows\system32\dllcache\atmfd.dll
2012-10-12 16:33:23 357888 -c----w- d:\windows\system32\dllcache\srv.sys
2012-10-12 16:32:30 677888 -c----w- d:\windows\system32\dllcache\lhmstsc.exe
2012-10-12 16:32:29 2067456 -c----w- d:\windows\system32\dllcache\lhmstscx.dll
2012-10-12 16:32:02 270848 -c----w- d:\windows\system32\dllcache\sbe.dll
2012-10-12 16:32:02 186880 -c----w- d:\windows\system32\dllcache\encdec.dll
2012-10-12 16:31:32 135680 -c----w- d:\windows\system32\dllcache\shsvcs.dll
2012-10-12 16:29:55 8509952 -c----w- d:\windows\system32\dllcache\shell32.dll
2012-10-12 16:29:55 441344 -c----w- d:\windows\system32\dllcache\shimgvw.dll
2012-10-12 16:29:02 536576 -c----w- d:\windows\system32\dllcache\msado15.dll
2012-10-12 16:29:02 249856 -c----w- d:\windows\system32\dllcache\odbc32.dll
2012-10-12 16:29:02 200704 -c----w- d:\windows\system32\dllcache\msadox.dll
2012-10-12 16:29:02 180224 -c----w- d:\windows\system32\dllcache\msadomd.dll
2012-10-12 16:29:02 143360 -c----w- d:\windows\system32\dllcache\msadco.dll
2012-10-12 16:29:02 102400 -c----w- d:\windows\system32\dllcache\msjro.dll
2012-10-12 16:28:38 40960 -c----w- d:\windows\system32\dllcache\ndproxy.sys
2012-10-12 16:28:16 86016 -c----w- d:\windows\system32\dllcache\isign32.dll
2012-10-12 16:27:52 45568 -c----w- d:\windows\system32\dllcache\wab.exe
2012-10-12 16:27:29 590848 -c----w- d:\windows\system32\dllcache\rpcrt4.dll
2012-10-12 16:26:40 978944 -c----w- d:\windows\system32\dllcache\mfc42.dll
2012-10-12 16:26:40 953856 -c----w- d:\windows\system32\dllcache\mfc40u.dll
2012-10-12 16:25:42 617472 -c----w- d:\windows\system32\dllcache\comctl32.dll
2012-10-12 16:25:04 1288192 -c----w- d:\windows\system32\dllcache\ole32.dll
2012-10-12 16:23:53 58880 -c----w- d:\windows\system32\dllcache\spoolsv.exe
2012-10-12 16:23:25 406016 -c----w- d:\windows\system32\dllcache\usp10.dll
2012-10-12 16:22:59 3558912 -c----w- d:\windows\system32\dllcache\moviemk.exe
2012-10-12 16:21:47 744448 -c----w- d:\windows\system32\dllcache\helpsvc.exe
2012-10-12 16:21:22 65536 -c----w- d:\windows\system32\dllcache\asycfilt.dll
2012-10-12 16:20:36 692736 -c----w- d:\windows\system32\dllcache\inetcomm.dll
2012-10-12 16:20:18 293376 ------w- d:\windows\system32\browserchoice.exe
2012-10-12 16:19:52 226880 -c----w- d:\windows\system32\dllcache\tcpip6.sys
2012-10-12 16:19:52 100864 -c----w- d:\windows\system32\dllcache\6to4svc.dll
2012-10-12 16:19:35 87040 -c----w- d:\windows\system32\dllcache\cabview.dll
2012-10-12 16:18:59 345600 -c----w- d:\windows\system32\dllcache\mspaint.exe
2012-10-12 16:18:36 8704 -c----w- d:\windows\system32\dllcache\tsbyuv.dll
2012-10-12 16:18:36 85504 -c----w- d:\windows\system32\dllcache\avifil32.dll
2012-10-12 16:18:36 48128 -c----w- d:\windows\system32\dllcache\iyuv_32.dll
2012-10-12 16:18:36 11264 -c----w- d:\windows\system32\dllcache\msrle32.dll
2012-10-12 16:18:14 17920 -c----w- d:\windows\system32\dllcache\msyuv.dll
2012-10-12 16:18:13 1296384 -c----w- d:\windows\system32\dllcache\quartz.dll
2012-10-12 16:17:56 474624 -c----w- d:\windows\system32\dllcache\shlwapi.dll
2012-10-12 16:17:37 81920 -c----w- d:\windows\system32\dllcache\fontsub.dll
2012-10-12 16:17:37 119808 -c----w- d:\windows\system32\dllcache\t2embed.dll
2012-10-12 16:16:44 270848 -c----w- d:\windows\system32\dllcache\oakley.dll
2012-10-12 16:16:27 79872 -c----w- d:\windows\system32\dllcache\raschap.dll
2012-10-12 16:16:27 150016 -c----w- d:\windows\system32\dllcache\rastls.dll
2012-10-12 16:15:48 92928 -c----w- d:\windows\system32\dllcache\ksecdd.sys
2012-10-12 16:15:48 56832 -c----w- d:\windows\system32\dllcache\secur32.dll
2012-10-12 16:15:48 54272 -c----w- d:\windows\system32\dllcache\wdigest.dll
2012-10-12 16:15:48 301568 -c----w- d:\windows\system32\dllcache\kerberos.dll
2012-10-12 16:15:48 152576 -c----w- d:\windows\system32\dllcache\schannel.dll
2012-10-12 16:15:48 136192 -c----w- d:\windows\system32\dllcache\msv1_0.dll
2012-10-12 16:15:30 1440768 -c----w- d:\windows\system32\dllcache\query.dll
2012-10-12 16:14:59 58880 -c----w- d:\windows\system32\dllcache\msasn1.dll
2012-10-12 16:14:16 153088 -c----w- d:\windows\system32\dllcache\triedit.dll
2012-10-12 16:14:02 132096 -c----w- d:\windows\system32\dllcache\wkssvc.dll
2012-10-12 16:13:47 205312 -c----w- d:\windows\system32\dllcache\mswebdvd.dll
2012-10-12 16:13:31 79872 -c----w- d:\windows\system32\dllcache\telnet.exe
2012-10-12 16:13:13 58880 -c----w- d:\windows\system32\dllcache\atl.dll
2012-10-12 16:10:40 331776 -c----w- d:\windows\system32\dllcache\msadce.dll
2012-10-12 16:10:09 272640 -c----w- d:\windows\system32\dllcache\bthport.sys
2012-10-12 16:09:50 203136 -c----w- d:\windows\system32\dllcache\rmcast.sys
2012-10-12 16:09:39 -------- d-----w- d:\windows\system32\PreInstall
2012-10-12 16:09:31 -------- d--h--w- d:\windows\$hf_mig$
2012-10-12 15:56:50 24088 ----a-w- d:\windows\system32\wucltui.dll.mui
2012-10-12 15:56:50 -------- d-----w- d:\windows\system32\SoftwareDistribution
2012-10-12 15:56:49 18456 ----a-w- d:\windows\system32\wuaueng.dll.mui
2012-10-12 15:56:48 15896 ----a-w- d:\windows\system32\wuaucpl.cpl.mui
2012-10-12 15:56:47 15896 ----a-w- d:\windows\system32\wuapi.dll.mui
2012-10-12 15:55:45 22400 ----a-w- d:\windows\system32\RegistryDefragBootTime.exe
2012-10-12 15:48:04 -------- d-----w- d:\documents and settings\all users\application data\IObit
2012-10-12 15:47:48 -------- d-----w- d:\documents and settings\eigenaar\application data\IObit
2012-10-10 19:21:14 729752 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2012-10-10 19:20:21 41224 ----a-w- d:\windows\avastSS.scr
2012-10-10 19:19:55 -------- d-----w- d:\program files\AVAST Software
2012-10-10 19:19:55 -------- d-----w- d:\documents and settings\all users\application data\AVAST Software
2012-10-10 19:05:59 7168 ------w- d:\windows\system32\bitsprx4.dll
2012-10-10 19:03:55 8192 -c----w- d:\windows\system32\dllcache\asferror.dll
2012-10-10 19:02:21 -------- d-----w- d:\windows\network diagnostic
2012-10-10 19:02:20 144384 ------w- d:\windows\system32\drivers\hdaudbus.sys
2012-10-10 19:02:19 10240 ------w- d:\windows\system32\drivers\sffp_mmc.sys
2012-10-10 18:40:05 -------- d-----w- d:\windows\system32\wbem\AutoRecover
2012-10-10 18:31:03 -------- d-----w- d:\windows\ServicePackFiles
2012-10-10 18:27:51 26144 ----a-w- d:\windows\system32\spupdsvc.exe
2012-10-10 18:25:51 -------- d-----w- d:\windows\EHome
2012-10-10 17:47:12 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\Identities
2012-10-10 17:34:24 -------- d-----w- d:\documents and settings\eigenaar\local settings\application data\Google
2012-10-07 15:51:53 159744 ----a-r- d:\windows\system32\drivers\Fasttx2k.sys
2012-10-07 15:51:53 118784 ----a-r- d:\windows\system32\ptipbmf.dll
2012-10-07 14:17:07 -------- d-sh--w- d:\documents and settings\eigenaar\UserData
2012-10-07 13:57:16 -------- d--h--w- d:\documents and settings\all users\application data\CanonIJSolutionMenu
2012-10-07 13:57:13 -------- d--h--w- d:\documents and settings\all users\application data\CanonIJMyPrinter
2012-10-07 13:56:58 -------- d-----w- d:\documents and settings\all users\application data\CanonIJPLM
2012-10-07 13:55:39 303104 ----a-w- d:\windows\system32\CNC550L.dll
2012-10-07 13:55:39 110592 ----a-w- d:\windows\system32\CNC550I.dll
2012-10-07 13:55:38 15872 ----a-w- d:\windows\system32\CNHMCA.dll
2012-10-07 13:55:38 15104 ----a-w- d:\windows\system32\drivers\usbscan.sys
2012-10-07 13:55:38 1310720 ----a-w- d:\windows\system32\CNC550C.dll
2012-10-07 13:55:38 106496 ----a-w- d:\windows\system32\CNC550U.dll
2012-10-07 13:55:01 -------- d-----w- d:\program files\common files\CANON
2012-10-07 13:52:36 70656 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\CNMPP9Z. DLL
2012-10-07 13:52:36 27648 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\CNMPD9Z. DLL
2012-10-07 13:52:35 272384 ----a-w- d:\windows\system32\CNMLM9Z.DLL
2012-10-07 13:52:28 90112 ----a-w- d:\windows\system32\CNC550O.dll
2012-10-07 13:52:25 178176 ----a-w- d:\windows\system32\CNMIU9Z.DLL
2012-10-07 13:51:38 -------- d-----w- d:\program files\Canon
2012-10-07 13:18:42 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys
2012-10-07 13:18:32 32128 ----a-w- d:\windows\system32\drivers\usbccgp.sys
.
==================== Find3M ====================
.
2012-08-28 15:17:28 916992 ----a-w- d:\windows\system32\wininet.dll
2012-08-28 15:17:20 43520 ------w- d:\windows\system32\licmgr10.dll
2012-08-28 15:17:19 1469440 ------w- d:\windows\system32\inetcpl.cpl
2012-08-28 12:07:32 385024 ------w- d:\windows\system32\html.iec
2012-08-24 13:53:52 177664 ----a-w- d:\windows\system32\wintrust.dll
2012-08-23 06:27:36 2197248 ----a-w- d:\windows\system32\ntoskrnl.exe
2012-08-23 06:27:36 2073984 ----a-w- d:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 16:26:06,75 ===============
ram geheugen: 512MB, Processor: MAD Athlon 64 processor 3200; Radeon 9600 series
Groetjes
EvelineGirl 29 October 2012, 20:50 Eerst even dit: 512MB is tegenwoordig echt te weinig, zelfs voor het draaien onder XP. Je zou deze kunnen gaan uitbreiden naar 1GB geloof me ik spreek uit ervaring. Ik draaide ook eerst XP op 512MB. Heb hem ook een tijdje dualboot gehad met windows 7. Het liep gewoon niet lekker. Ik heb er nu 2GB in zitten en alles gaat in rap tempo. Wel heb ik de partitie waar XP toen opstond volledig geformatteerd (gebruikte hem nooit meer sinds Windows 7).
"zoek.exe" gebruiken:
Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens het gebruik soms als trojan aangezien.
(hier (http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608) of hier (http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607)) kan je lezen hoe je dat doet.
Download daarna zoek.exe (http://home.kpn.nl/stefsmeenk/zoek.exe) naar het bureaublad.
Start de tool middels dubbelklik op "zoek.exe".
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
Kopieer nu onderstaande code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
emptytemp;
emptyclsid;
emptyjava;
emptyflash;
emptyIEcache;
Sluit nu eerst alle overige nog openstaande programmavensters!
Klik daarna op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht.
lex11 30 October 2012, 17:41 Heb dit tweemaal uitgevoerd, inhoud logje is steeds leeg.
Kreeg tweemaal windows fout
EvelineGirl 30 October 2012, 17:50 Wat voor windows fout??
Verwijder zoek.exe en download hem dan even opnieuw probeer het dan nog eens.
Wel goed de instructies lezen.
lex11 30 October 2012, 18:32 Derde keer goede keer?
Zoek.exe Version 3.0.0.4 Updated 30-10-2012
Tool run by Eigenaar on di 30/10/2012 at 16:17:12,84.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
==== Deleting CLSID Registry Keys ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
"D:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences" deleted
==== Empty IE Cache ======================
D:\Documents and Settings\ALEX\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully
D:\Documents and Settings\ALEX\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
D:\Documents and Settings\Eigenaar\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully
D:\Documents and Settings\KIDS.HILDE\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
D:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
After Reboot
==== Empty Temp Folders ======================
D:\WINDOWS\Temp successfully emptied
D:\DOCUME~1\Eigenaar\LOCALS~1\Temp successfully emptied
==== Deleting Files / Folders ======================
After Reboot
==== Deleting Files / Folders ======================
After Reboot
==== Deleting Files / Folders ======================
"D:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\index.dat" deleted
"D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" deleted
EvelineGirl 30 October 2012, 18:33 Goed zo.. Is het nu nog iets verbeterd?
lex11 1 November 2012, 11:12 Bedankt,
Is verbeterd! Kan op deze manier deze pc hopelijk nog een tijdje gebruiken.
Zou id harde schijf ooit kn vervangen, maar wrs is de rest van de pc te verouderd en koop ik wanneer deze het begeeft best een nieuwe met alles up-to-date.
Groetjes en nogmaals veel dank!!!
;)
EvelineGirl 1 November 2012, 15:23 Graag gedaan.
1.
Je mag de gebruikte tools weer verwijderen.
Next, Next, Volgende.
Lees ook dit eens door: http://www.minatica.be/content/2723-Next-Next-Volgende
2.
Systeemherstel.
Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.
Hoe u de herstelpunten verwijderd leest u hier. (http://www.malwareinfo.nl/malware/systeemherstel.html)
3.
Installeren van essentiële updates.
Hoe u uw besturingssysteem en overige software up to date houdt kunt u hier (http://www.malwareinfo.nl/handigetips/updates.html) lezen.
Door middel van het programma Secunia PSI wordt u automatisch gewaarschuwd indien er updates voor de geïnstalleerde software beschikbaar is, meer informatie leest u hier (http://www.malwareinfo.nl/handleidingen/secunia.html)
4.
Pas op voor 'Phishing' berichten.
Phishing is een vorm van internet oplichting (fraude), met valse e-mailberichten en websites die er vertrouwd uitzien wordt er getracht 'logingegevens' en andere persoonlijke informatie te achterhalen.
Dit gebeurt vaak op hele slinkse manieren, zoals bijvoorbeeld e-mailberichten waarin u gevraagd wordt uw inloggegevens te verifiëren, in deze gevallen wordt u vaak naar een valse (clone) website gestuurd, zodra u uw gegevens hier hebt ingevoerd zijn deze in de handen van de kwaadwillende met alle gevolgen van dien.
Meer informatie leest u hier (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=207&t=4142)
5.
Wachtwoorden wijzigen
De meeste malware maakt een uitgaande verbinding met een Command & Control-server waarbij er vertrouwelijke gegevens zoals bijvoorbeeld inloggegevens worden buitgemaakt, indien uw computer geïnfecteerd is geweest is het dan ook raadzaam om al uw gebruikte wachtwoorden te wijzigen.
Meer informatie hierover leest u hier (http://malwareinfo.nl/tips-artikelen/wachtwoorden-wijzigen/)
6.
Risico's bij het downloaden
Peer to Peer (P2P) netwerken en ook Usenet (nieuwsgroepen) zijn een grote bron op het internet wat betreft het verspreiden van malware, het aanbieden van 'gevaarlijke' software (malware) gebeurt vrijwel anoniem waardoor dit een veel gebruikte methode is voor het verspreiden van malware.
Meer informatie hierover leest u hier (http://www.malwareinfo.nl/artikelen/p2pnetwerken.html)
7.
Preventie informatie & het gebruik van beveiligings software.
Om de kans op een her-infectie te minimaliseren kan je naast de gebruikte beveiligingssoftware een aanvullende malwarescanner installeren zoals Emsisoft Anti-Malware (http://antimalwaresoftware.nl/software-2/emsisoft-anti-malware/) of Malwarebytes' Antimalware (http://antimalwaresoftware.nl/software-2/malwarebytes-anti-malware-2/) om de bescherming te optimaliseren.
Hier (http://www.malwareinfo.nl/malware/malwarepreventie.html) staat meer informatie hoe u een infectie in de toekomst kunt voorkomen, lees dit eens op uw gemak door.
Dat was alles.:)
lex11 10 November 2012, 18:11 aiai terug die windows fout
pc valt soms uit, met blauw scherm met vanalles opgeschreven, te snel weg kan dit niet lezen
geeft dan volgende fout: pc is hersteld van ernstige fout :
BCCode: 10000008e BCP1: C0000005 BCP2: 8053cF57 BCP3:B158199C
BCP4:00000000 OSVer: 5_1_2600 SP: 1_0 Product: 768_1
EvelineGirl 10 November 2012, 20:30 Lijkt me een verouderde driver of iets dergelijks. Download en installeer BlueScreenView (http://www.nirsoft.net/utils/bluescreenview_setup.exe)
Na de installatie zal BlueScreenView starten.
Selecteer 1 bestand uit de lijst onder Dump File en druk op Ctrl+A
Klik vervolgens op File en daarna op Save Selected Items (Ctrl+S)
Sla het bestand op je bureaublad op. Open vervolgens dat bestand, en post de inhoud in je volgende post.
lex11 17 November 2012, 13:58 Hallo,
Heb ccleaner uitgevoerd, de fout is niet meer tevoorschijn gekomen ...hopelijk opgelost
Nog bedankt!
EvelineGirl 20 November 2012, 13:47 Graag gedaan.
|
|