Franki
-
Items
11 -
Registratiedatum
-
Laatst bezocht
Franki's prestaties
-
hai mako, ik heb malwarebite laten scannen en er zijn geen kwaadaardige zaken meer aangetroffen. Mijn hartelijke dank voor je inzet.:-) verder heb ik geen klachten over onze pc. zal ik alle opruimprogramma's laten staan (op het bureaublad)? hou voorkom ik opnieuw vundo's etc. op mijn PC? nogmaals dank voor je geduldige hulp. hartelijke groet, Franki.
-
hierbij Adw Cleanerlog # AdwCleaner v3.003 - Report created 09/09/2013 at 00:11:07 # Updated 07/09/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : frank loves gerrie - BALANS-0A67BC70 # Running from : C:\Documents and Settings\frank loves gerrie\Bureaublad\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search Folder Deleted : C:\Program Files\AVG Secure Search Folder Deleted : C:\Program Files\Common Files\AVG Secure Search Folder Deleted : C:\Documents and Settings\frank loves gerrie\IECompatCache Folder Deleted : C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\frank loves gerrie\Application Data\AVG Secure Search [!] Folder Deleted : C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Key Deleted : HKCU\Software\APN DTX Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\AVG Security Toolbar Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\Tarma Installer Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Music Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Google Chrome v [ File : C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Deleted : search_url Deleted : keyword ************************* AdwCleaner[R0].txt - [7104 octets] - [09/09/2013 00:06:52] AdwCleaner[s0].txt - [7201 octets] - [09/09/2013 00:11:07] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7261 octets] ##########
-
hierbij de logfile van EEK AdwCleaner volgt nog Groetjes franki Emsisoft Emergency Kit - Versie 4.0 Laatste Update: 8-9-2013 10:53:10 PM Gebruikersaccount: BALANS-0A67BC70\frank loves gerrie Scaninstellingen: Scanmodus: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\ Detecteer PUPs: Aan Scan archieven: Aan ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 8-9-2013 10:53:54 PM D:\Mijn documenten\Mijn muziek\gerries muziek\its gone be rain today dusty.mp3 Ontdekt: Trojan.Wimad.Gen.1 ( Gescand: 417559 Gevonden: 1 Scan geëindigd: 9-9-2013 12:00:16 AM Scantijd: 1:06:22 D:\Mijn documenten\Mijn muziek\gerries muziek\its gone be rain today dusty.mp3 In quarantaine geplaatst Trojan.Wimad.Gen.1 ( In quarantaine geplaatst 1
-
Beste Mako, ik ben even weggeweest daarom duurde het even. Ik heb nu, na meerdere pogingen combofix eindelijk op m'n bureaublad. Ik heb er op gedubbelklikt en het blauwe scherm reageerde helaas weer hetzelfde, de tijd staat stil en er gebeurd niets meer. Daarna in de veilige modus, maar daar krijg ik de AVG scanner niet uit. Het pictogram van AVG staat in de veilige modus niet meer rechtsonder, en op andere manieren kan ik hem niet uitschakelen... hopelijk zie je nog mogelijkheden? Hartelijke groet, Franki
-
Hoi Mako, ik heb de pc opgestart in veilige modus, toen op bleeping computer op het bureaublad dubbelgeklikt, toen op uitvoeren, toen kwam de vraag om AVG uit te schakelen, maar hoe kan ik dat doen in de veilige modus??? Ik kon dat nergens vinden groetjes Franki
-
hoi Mako, het lukt weer niet. ik zal alle stappen beschrijven: 1-bleepcom vanuit jouw bericht naar mijn bureaublad gesleept en AVG uitgeschakeld 2-dubbelgeklikt op bureaublad linkje van bleepcom/malware/combofix, en op uitvoeren geklikt op de vraag of ik deze software uit wil voeren 3-combofix met zwart scherm met lopende groene letters verschijnt 4-melding verschijnt dat er een fout is opgetreden en afgesloten gaat worden 5-dan komt het blauwe scherm (autoscan) van combofix met de texten: 1-combofix wordt opgestart 2-er wordt geprobeerd een nieuw systeemherstelpunt aan te maken 3-zoeken naar besmette bestanden, dit kan 10 minuten duren bij zwaar besmette pc de dubbele tijd. mijn pc klokje stond toen op 9.20 uur om 9.22 uur liep het klokje niet meer, ik heb toen 40 minuten gewacht, ik kon toen niets meer aanklikken en heb de pc uitgezet met het kleine knopje voor op mijn pc-kast. De pc heeft zich daarna weer vanzelf opgestart hopelijk kan je hier iets mee, groetjes Franki
-
combofix staat nu op mijn C schijf. als ik een snelkoppeling op mijn bureaublad zet en ik dubbelklik erop dan gaat hij naar de C schijf, hij start dan niet op.
-
Hallo Mako, het eerste deel is gelukt, maar de combofix lukt niet. downloaden gaat wel en de scan laten starten ook, ik krijg dan een blauw scherm met de tekst dit kan 10 minuten of dubbel zo lang duren bij een sterk besmette pc, maar na een uur is er nog niets gebeurd, de browser (Chrome) sluit hij wel af en dan staat ook het tijdklokje rechtsonder stil. Het is ook zoeken hoe ik combofix opstart, gaat niet zo even via het bureaublad. sample_23-08-2013_1036.zip downloaden ik zie nu ook niet hoe ik onderstaande log als bestand bij kan voegen, of is dit zo in orde? groetjes Franki Zoek.exe Version 4.0.0.4 Updated 19-08-2013 Tool run by frank loves gerrie on vr 23-08-2013 at 10:31:38,39. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\frank loves gerrie\Mijn documenten\Downloads\zoek (1)\zoek.exe [script inserted] ==== Older Logs ====================== C:\zoek-results19-08-2013-2337.log 26716 bytes ==== Creating Sample_23-08-2013_1036.zip ====================== Process chrome.exe killed C:\Documents and Settings\All Users\Bureaublad\sample_23-08-2013_1036.zip created successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1085031214-220523388-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} deleted successfully HKEY_USERS\S-1-5-21-1085031214-220523388-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE] ==== Deleting Files \ Folders ====================== "C:\DOCUME~1\FRANKL~1\LOCALS~1\Temp\BundleSweetIMSetup.exe" not found "C:\DOCUME~1\FRANKL~1\LOCALS~1\Temp\MybabylonTB.exe" not found "C:\Documents and Settings\All Users\Application Data\Tarma Installer" not found "C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}" not found "C:\Program Files\Music Toolbar" not found "C:\Documents and Settings\All Users\Application Data\YTD Video Downloader" deleted "C:\Documents and Settings\All Users\Menu Start\Programma's\YTD Video Downloader" deleted "C:\RECYCLER\S-1-5-21-1085031214-220523388-682003330-1003" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\FRANKL~1\LOCALS~1\Temp ==== ====== C:\WINDOWS\system32 ===== ====== C:\WINDOWS\system32\drivers ===== 2013-08-03 17:15:42 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys 2013-07-25 07:46:24 0F6F23F706BE4351E55A7D2BF0EE649A 97008 ----a-w- C:\WINDOWS\System32\drivers\RapportKELL.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2013-08-18 17:22:11 -------- d-----w- C:\Program Files\Trend Micro 2013-08-03 16:53:52 -------- d-----w- C:\Program Files\WinPcap 2013-08-03 16:47:18 -------- d-----w- C:\Program Files\Microsoft.NET 2013-08-03 16:44:39 -------- d-----w- C:\Program Files\Freemake ======= C: ===== ====== C:\Documents and Settings\frank loves gerrie\Application Data ====== 2013-08-19 19:30:14 -------- d-----w- C:\Documents and Settings\Default User\Local Settings\Application Data\Trusteer 2013-08-19 19:30:07 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\Trusteer Eindpuntbeveiliging 2013-08-18 12:54:19 -------- d-----w- C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\FuzeZip 2013-08-18 12:54:06 -------- d-----w- C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\fuzezipmusictoolbardla 2013-08-11 16:16:38 AC5EFD491E8809DD176C02309E128419 283626 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1085031214-220523388-682003330-1003-0.dat 2013-08-04 00:42:06 AC5EFD491E8809DD176C02309E128419 283626 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2013-08-03 16:45:00 -------- d-----w- C:\Documents and Settings\frank loves gerrie\Menu Start\Programma's\Freemake\Uninstall 2013-08-03 16:45:00 -------- d-----w- C:\Documents and Settings\frank loves gerrie\Menu Start\Programma's\Freemake 2013-08-03 16:45:00 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\Freemake 2013-08-03 16:44:56 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Freemake 2013-07-31 11:14:40 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG 2013-07-30 06:07:09 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\Google Earth ====== C:\Documents and Settings\frank loves gerrie ====== 2013-08-03 20:10:04 82FA18D21E729DCE98F6AFDFC9DE4A33 5632 --sha-w- C:\Documents and Settings\frank loves gerrie\Thumbs.db ====== C: exe-files == === C: other files == 2013-08-23 08:36:55 AD777B08E938675391B167CD92473838 499 ----a-w- C:\Documents and Settings\All Users\Bureaublad\sample_23-08-2013_1036.zip 2013-08-19 19:31:56 B5909D985716A9CD8B75C12D6581426D 330960 ----a-w- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys 2013-08-19 19:31:56 81BE76652B1D5B9493B9DD339F2D0FC0 589872 ----a-w- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aaaajjdggclgejkckppicefnelmoefjp - C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\fuzezipmusictoolbardla\GC\toolbar.crx[] bpegkgagfojjbcpkihigfmkojdmmimdf - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[05-02-2013 14:05] ehgldbbpchgpcfagfpfjgoomddhccfgh - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx[07-05-2013 17:12] ndibdjnfmopecpmkdieinmbadjfpblof - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx[14-08-2013 22:15] Freemake Video Downloader - frank loves gerrie - Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf Freemake Youtube Download Button - frank loves gerrie - Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh AVG Secure Search - frank loves gerrie - Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof ==== Chrome Fix ====================== C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx deleted successfully C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx deleted successfully C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf deleted successfully C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh deleted successfully ==== Empty IE Cache ====================== C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\frank loves gerrie\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\frank loves gerrie\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\FRANKL~1\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\frank loves gerrie\Local Settings\Temporary Internet Files\Content.IE5\index.dat" deleted "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on vr 23-08-2013 at 10:43:55,45 ======================
-
Beste Mako, het is me gelukt dankzij je duidelijke aanwijzingen. Bij zoek.exe was het even zoeken om het juiste schermpje te pakken te krijgen. Was de boosdoener het Freemakeprogramma wat ik nog niet zo lang geleden geïnstalleerd had? En kan ik freemake maar beter nooit meer installeren? hartelijke groet en tot later, Franki Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2013.08.18.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 frank loves gerrie :: BALANS-0A67BC70 [administrator] 19-8-2013 21:58:23 mbam-log-2013-08-19 (21-58-23).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 251923 Verstreken tijd: 12 minuut/minuten, 46 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 13 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Geen actie ondernomen. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Geen actie ondernomen. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Tarma.A) -> Geen actie ondernomen. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F8F84CF-DCBA-4426-AC18-30A8AB00C526} (Trojan.Vundo) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F8F84CF-DCBA-4426-AC18-30A8AB00C526} (Trojan.Vundo) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{0F8F84CF-DCBA-4426-AC18-30A8AB00C526} (Trojan.Vundo) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0F8F84CF-DCBA-4426-AC18-30A8AB00C526} (Trojan.Vundo) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 3 C:\Documents and Settings\All Users\Application Data\Tarma Installer (PUP.Optional.Tarma.A) -> Geen actie ondernomen. C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Geen actie ondernomen. C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Geen actie ondernomen. Bestanden gedetecteerd: 11 C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Geen actie ondernomen. C:\Documents and Settings\All Users\Application Data\YTD Video Downloader\ytd_installer.exe (PUP.Optional.BundledToolBar.A) -> Geen actie ondernomen. C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Geen actie ondernomen. C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Geen actie ondernomen. C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Geen actie ondernomen. C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Geen actie ondernomen. C:\Documents and Settings\frank loves gerrie\Local Settings\Temp\nsd2C9.tmp\webcake_2205-a3f0f0d9.exe (Trojan.PUP.WebCake.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\WINDOWS\cookies.ini (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd. C:\WINDOWS\BMbbc5782e.txt (Trojan.Vundo) -> Succesvol in quarantaine geplaatst en verwijderd. C:\WINDOWS\BMbbc5782e.xml (Trojan.Vundo) -> Succesvol in quarantaine geplaatst en verwijderd. C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Zoek.exe Version 4.0.0.4 Updated 19-08-2013 Tool run by frank loves gerrie on ma 19-08-2013 at 23:22:31,06. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\frank loves gerrie\Mijn documenten\Downloads\zoek.exe [script inserted] ==== System Restore Info ====================== 19-8-2013 11:23:11 PM Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1085031214-220523388-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully HKEY_USERS\S-1-5-21-1085031214-220523388-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\FreemakeVideoCapture deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FreemakeVideoCapture deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\FreemakeVideoCapture deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FreemakeVideoCapture deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DatamngrCoordinator deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DatamngrCoordinator deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL" ==== Deleting Files \ Folders ====================== "C:\WINDOWS\002692_.tmp" deleted "C:\WINDOWS\SET3.tmp" deleted "C:\WINDOWS\SET4.tmp" deleted "C:\WINDOWS\SET8.tmp" deleted "C:\WINDOWS\System32\SET42.tmp" deleted "C:\WINDOWS\System32\SET4E.tmp" deleted "C:\Documents and Settings\All Users\Bureaublad\Freemake Video Downloader.lnk" deleted "C:\Documents and Settings\All Users\Bureaublad\YTD Video Downloader.lnk" deleted "C:\Program Files\Music Toolbar\Datamngr\apcrtldr.dll" deleted "C:\Program Files\Music Toolbar\Datamngr\DatamngrUI.exe" deleted "C:\Program Files\Music Toolbar\Datamngr\apcrtldr.dll" deleted "C:\Program Files\Music Toolbar\Datamngr\DatamngrUI.exe" deleted "C:\Documents and Settings\frank loves gerrie\Application Data\Sony" deleted "C:\Program Files\Music Toolbar" not deleted "C:\Program Files\Music Toolbar" not deleted "C:\Documents and Settings\frank loves gerrie\Application Data\fuzezipmusictoolbardla" deleted "C:\Documents and Settings\All Users\Application Data\Wincert" deleted "C:\Documents and Settings\All Users\Application Data\Tarma Installer" deleted "C:\Documents and Settings\All Users\Application Data\APN" deleted "C:\Documents and Settings\All Users\Application Data\Datamngr" deleted "C:\Program Files\Music Toolbar\Datamngr" not deleted "C:\Program Files\Music Toolbar\Datamngr" not deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\FRANKL~1\LOCALS~1\Temp ==== 2013-08-18 15:09:25 5BB7F9160A555D16C1C4C8914C976043 9 ----a-w- C:\DOCUME~1\FRANKL~1\LOCALS~1\Temp\BundleSweetIMSetup.exe 2013-08-18 15:09:25 1B80378EA920FCD0EA146B28C3DBA2AE 6 ----a-w- C:\DOCUME~1\FRANKL~1\LOCALS~1\Temp\propsys.dll 2013-08-18 15:09:24 D2B48C62D4E77881DF37119BBADB8A0F 11 ----a-w- C:\DOCUME~1\FRANKL~1\LOCALS~1\Temp\MybabylonTB.exe ====== C:\WINDOWS\system32 ===== ====== C:\WINDOWS\system32\drivers ===== 2013-08-03 17:15:42 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys 2013-07-25 07:46:24 0F6F23F706BE4351E55A7D2BF0EE649A 97008 ----a-w- C:\WINDOWS\System32\drivers\RapportKELL.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2013-08-18 17:22:11 -------- d-----w- C:\Program Files\Trend Micro 2013-08-18 12:53:59 -------- d-----w- C:\Program Files\Music Toolbar 2013-08-03 16:53:52 -------- d-----w- C:\Program Files\WinPcap 2013-08-03 16:47:18 -------- d-----w- C:\Program Files\Microsoft.NET 2013-08-03 16:44:39 -------- d-----w- C:\Program Files\Freemake ======= C: ===== ====== C:\Documents and Settings\frank loves gerrie\Application Data ====== 2013-08-19 19:30:14 -------- d-----w- C:\Documents and Settings\Default User\Local Settings\Application Data\Trusteer 2013-08-19 19:30:07 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\Trusteer Eindpuntbeveiliging 2013-08-18 12:54:19 -------- d-----w- C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\FuzeZip 2013-08-18 12:54:06 -------- d-----w- C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\fuzezipmusictoolbardla 2013-08-11 16:16:38 AC5EFD491E8809DD176C02309E128419 283626 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1085031214-220523388-682003330-1003-0.dat 2013-08-04 00:42:06 AC5EFD491E8809DD176C02309E128419 283626 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2013-08-03 16:45:00 -------- d-----w- C:\Documents and Settings\frank loves gerrie\Menu Start\Programma's\Freemake\Uninstall 2013-08-03 16:45:00 -------- d-----w- C:\Documents and Settings\frank loves gerrie\Menu Start\Programma's\Freemake 2013-08-03 16:45:00 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\Freemake 2013-08-03 16:44:56 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Freemake 2013-08-02 07:02:05 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\YTD Video Downloader 2013-07-31 11:14:40 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG 2013-07-30 06:07:09 -------- d-----w- C:\Documents and Settings\All Users\Menu Start\Programma's\Google Earth ====== C:\Documents and Settings\frank loves gerrie ====== 2013-08-03 20:10:04 82FA18D21E729DCE98F6AFDFC9DE4A33 5632 --sha-w- C:\Documents and Settings\frank loves gerrie\Thumbs.db ====== C: exe-files == 2013-08-19 21:18:03 64357E1B16160F75EACC5C74DD523C7A 1277150 ----a-w- C:\RECYCLER\S-1-5-21-1085031214-220523388-682003330-1003\Dc35.exe 2013-08-19 21:16:38 64357E1B16160F75EACC5C74DD523C7A 1277150 ----a-w- C:\RECYCLER\S-1-5-21-1085031214-220523388-682003330-1003\Dc34.exe 2013-08-19 21:15:01 64357E1B16160F75EACC5C74DD523C7A 1277150 ----a-w- C:\RECYCLER\S-1-5-21-1085031214-220523388-682003330-1003\Dc33.exe 2013-08-19 21:14:47 64357E1B16160F75EACC5C74DD523C7A 1277150 ----a-w- C:\RECYCLER\S-1-5-21-1085031214-220523388-682003330-1003\Dc28.exe 2013-08-19 21:14:37 64357E1B16160F75EACC5C74DD523C7A 1277150 ----a-w- C:\RECYCLER\S-1-5-21-1085031214-220523388-682003330-1003\Dc27.exe 2013-08-19 21:13:26 64357E1B16160F75EACC5C74DD523C7A 1277150 ----a-w- C:\RECYCLER\S-1-5-21-1085031214-220523388-682003330-1003\Dc26.exe 2013-08-19 21:13:24 64357E1B16160F75EACC5C74DD523C7A 1277150 ----a-w- C:\RECYCLER\S-1-5-21-1085031214-220523388-682003330-1003\Dc25.exe 2013-08-19 21:13:23 64357E1B16160F75EACC5C74DD523C7A 1277150 ----a-w- C:\RECYCLER\S-1-5-21-1085031214-220523388-682003330-1003\Dc24.exe 2013-08-19 21:12:28 64357E1B16160F75EACC5C74DD523C7A 1277150 ----a-w- C:\RECYCLER\S-1-5-21-1085031214-220523388-682003330-1003\Dc32.exe 2013-08-19 21:11:24 64357E1B16160F75EACC5C74DD523C7A 1277150 ----a-w- C:\RECYCLER\S-1-5-21-1085031214-220523388-682003330-1003\Dc31.exe 2013-08-19 21:11:20 64357E1B16160F75EACC5C74DD523C7A 1277150 ----a-w- C:\RECYCLER\S-1-5-21-1085031214-220523388-682003330-1003\Dc30.exe 2013-08-19 21:10:17 64357E1B16160F75EACC5C74DD523C7A 1277150 ----a-w- C:\RECYCLER\S-1-5-21-1085031214-220523388-682003330-1003\Dc29.exe 2013-08-19 21:09:06 64357E1B16160F75EACC5C74DD523C7A 1277150 ----a-w- C:\RECYCLER\S-1-5-21-1085031214-220523388-682003330-1003\Dc36.exe 2013-08-18 15:09:25 5BB7F9160A555D16C1C4C8914C976043 9 ----a-w- C:\Documents and Settings\frank loves gerrie\Local Settings\Temp\BundleSweetIMSetup.exe 2013-08-18 15:09:24 D2B48C62D4E77881DF37119BBADB8A0F 11 ----a-w- C:\Documents and Settings\frank loves gerrie\Local Settings\Temp\MybabylonTB.exe 2013-08-18 12:54:20 C446EEFC2769273758D70C8061428862 243448 ----a-w- C:\RECYCLER\S-1-5-21-1085031214-220523388-682003330-1003\Dc19\Uninstall.exe 2013-08-18 12:54:18 90F74DBA1B2BCAC2BE90E43CF86C2641 3688960 ----a-w- C:\RECYCLER\S-1-5-21-1085031214-220523388-682003330-1003\Dc19\FuzeZip.exe 2013-08-18 12:54:18 6F285B7CBDC2157C555A6F8A34157B1C 849968 ----a-w- C:\RECYCLER\S-1-5-21-1085031214-220523388-682003330-1003\Dc19\change.exe 2013-08-18 12:52:52 8D3DE569593ACFABC8D2E9F8FACC0964 1300888 ----a-w- C:\Documents and Settings\frank loves gerrie\Local Settings\Temporary Internet Files\Content.IE5\9MMXEBUY\FuzeZipSetup-r167-w-bi[1].exe 2013-08-14 20:15:56 45A9FAC90CA8F263F6DB2EBDC4A9F002 641200 ----a-w- C:\Program Files\Common Files\AVG Secure Search\DriverInstaller\15.5.0\DriverInstaller.exe 2013-08-14 20:15:53 E962D9F3AF9C09DE15D3944D1B1278CC 2301616 ----a-w- C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\15.5.0\ScriptHelper.exe 2013-08-14 20:15:51 EB94A2C1F99E9E1634683B916F4EB1A2 1643184 ----a-w- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe 2013-08-14 20:15:47 EB94A2C1F99E9E1634683B916F4EB1A2 1643184 ----a-w- C:\WINDOWS\Temp\avg_a02576\CommonFiles\AVG Secure Search\ToolbarUpdater.exe 2013-08-14 20:15:47 E962D9F3AF9C09DE15D3944D1B1278CC 2301616 ----a-w- C:\WINDOWS\Temp\avg_a02576\CommonFiles\AVG Secure Search\ScriptHelper.exe 2013-08-14 20:15:47 E25D3E9D7822C42EF7518EFEB2F3E275 147120 ----a-w- C:\WINDOWS\Temp\avg_a02576\CommonFiles\AVG Secure Search\DriverInstaller_64.exe 2013-08-14 20:15:47 B6FFA8C9B553336D4CE86514A54C408A 926384 ----a-w- C:\WINDOWS\Temp\avg_a02576\ProgFiles\AVG Secure Search\lip.exe 2013-08-14 20:15:47 752A2976E3096D2055F8A97C7B97DF80 1851568 ----a-w- C:\WINDOWS\Temp\avg_a02576\ProgFiles\AVG Secure Search\Uninstall.exe 2013-08-14 20:15:47 491C1E48B638907B8FD8EF8B09AC084E 2314416 ----a-w- C:\WINDOWS\Temp\avg_a02576\ProgFiles\AVG Secure Search\vprot.exe 2013-08-14 20:15:47 45A9FAC90CA8F263F6DB2EBDC4A9F002 641200 ----a-w- C:\WINDOWS\Temp\avg_a02576\CommonFiles\AVG Secure Search\DriverInstaller.exe 2013-08-14 20:15:47 2C1B0965CB65797001053D8956F9CD54 2226864 ----a-w- C:\WINDOWS\Temp\avg_a02576\avg-secure-search-installer.exe 2013-08-14 20:15:47 178C1607D35988153A0E7CBB90C669FC 642224 ----a-w- C:\WINDOWS\Temp\avg_a02576\ProgFiles\AVG Secure Search\PostInstall.exe 2013-08-14 20:15:47 01A17E294876ECB573AD32530961F29B 573616 ----a-w- C:\WINDOWS\Temp\avg_a02576\ConfigFiles\MachineIdCreator.exe 2013-08-14 20:15:43 A8893D3F119C8143B2FC53F5CF21EE01 4547608 ----a-w- C:\WINDOWS\Temp\{105185F1-59CF-4BD5-AF71-F0470EC96DA7}.exe 2013-08-13 19:42:52 2BF1A08F7CB7752AF697EE228514497F 234872 -c----w- C:\WINDOWS\ie8updates\KB2862772-IE8\spuninst\spuninst.exe 2013-08-13 19:42:46 D9981DC283F5AFC2D3E9C323257A7828 174592 -c----w- C:\WINDOWS\ie8updates\KB2862772-IE8\ie4uinit.exe === C: other files == 2013-08-19 19:31:56 B5909D985716A9CD8B75C12D6581426D 330960 ----a-w- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys 2013-08-19 19:31:56 81BE76652B1D5B9493B9DD339F2D0FC0 589872 ----a-w- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys 2013-08-14 20:16:08 8A196063A0F0305A8A05CCEC1AF746C3 257167 ----a-w- C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx 2013-08-14 20:15:47 E647C4315F36756DF5FA38BDEB51F224 45856 ----a-w- C:\WINDOWS\Temp\avg_a02576\CommonFiles\AVG Secure Search\avgtpx64.sys 2013-08-14 20:15:47 311C5A8D894563CD2712CD297A34FAFB 37664 ----a-w- C:\WINDOWS\Temp\avg_a02576\CommonFiles\AVG Secure Search\avgtpx86.sys 2013-08-14 20:15:46 8A196063A0F0305A8A05CCEC1AF746C3 257167 ----a-w- C:\WINDOWS\Temp\avg_a02576\ProgData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx 2013-08-14 20:15:45 567B5EC265B26994AFB11DB13F53B07A 147960 ----a-w- C:\WINDOWS\Temp\avg_a02576\ProgFiles\AVG Secure Search\data.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1085031214-220523388-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "Google Update"="C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" "Alcmtr"="ALCMTR.EXE" "vProt"="C:\Program Files\AVG Secure Search\vprot.exe" "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" "CanonSolutionMenuEx"="C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon" "AVG_UI"="C:\Program Files\AVG\AVG2013\avgui.exe /TRAYONLY" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "Google Update"="C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Reader_sl" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\b8f64bb2] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="acisdyoq" "hkey"="HKLM" "command"="rundll32.exe \"C:\\WINDOWS\\system32\\acisdyoq.dll\",b" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BMbbc5782e] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jiqujhci" "hkey"="HKLM" "command"="Rundll32.exe \"C:\\WINDOWS\\system32\\jiqujhci.dll\",s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GBMPro8Agent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GBMAgent" "hkey"="HKCU" "command"="C:\\Program Files\\Genie-Soft\\GBMPro8\\GBMAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMJPMIG8.1] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IMJPMIG" "hkey"="HKLM" "command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NMIndexStoreSvr" "hkey"="HKCU" "command"="\"C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\" ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="pctsTray" "hkey"="HKLM" "command"="\"C:\\Program Files\\Spyware Doctor\\pctsTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBKeyScan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NBKeyScan" "hkey"="HKLM" "command"="\"C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Nero\\Lib\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaSuite.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NokiaSuite" "hkey"="HKCU" "command"="C:\\Program Files\\Nokia\\Nokia Suite\\NokiaSuite.exe -tray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002A] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TINTSETP" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002ASync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TINTSETP" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SkyTel] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SkyTel" "hkey"="HKLM" "command"="SkyTel.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleToolbarNotifier" "hkey"="HKCU" "command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ScanPanel.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\ScanPanel.lnk" "backup"="C:\\WINDOWS\\pss\\ScanPanel.lnkCommon Startup" "command"="C:\\SCANPA~1\\ScnPanel.exe " "item"="ScanPanel" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12-06-2013 10:21] C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job --a------ C:\WINDOWS\TEMP\576BE1D9-1410-4FE3-9BBC-9AC020E19621.exe [] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [29-01-2010 06:09] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [29-01-2010 06:09] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-220523388-682003330-1003Core.job --a------ C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [06-06-2011 17:38] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-220523388-682003330-1003UA.job --a------ C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [06-06-2011 17:38] C:\WINDOWS\tasks\User_Feed_Synchronization-{9B8C6BAA-4CC4-4955-A1CA-79F22F0D58A5}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08-03-2009 04:31] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aaaajjdggclgejkckppicefnelmoefjp - C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\fuzezipmusictoolbardla\GC\toolbar.crx[12-06-2013 18:45] bpegkgagfojjbcpkihigfmkojdmmimdf - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[05-02-2013 14:05] ehgldbbpchgpcfagfpfjgoomddhccfgh - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx[07-05-2013 17:12] ndibdjnfmopecpmkdieinmbadjfpblof - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx[14-08-2013 22:15] Music Toolbar - frank loves gerrie - Default\Extensions\aaaajjdggclgejkckppicefnelmoefjp Freemake Video Downloader - frank loves gerrie - Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf Freemake Youtube Download Button - frank loves gerrie - Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh AVG Secure Search - frank loves gerrie - Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof ==== Chrome Fix ====================== C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\fuzezipmusictoolbardla\GC\toolbar.crx deleted successfully C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaajjdggclgejkckppicefnelmoefjp deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://nl.msn.com/?pc=UP97&ocid=UP97DHP&dt=072013" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://isearch.avg.com/tab?cid={64E85C8F-8C88-42D1-858A-639CB5EE7346}&mid=4c0364c0fba3a3dacfe88459d0948a98-7e6757f016611bbbbc4a95f5d6bfdcb65e54338c〈=nl&ds=AVG&pr=fr&d=2012-06-24 14:58:54&pid=avg&sg=0&v=15.5.0.2&sap=nt" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://nl.msn.com/?pc=UP97&ocid=UP97DHP&dt=072013" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {0C8AC544-907D-4352-96F7-A63DCB90D33A} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF_nl" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="http://isearch.avg.com/search?cid={64E85C8F-8C88-42D1-858A-639CB5EE7346}&mid=4c0364c0fba3a3dacfe88459d0948a98-7e6757f016611bbbbc4a95f5d6bfdcb65e54338c〈=nl&ds=AVG&pr=fr&d=2012-06-24" {97C34958-1F56-4008-9D5C-BBF272DD8964} AVG Secure Search Url="http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=nl&nt=1" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1085031214-220523388-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_USERS\S-1-5-21-1085031214-220523388-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Empty IE Cache ====================== C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\frank loves gerrie\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\frank loves gerrie\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\FRANKL~1\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\frank loves gerrie\Local Settings\Temporary Internet Files\Content.IE5\index.dat" deleted "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Program Files\Music Toolbar" not found "C:\Program Files\Music Toolbar" not found ==== EOF on ma 19-08-2013 at 23:37:11,92 ======================
-
beste iEscape, dank je voor je reactie. hier is de info van het kladblok van HijackThis Ik zag ook nog een scherm met Trend Micro HijackThis-v2.0.4 met results of the Hijack scan. Heb je dat ook nodig? Bij voorbaat dank. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:23:04, on 18-8-2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2013\avgrsx.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG2013\avgidsagent.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe C:\Program Files\AVG\AVG2013\avgnsx.exe C:\Program Files\AVG\AVG2013\avgemcx.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\Program Files\Music Toolbar\Datamngr\DatamngrCoordinator.exe C:\Program Files\Music Toolbar\Datamngr\DatamngrUI.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - mscoree.dll (file missing) O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\frank loves gerrie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: @C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll,-4 - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU) O9 - Extra 'Tools' menuitem: Freemake Video Downloader - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213546974932 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing) O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL C:\PROGRA~1\MUSICT~1\Datamngr\mgrldr.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: Datamngr Coordinator (DatamngrCoordinator) - Koyote-Lab Inc. - C:\Program Files\Music Toolbar\Datamngr\DatamngrCoordinator.exe O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- End of file - 9295 bytes
-
Beste mensen, Voor mij is het vragen van hulp via een forum nieuw. In mijn PC zijn Trojan Vundo virussen genesteld. Ik heb het Malwarebytes programma laten draaien en stuur het rapport (log)[ATTACH]27525[/ATTACH] mee. Kunnen jullie hier iets mee en me helpen deze virussen te verwijderen? Op zich draait onze computer wel, maar ik heb liever een schone PC. Bij voorbaat dank, Franki MBAM-log-2013-08-03 (21-47-15).txt
