JJdM
-
Items
73 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door JJdM
-
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
http://speccy.piriform.com/results/slXy6eZM55ZfLpTBwEYPzcS -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
# AdwCleaner v5.004 - Logfile created 28/08/2015 at 09:25:52 # Updated 26/08/2015 by Xplode # Database : 2015-08-25.1 [server] # Operating system : Microsoft Windows XP Service Pack 3 (x86) # Username : admin - ADMIN-696419DC2 # Running from : C:\Documents and Settings\admin\My Documents\Downloads\AdwCleaner (1).exe # Option : Cleaning # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} [-] Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} ***** [ Web browsers ] ***** ************************* :: Winsock settings cleared ************************* C:\AdwCleaner[C4].txt - [1759 bytes] - [16/08/2015 10:00:50] C:\AdwCleaner[R1].txt - [3896 bytes] - [19/02/2013 14:41:41] C:\AdwCleaner[s1].txt - [4004 bytes] - [19/02/2013 14:42:37] C:\AdwCleaner[s4].txt - [1551 bytes] - [16/08/2015 09:58:08] ########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [1183 bytes] ########## AdwCleanerC5 28-08-2015.txt -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
zoek-results 27-08-2015b.txt C:\Documents and Settings\admin\Favorites\Download IObit Freeware.url;f C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.iobit;f [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache];r "C:\\Program Files\\IObit\\IObit Malware Fighter\\IMF_ActionCenterDownloader.exe"=-;r [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache];r "C:\\Program Files\\IObit\\Advanced SystemCare 7\\ASC.exe"=-;r [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache];r "C:\\Program Files\\IObit\\IObit Malware Fighter\\IMF_ActionCenterDownloader.exe"=-;r [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache];r "C:\\Program Files\\IObit\\Advanced SystemCare 7\\ASC.exe"=-;r -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
zoek-results 27-08-2015a.txt -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
Op het einde nog altijd dezelfde boodschap, is dit ok? -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
zoek-results 27-08-2015.txt -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
Hieronder het verslag, maar op het einde van het verslag krijg ik een melding: C:\DOCUME~1\admin\LOCALS~1\Temp\folderchk.vbs This file does not have a program associated with it for performing this action. Create an association in the Folder Options control panel. zoek-results 27-08-2015.txt -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
Buiten het probleem van printer heb ik ook nog het volgend probleem wanneer ik naar mijn mailbox ga, de eerste momenten alles normaal en ineens verlies ik ganse delen van de pagina die worden wit, er zijn maar een paar titels van mails nog zichtbaar en ondanks het feit dat de bedieningsknoppen onzichtbaar zijn werken die nog als mijn de juiste plaats kan gissen. Hierbij het gevraagde bestand. zoek-results 24-08.txt -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
Ja, ik had het gedaan maar niet gepost. zoek-results 23-08.txt -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
Ik heb terug een poging gedaan om mijn printer te installeren maar zonder succes. Ik kreeg een errormelding, het volgende zou naar HP gestuurd worden voor een oplossing Operating System: Windows XP (5.1.2600.3) Language: English Date and Version: 02/14/2008, 100.000.235.001 Error Situation Code: 15290680 Log files: 15290680.zip -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
Ik haalde de drivers van dezelfde pagina maar ondanks het verwijderen blijft is er nog altijd een spoor van HP imaging... maar ik vind dit enkel in het startmenu terug nergens anders, ik vermoed dat dit de oorzaak kan zijn van TRAYAPP en PSSWCORE die de installatie van de printer blokkeert? Wat betreft de installatie van de printer voor dat ik met u contact had was het zo, ik kon het via die drivers installeren maar wat er niet geïnstalleerd werd was de "HP Solution Center" op mijn desktop en dit is nodig te scannen, dit is een soort van bedieningspaneel, ik kon dan enkel de printer gebruiken en niet de scanner, een paar jaar geleden had ik dezelfde printer ook volledig verwijdert en daarna zonder problemen terug geïnstalleerd via de site van HP, zonder problemen. Het moet via deze site aangezien ik geen installatie-cd meer heb. -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
De mail werd waarschijnlijk niet bezorgd. Bij het opstarten van de pc had ik telkens TRAYAPP dit vinkje heb ik weggedaan bij het opstartmenu. Eens dat ik de usb-kabel moet insteken heb ik dan een probleem met "PSSWCORE" maar die vindt geen verdere gegevens om verder te kunnen en blokkeert de installatie van de printer. -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
De printer gaat niet, ik heb u daarom een mail met een printscreen gestuurd. -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
Heb ik nu gedaan. -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
Neen, ik heb AVG gedownload en laten draaien, voor dit is alles OK, moet ik nu proberen om mijn printer te installeren, bij mijn vorige poging kreeg ik bij het opstarten nog altijd "TRAYAPP" en tijdens de installatie van de printer "PSSWCORE" -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
Ik kan de printer niet installeren, bij het opstarten van mijn pc krijg ik een venstertje "TRAYAPP" die niet de gepaste gegevens vindt en enkel kan verwijderen door Ctrl,, windows, alt, delete, tijdens het downloaden van de drivers voor de printer krijg ik dan PSSWCORE en is het hetzelfde, waarschijnlijk zijn die twee aan mekaar gelinkt. De AVG heb ik nog niet gedownload. Ik krijg ook nog altijd gegevensverliezen (ineens verdwijnt er een deel van de teksten) op de pagina van hotmail e.a. -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
Ik denk dat zij terug werken, morgen probeer ik mijn HP5280C terug te installeren of moet ik nog wachten? Ik moet ook nog AVG terug installeren. -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
# AdwCleaner v5.000 - Logfile created 16/08/2015 at 10:00:50 # Updated 14/08/2015 by Xplode # Database : 2015-08-15.1 [server] # Operating system : Microsoft Windows XP Service Pack 3 (x86) # Username : admin - ADMIN-696419DC2 # Running from : C:\Documents and Settings\admin\My Documents\Downloads\adwcleaner_5.000.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\uus3url-pl [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{FE69C007-C452-4D3E-86D2-1730DF8BC871}] [-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser [{10921475-03CE-4E04-90CE-E2E7EF20C814}] [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Key Deleted : HKCU\Software\ParetoLogic [-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp [-] Key Deleted : HKLM\SOFTWARE\ParetoLogic ***** [ Web browsers ] ***** ************************* :: Proxy settings cleared :: Winsock settings cleared ************************* C:\AdwCleaner[C4].txt - [1438 octets] - [16/08/2015 10:00:50] C:\AdwCleaner[R1].txt - [3896 octets] - [19/02/2013 14:41:41] C:\AdwCleaner[s1].txt - [4004 octets] - [19/02/2013 14:42:37] C:\AdwCleaner[s4].txt - [1551 octets] - [16/08/2015 09:58:08] ########## EOF - C:\AdwCleaner[C4].txt - [1690 octets] ########## -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by admin on sam. 15/08/2015 at 13:32:50,07. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\admin\My Documents\Downloads\zoek (18).exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2015-08-15-104501.log 1288 bytes C:\zoek-results2015-08-15-110731.log 14411 bytes ==== Empty Folders Check ====================== C:\Documents and Settings\admin\Application Data\Dossier de t‚l‚chargement Share-to-Web ==== Checking Systemdrive for Symlinks ====================== Volume in drive C has no label. Volume Serial Number is 34AD-B793 Directory of C:\Documents and Settings\All Users\Application Data\Oracle\Java 31/07/2015 15:00 <JUNCTION> javapath 0 File(s) 0 bytes Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices 13/02/2014 19:34 <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a 0 File(s) 0 bytes Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote 13/02/2014 19:34 <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a 0 File(s) 0 bytes Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices 24/05/2015 15:59 <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a 0 File(s) 0 bytes Total Files Listed: 0 File(s) 0 bytes 4 Dir(s) 95.457.902.592 bytes free ==== Deleting CLSID Registry Keys ====================== HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d28c7e56-2cc6-415c-8727-d71334085926} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d970ed5-3eda-438d-bffd-715931e2775b} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{d28c7e56-2cc6-415c-8727-d71334085926} deleted successfully ==== Installed Programs ====================== 32 Bit HP CIO Components Installer Adobe Flash Player 18 ActiveX Adobe Reader XI (11.0.08) - Fran‡ais Belgium e-ID middleware 4.0.7 (build 7466) BufferChm CameraHelperMsi Cards_Calendar_OrderGift_DoMorePlugout CCleaner Coffret de pilotes Logitech Webcam Software Copy CustomerResearchQFolder Destination Component DeviceDiscovery DeviceManagementQFolder Disney Interactive European and Nordic Demo Compatiblity Update DocProc Electronic Arts Product Registration erLT eSupportQFolder Google Chrome Google Update Helper GPBaseService Harry Potter II Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB942288-v3) HP Photosmart Essential 2.5 HP Precisionscan Pro 3.1 HPDiagnosticAlert HPPhotoSmartDiscLabel_PaperLabel HPPhotoSmartDiscLabel_PrintOnDisc HPPhotoSmartDiscLabelContent1 hpphotosmartdisclabelplugin HPPhotoSmartPhotobookWebPack1 HPProductAssistant HPSSupply Intel® 537EP Modem Intel® Graphics Media Accelerator Driver Internet Explorer Java 8 Update 40 Java 8 Update 51 Java Auto Updater Java Platform SE Download Packages Labography Logiciel QuickCam de Logitech LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin MarketResearch Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Age of Empires Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OpenOffice 4.1.1 PanoStandAlone PhotoFiltre Programme de gestion Camera de Logitech© PSSWCORE REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek High Definition Audio Driver Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188) Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB2829530) Security Update for Windows Internet Explorer 8 (KB2838727) Security Update for Windows Internet Explorer 8 (KB2846071) Security Update for Windows Internet Explorer 8 (KB2847204) Security Update for Windows Internet Explorer 8 (KB2862772) Security Update for Windows Internet Explorer 8 (KB2870699) Security Update for Windows Internet Explorer 8 (KB2879017) Security Update for Windows Internet Explorer 8 (KB2888505) Security Update for Windows Internet Explorer 8 (KB2898785) Security Update for Windows Internet Explorer 8 (KB2909210) Security Update for Windows Internet Explorer 8 (KB2909921) Security Update for Windows Internet Explorer 8 (KB2925418) Security Update for Windows Internet Explorer 8 (KB2936068) Security Update for Windows Internet Explorer 8 (KB2964358) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows XP (KB923789) SES Driver Skype Click to Call Skype Download Packages SkypeT 7.7 SolutionCenter Status TrayApp Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows Internet Explorer 8 (KB2632503) VideoToolkit01 Visionneuse Microsoft PowerPoint Visual Studio 2012 x86 Redistributables VLC media player WebFldrs XP Windows Installer Clean Up Windows Internet Explorer 8 Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 ==== Running Processes ====================== C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MESSEN~1\msmsgs.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\admin\My Documents\Downloads\zoek (18).exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WtuSystemSupport deleted successfully ==== Deleting Files \ Folders ====================== C:\Program Files\ComPlus Applications deleted C:\Program Files\InoReader Notifier News and RSS Reader deleted C:\Program Files\Common Files\ParetoLogic deleted C:\HPHmon03.exe deleted C:\Documents and Settings\admin\Application Data\appdataFr3.bin deleted C:\Documents and Settings\admin\Application Data\temp.ini deleted C:\Documents and Settings\admin\Application Data\pcouffin.log deleted C:\Documents and Settings\admin\Application Data\ProductData deleted C:\Documents and Settings\admin\Application Data\ParetoLogic deleted C:\Documents and Settings\admin\Application Data\DriverCure deleted C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic deleted C:\DOCUME~1\ALLUSE~1\APPLIC~1\ProductData deleted C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVG January 2013 Campaign deleted C:\Documents and Settings\admin\Local Settings\Application Data\CrashRpt deleted C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant deleted C:\WINDOWS\wininit.ini deleted C:\WINDOWS\tasks\ParetoLogic Registration3.job deleted C:\WINDOWS\tasks\ParetoLogic Update Version3 Startup Task.job deleted C:\WINDOWS\tasks\ParetoLogic Update Version3.job deleted C:\WINDOWS\system32\roboot.exe deleted C:\WINDOWS\system32\GroupPolicy\Adm deleted C:\WINDOWS\system32\GroupPolicy\Machine deleted C:\WINDOWS\system32\GroupPolicy\User deleted C:\WINDOWS\system32\GroupPolicy\gpt.ini deleted C:\WINDOWS\System32\SET122.tmp deleted C:\WINDOWS\System32\SETBB.tmp deleted C:\WINDOWS\System32\SETBF.tmp deleted C:\WINDOWS\System32\SETC0.tmp deleted C:\WINDOWS\System32\SETC7.tmp deleted C:\WINDOWS\System32\searchplugins deleted C:\WINDOWS\System32\Extensions deleted ==== System Specs ====================== Windows: Windows XP Professional Service Pack 3 (Build 2600) Memory (RAM): 1016 MB CPU Info: Intel® Core2 Duo CPU E6550 @ 2.33GHz CPU Speed: 2324,0 MHz Sound Card: Realtek HD Audio output | Modem #0 Line Playback | Display Adapters: Intel® 82945G Express Chipset Family | NetMeeting driver | RDPDD Chained DD Monitors: 1x; Plug and Play Monitor | Screen Resolution: 1280 X 720 - 32 bit Network: Network Present Network Adapters: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport CD / DVD Drives: 1x (H: | ) H: Optiarc DVD RW AD-5170A Ports: COM1 LPT1 Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 149,0GB | K: 465,7GB Hard Disks - Free: C: 88,8GB | K: 292,9GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 06/28/07 | A_M_I - 6000728 Time Zone: Romance Standard Time Motherboard *: ConRoe1333-D667 Country: Belgium Language: FRB ==== System Specs (Software) ====================== Default Browser: Windows® Internet Explorer 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) Internet Explorer version: 8.0.6001.18702 Google Chrome version: 44.0.2403.155 Adobe Reader version: 11.0.8.4 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2015-08-15 10:31:43 F8606F42E517E3EEA53D75AC88F78029 21228814 ----a-w- C:\WINDOWS\repository.backup ====== C:\DOCUME~1\admin\LOCALS~1\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\system32 ===== 2015-08-12 13:06:08 A586F958031376903AC5BBF973832DA4 8710344 ----a-w- C:\WINDOWS\System32\FlashPlayerInstaller.exe ====== C:\WINDOWS\system32\drivers ===== 2015-08-13 15:51:18 D6D8C68D4A7DE9577807277C1764A2BE 356368 ----a-w- C:\WINDOWS\System32\drivers\bdfsfltr.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-08-15 09:07:50 -------- d-----w- C:\Program Files\trend micro 2015-08-11 16:31:49 -------- d-----w- C:\Program Files\Common Files\AV 2015-08-01 07:44:03 -------- d-----w- C:\Program Files\Belgium Identity Card 2015-07-31 13:00:12 -------- d-----w- C:\Program Files\Common Files\Java ======= C: ===== ====== C:\Documents and Settings\admin\Application Data ====== 2015-08-12 14:54:05 -------- d-----w- C:\Documents and Settings\admin\Local Settings\Application Data\Western Digital 2015-08-11 16:30:53 -------- d-----w- C:\Documents and Settings\LocalService\Start Menu\Programs ====== C:\Documents and Settings\admin ====== 2015-08-15 09:06:55 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Documents and Settings\admin\desktop\RSIT.exe 2015-08-14 10:36:22 -------- d--h--r- C:\Documents and Settings\admin\Recent 2015-08-11 16:30:53 -------- d-----w- C:\Documents and Settings\LocalService\Start Menu ====== C: exe-files == 2015-08-15 09:07:50 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\admin.exe 2015-08-15 09:06:55 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Documents and Settings\admin\desktop\RSIT.exe 2015-08-14 14:45:19 CF00425E513C37112353CA530AADE740 5817064 ----a-w- C:\RECYCLER\S-1-5-21-343818398-1563985344-725345543-1003\Dc2.exe 2015-08-14 09:05:40 C7969516D87176867BD5AE772967006F 3894696 ----a-w- C:\RECYCLER\S-1-5-21-343818398-1563985344-725345543-1003\Dc3.exe 2015-08-14 08:58:37 C7969516D87176867BD5AE772967006F 3894696 ----a-w- C:\RECYCLER\S-1-5-21-343818398-1563985344-725345543-1003\Dc4.exe 2015-08-13 15:49:00 32B80417D0FFBD0392AD07F161F580C7 83143032 ----a-w- C:\Documents and Settings\All Users\Application Data\IObit\ASCDownloader\ASC8\Advanced SystemCare Ultimate.exe 2015-08-12 13:06:08 A586F958031376903AC5BBF973832DA4 8710344 ----a-w- C:\WINDOWS\system32\FlashPlayerInstaller.exe 2015-08-11 19:42:29 0A74BFAD2F4F5EFA439FEA821BDB41CC 206018008 ----a-w- C:\Documents and Settings\admin\My Documents\Downloads\100_235_PS_AIO_02_Full_NonNet_fra_NB (1).exe 2015-08-11 19:03:46 0A74BFAD2F4F5EFA439FEA821BDB41CC 206018008 ----a-w- C:\Documents and Settings\admin\My Documents\Downloads\100_235_PS_AIO_02_Full_NonNet_fra_NB.exe 2015-08-11 17:32:05 C7B8503492B6F4B318DA68F0CC45628E 2821200 ----a-w- C:\Program Files\Google\Update\Install\{9049BE90-D868-45B9-9D8A-BEB7B852A4AB}\44.0.2403.155_44.0.2403.130_chrome_updater.exe 2015-08-11 17:32:05 C7B8503492B6F4B318DA68F0CC45628E 2821200 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.155\44.0.2403.155_44.0.2403.130_chrome_updater.exe 2015-08-10 07:51:47 D150F34597E3B72F6F3125953CABD649 11792408 ----a-w- C:\Documents and Settings\All Users\Application Data\IObit\ASCDownloader\ASC8\Driver Booster 2.exe === C: other files == 2015-08-15 10:31:40 0BE568FD1E7D6C6D64D2272649F5C716 111 ----a-w- C:\Documents and Settings\admin\Local Settings\Temp\scripttest.vbs 2015-08-13 15:51:18 D6D8C68D4A7DE9577807277C1764A2BE 356368 ----a-w- C:\WINDOWS\system32\drivers\bdfsfltr.sys 2015-08-13 15:02:52 9B16AD15C50FE86248981C0BC44ADF2C 11767 ----a-w- C:\Documents and Settings\admin\My Documents\Downloads\Delivery Status Notification (Failure).zip 2015-08-12 15:49:49 193DF5FB77A12148A865A0E741788B49 1132396 ----a-w- C:\Documents and Settings\admin\My Documents\Downloads\Outlook.com (1).zip 2015-08-12 15:48:57 B00E1BCC091C40A551DA7612AB33DA6B 1132396 ----a-w- C:\Documents and Settings\admin\My Documents\Downloads\Outlook.com.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" "Advanced SystemCare 7"="C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /Auto" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_USERS\S-1-5-21-343818398-1563985344-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "MSMSGS"="C:\PROGRA~1\MESSEN~1\msmsgs.exe /background" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" "SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" "Advanced SystemCare 7"="C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /Auto" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "LWS"="C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide" "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "beidsccertprop"="C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "MSMSGS"="C:\PROGRA~1\MESSEN~1\msmsgs.exe /background" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" "SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechSoftwareUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12/08/2015 15:06] C:\WINDOWS\tasks\AXEFTRRE.job --a------ C:\WINDOWS\system32\rundll32C:\WINDOWS\system32\DirectXS.dll [] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [26/05/2015 11:14] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [26/05/2015 11:14] C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job --a------ C:\WINDOWS\system32\xp_eos.exe [26/02/2014 03:59] C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job --a------ C:\WINDOWS\system32\xp_eos.exe [26/02/2014 03:59] C:\WINDOWS\tasks\User_Feed_Synchronization-{D9A43893-FAB6-468E-8F60-847CC8571533}.job --ah----- [undetermined Task] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [11/08/2015 18:06] ==== Chromium Look ====================== Google Chrome Version: 44.0.2403.155 Google Slides - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Chrome Hotword Shared Module - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg Chrome Web Store Payments - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Docs - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Gmail - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences 465E274575EA5","username":"D31C6E3D042300A2ACF9900138AA4407012E23CFC86C97E5239EDD94804D6E5E"}},"homepage":"9A27EE9D9A76C537956D0B22210B86B5A9FAA15597CBD7BFBC5B77A8C5DD742B","homepage_is_newtabpage":"E9F8AF03D56B13AC5FA5613D7E3F4BF6EA9D566C32CFE7A4F0A9FF1325CAF634","pinned_tabs":"0ACC29505C472EFB92B7F72D344AF09C4DF932D6B665EF680EBB791DACBB4287","prefs":{"preference_reset_time":"7F9E975726EAB4DE46BC6A521E95D7D2763C51E344209A54D1DC83EDF5779CC5"},"profile":{"reset_prompt_memento":"5109C1852031F3A308C1A730400CCBA2A2518281EA7ED49B5EA60496F81696AF"},"safebrowsing":{"incidents_sent":"15BD30CE634FB47CD754834B2A7F74EA7CD86E493A07F2B8B36F83DC02714F3F"},"search_provider_overrides":"4BA6BC6FFA6BC068CF69A540422219E6252832197704C4D659EA011DA69C85C0","session":{"restore_on_startup":"A8FA02BA4FBFD40C8A501EA88684F1F63BC95386EA87BD263A2C7B056964BFDB","startup_urls":"817C16BA637A5F5F41E490E0EF912B65BCDD1082EDA7DD8FEAB129CFFCFD85D3"},"software_reporter":{"prompt_reason":"765F1D6D7CCBE9BC60C4BBE3415FE627245E64CAD00F77BCADEC916EF7F71094","prompt_seed":"3431A1134C87C7E1FCEAAD755A9A53EDB989F5114343CF34EA155C594E049CE4","prompt_version":"A17D3AB0F02E877CB8783EAC003966717C6D9C4D5B33201F9EF5790B18F0A394"},"sync":{"remaining_rollback_tries":"21CF2D64B90365D2E2868A76519C62D1834FAF8B63391C5F2ED62129E156DFCE"}},"super_mac":"67E887FC3DB37E16D1B52B3F474C17E3D4BC2462BE085A12A077513C6B7B12CA"},"session":{"restore_on_startup":5,"startup_urls":["https://www.google.be/]},"sync":{"remaining_rollback_tries":0}} ==== Chromium Fix ====================== C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/?gfe_rd=cr&ei=grGCVYe5JIKEVObRgOgM&gws_rd=ssl" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.bing.com/search?q={searchTerms}" "CustomizeSearch"="http://www.bing.com/search?q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com" "SearchAssistant"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="https://www.google.be/?gfe_rd=cr&ei=grGCVYe5JIKEVObRgOgM&gws_rd=ssl" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{77D8A7B2-0CF5-4D32-9873-D0D36A4ABFC3}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0191A6B0-1154-4C22-9182-23A95BBE92D9} Google Url="http://www.google.com/search?q={searchTerms}&rlz=1I7PRFB_enBE468" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {77D8A7B2-0CF5-4D32-9873-D0D36A4ABFC3} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFB_enBE468" {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-343818398-1563985344-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Documents and Settings\admin\desktop\I E 8.lnk - C:\Documents and Settings\admin\desktop\PhotoFiltre.lnk - C:\Program Files\PhotoFiltre\PhotoFiltre.exe C:\Documents and Settings\admin\desktop\Shortcut to Annonces textes fr-nl.lnk - C:\Documents and Settings\admin\My Documents\Annonces textes fr-nl.ods ==== shortcuts on All Users Desktop ====================== C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Documents and Settings\All Users\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe C:\Documents and Settings\All Users\Desktop\eID Viewer.lnk - C:\Program Files\Belgium Identity Card\EidViewer\eID Viewer.exe C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\All Users\Desktop\HP Precisionscan Pro 3.1 .lnk - C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\HP Precisionscan Pro.exe C:\Documents and Settings\All Users\Desktop\OpenOffice 4.1.1.lnk - C:\Program Files\OpenOffice 4\program\soffice.exe ==== shortcuts in Users Start Menu ====================== C:\Documents and Settings\admin\Start Menu\Programs\Windows Install Clean Up.lnk - C:\Documents and Settings\admin\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe ==== shortcuts in All Users Start Menu ====================== C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Scanner and Camera Wizard.lnk - C:\WINDOWS\system32\wiaacmgr.exe -SelectDevice C:\Documents and Settings\All Users\Start Menu\Programs\Belgium - eID\eID Viewer.lnk - C:\Program Files\Belgium Identity Card\EidViewer\eID Viewer.exe C:\Documents and Settings\All Users\Start Menu\Programs\Belgium - eID\Utilities\MS Office 2010 XAdES XL signature configuration.lnk - C:\Program Files\Belgium Identity Card\beidoffice2010_XAdES_XL.exe C:\Documents and Settings\All Users\Start Menu\Programs\Belgium - eID\Utilities\MS Outlook registry configuration.lnk - C:\Program Files\Belgium Identity Card\beidoutlooksnc.exe C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Photosmart Essential 2.5\HP Photosmart Essential 2.5.lnk - C:\Program Files\HP\Digital Imaging\Bin\hpqpse.exe C:\Documents and Settings\All Users\Start Menu\Programs\HP\Photosmart C5200 series\Help.lnk - C:\Program Files\HP\Digital Imaging\Help\aio35.chm C:\Documents and Settings\All Users\Start Menu\Programs\HP\Photosmart C5200 series\Readme.lnk - C:\Program Files\HP\Digital Imaging\Help\PS_AIO_02_readme\readme.html C:\Documents and Settings\All Users\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe -tab about C:\Documents and Settings\All Users\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe -tab update C:\Documents and Settings\All Users\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe C:\Documents and Settings\All Users\Start Menu\Programs\Java\Get Help.lnk - C:\Documents and Settings\All Users\Start Menu\Programs\Java\Visit Java.com.lnk - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\Bin\hpqtra08.exe ==== shortcuts in Quick Launch ====================== C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [beidsccertprop] C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKCU\..\Run: [spybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\Bin\hpqtra08.exe O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1359655492015 O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - http://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.200.0.cab O18 - Protocol: skype-ie-addon-data - (no CLSID) - (no file) O20 - AppInit_DLLs: O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe ==== Empty IE Cache ====================== C:\Documents and Settings\admin\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== ==== Empty Temp Folders ====================== C:\Documents and Settings\admin\Local Settings\Temp will be emptied at reboot C:\Documents and Settings\Administrator\Local Settings\Temp emptied successfully C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\admin\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted ==== EOF on sam. 15/08/2015 at 13:49:15,10 ====================== -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
Het lukt mij niet, ik versta het niet goed. Ik kan zoek.exe niet naar mijn bureaublad downloaden, ik weet ook niet wat het script is of betekent. Misschien is dit hulpzaam? Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by admin on sam. 15/08/2015 at 13:01:47,46. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\admin\My Documents\Downloads\zoek (17).exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2015-08-15-104501.log 1288 bytes ==== Empty Folders Check ====================== C:\Program Files\AVAST Software deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\SegmentBuilder deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\412301046 deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} deleted successfully C:\Documents and Settings\admin\Application Data\Dossier de t‚l‚chargement Share-to-Web deleted successfully C:\Documents and Settings\admin\Application Data\ShieldApps deleted successfully C:\Documents and Settings\admin\Application Data\Solvusoft deleted successfully C:\Documents and Settings\admin\Application Data\Vso deleted successfully C:\Documents and Settings\admin\Local Settings\Application Data\Logitech-LS deleted successfully ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2015-08-15 10:31:43 F8606F42E517E3EEA53D75AC88F78029 21228814 ----a-w- C:\WINDOWS\repository.backup 2015-08-11 17:41:02 339E871A04ED90C40507C9389B3138D2 229 ----a-w- C:\WINDOWS\wininit.ini ====== C:\DOCUME~1\admin\LOCALS~1\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\system32 ===== 2015-08-14 08:58:59 4682E9D5F19ED7F117949F2C1BFE5FF8 17840 ----a-w- C:\WINDOWS\System32\roboot.exe 2015-08-12 13:06:08 A586F958031376903AC5BBF973832DA4 8710344 ----a-w- C:\WINDOWS\System32\FlashPlayerInstaller.exe ====== C:\WINDOWS\system32\drivers ===== 2015-08-13 15:51:18 D6D8C68D4A7DE9577807277C1764A2BE 356368 ----a-w- C:\WINDOWS\System32\drivers\bdfsfltr.sys ====== C:\WINDOWS\Tasks ====== 2015-08-14 14:46:30 FD5FCCEF4AC758A1230CE8B9178AFF96 444 ----a-w- C:\WINDOWS\Tasks\ParetoLogic Registration3.job 2015-08-14 14:46:07 86B030A3BD0756CA985F691CA0700154 470 ----a-w- C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job 2015-08-14 14:46:07 145DCFEED47B427783B8F6430D712021 418 ----a-w- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-08-15 09:07:50 -------- d-----w- C:\Program Files\trend micro 2015-08-14 14:46:05 -------- d-----w- C:\Program Files\Common Files\ParetoLogic 2015-08-11 16:31:49 -------- d-----w- C:\Program Files\Common Files\AV 2015-08-01 07:44:03 -------- d-----w- C:\Program Files\Belgium Identity Card 2015-07-31 13:00:12 -------- d-----w- C:\Program Files\Common Files\Java ======= C: ===== ====== C:\Documents and Settings\admin\Application Data ====== 2015-08-14 14:46:14 -------- d-----w- C:\Documents and Settings\admin\Application Data\DriverCure 2015-08-14 14:46:13 -------- d-----w- C:\Documents and Settings\admin\Application Data\ParetoLogic 2015-08-12 14:54:05 -------- d-----w- C:\Documents and Settings\admin\Local Settings\Application Data\Western Digital 2015-08-11 16:30:53 -------- d-----w- C:\Documents and Settings\LocalService\Start Menu\Programs ====== C:\Documents and Settings\admin ====== 2015-08-15 09:06:55 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Documents and Settings\admin\desktop\RSIT.exe 2015-08-14 10:36:22 -------- d--h--r- C:\Documents and Settings\admin\Recent 2015-08-11 16:30:53 -------- d-----w- C:\Documents and Settings\LocalService\Start Menu ====== C: exe-files == 2015-08-15 09:07:50 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\admin.exe 2015-08-15 09:06:55 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Documents and Settings\admin\desktop\RSIT.exe 2015-08-14 14:45:19 CF00425E513C37112353CA530AADE740 5817064 ----a-w- C:\RECYCLER\S-1-5-21-343818398-1563985344-725345543-1003\Dc2.exe 2015-08-14 09:05:40 C7969516D87176867BD5AE772967006F 3894696 ----a-w- C:\RECYCLER\S-1-5-21-343818398-1563985344-725345543-1003\Dc3.exe 2015-08-14 08:58:59 4682E9D5F19ED7F117949F2C1BFE5FF8 17840 ----a-w- C:\WINDOWS\system32\roboot.exe 2015-08-14 08:58:37 C7969516D87176867BD5AE772967006F 3894696 ----a-w- C:\RECYCLER\S-1-5-21-343818398-1563985344-725345543-1003\Dc4.exe 2015-08-13 15:49:00 32B80417D0FFBD0392AD07F161F580C7 83143032 ----a-w- C:\Documents and Settings\All Users\Application Data\IObit\ASCDownloader\ASC8\Advanced SystemCare Ultimate.exe 2015-08-12 13:06:08 A586F958031376903AC5BBF973832DA4 8710344 ----a-w- C:\WINDOWS\system32\FlashPlayerInstaller.exe 2015-08-11 19:42:29 0A74BFAD2F4F5EFA439FEA821BDB41CC 206018008 ----a-w- C:\Documents and Settings\admin\My Documents\Downloads\100_235_PS_AIO_02_Full_NonNet_fra_NB (1).exe 2015-08-11 19:03:46 0A74BFAD2F4F5EFA439FEA821BDB41CC 206018008 ----a-w- C:\Documents and Settings\admin\My Documents\Downloads\100_235_PS_AIO_02_Full_NonNet_fra_NB.exe 2015-08-11 17:32:05 C7B8503492B6F4B318DA68F0CC45628E 2821200 ----a-w- C:\Program Files\Google\Update\Install\{9049BE90-D868-45B9-9D8A-BEB7B852A4AB}\44.0.2403.155_44.0.2403.130_chrome_updater.exe 2015-08-11 17:32:05 C7B8503492B6F4B318DA68F0CC45628E 2821200 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.155\44.0.2403.155_44.0.2403.130_chrome_updater.exe 2015-08-10 07:51:47 D150F34597E3B72F6F3125953CABD649 11792408 ----a-w- C:\Documents and Settings\All Users\Application Data\IObit\ASCDownloader\ASC8\Driver Booster 2.exe === C: other files == 2015-08-15 10:31:40 0BE568FD1E7D6C6D64D2272649F5C716 111 ----a-w- C:\Documents and Settings\admin\Local Settings\Temp\scripttest.vbs 2015-08-13 15:51:18 D6D8C68D4A7DE9577807277C1764A2BE 356368 ----a-w- C:\WINDOWS\system32\drivers\bdfsfltr.sys 2015-08-13 15:02:52 9B16AD15C50FE86248981C0BC44ADF2C 11767 ----a-w- C:\Documents and Settings\admin\My Documents\Downloads\Delivery Status Notification (Failure).zip 2015-08-12 15:49:49 193DF5FB77A12148A865A0E741788B49 1132396 ----a-w- C:\Documents and Settings\admin\My Documents\Downloads\Outlook.com (1).zip 2015-08-12 15:48:57 B00E1BCC091C40A551DA7612AB33DA6B 1132396 ----a-w- C:\Documents and Settings\admin\My Documents\Downloads\Outlook.com.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" "Advanced SystemCare 7"="C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /Auto" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_USERS\S-1-5-21-343818398-1563985344-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "MSMSGS"="C:\PROGRA~1\MESSEN~1\msmsgs.exe /background" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" "SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" "Advanced SystemCare 7"="C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /Auto" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "LWS"="C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide" "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "beidsccertprop"="C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "MSMSGS"="C:\PROGRA~1\MESSEN~1\msmsgs.exe /background" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" "SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechSoftwareUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12/08/2015 15:06] C:\WINDOWS\tasks\AXEFTRRE.job --a------ C:\WINDOWS\system32\rundll32C:\WINDOWS\system32\DirectXS.dll [] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [26/05/2015 11:14] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [26/05/2015 11:14] C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job --a------ C:\WINDOWS\system32\xp_eos.exe [26/02/2014 03:59] C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job --a------ C:\WINDOWS\system32\xp_eos.exe [26/02/2014 03:59] C:\WINDOWS\tasks\ParetoLogic Registration3.job --a------ C:\WINDOWS\system32\rundll32AC:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll [] C:\WINDOWS\tasks\ParetoLogic Update Version3 Startup Task.job --a------ C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [08/12/2014 20:55] C:\WINDOWS\tasks\ParetoLogic Update Version3.job --a------ [undetermined Task] C:\WINDOWS\tasks\User_Feed_Synchronization-{D9A43893-FAB6-468E-8F60-847CC8571533}.job --ah----- [undetermined Task] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [11/08/2015 18:06] ==== Chromium Look ====================== Google Chrome Version: 44.0.2403.155 Google Slides - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Chrome Hotword Shared Module - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg Chrome Web Store Payments - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Docs - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Gmail - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences 465E274575EA5","username":"D31C6E3D042300A2ACF9900138AA4407012E23CFC86C97E5239EDD94804D6E5E"}},"homepage":"9A27EE9D9A76C537956D0B22210B86B5A9FAA15597CBD7BFBC5B77A8C5DD742B","homepage_is_newtabpage":"E9F8AF03D56B13AC5FA5613D7E3F4BF6EA9D566C32CFE7A4F0A9FF1325CAF634","pinned_tabs":"0ACC29505C472EFB92B7F72D344AF09C4DF932D6B665EF680EBB791DACBB4287","prefs":{"preference_reset_time":"7F9E975726EAB4DE46BC6A521E95D7D2763C51E344209A54D1DC83EDF5779CC5"},"profile":{"reset_prompt_memento":"5109C1852031F3A308C1A730400CCBA2A2518281EA7ED49B5EA60496F81696AF"},"safebrowsing":{"incidents_sent":"15BD30CE634FB47CD754834B2A7F74EA7CD86E493A07F2B8B36F83DC02714F3F"},"search_provider_overrides":"4BA6BC6FFA6BC068CF69A540422219E6252832197704C4D659EA011DA69C85C0","session":{"restore_on_startup":"A8FA02BA4FBFD40C8A501EA88684F1F63BC95386EA87BD263A2C7B056964BFDB","startup_urls":"817C16BA637A5F5F41E490E0EF912B65BCDD1082EDA7DD8FEAB129CFFCFD85D3"},"software_reporter":{"prompt_reason":"765F1D6D7CCBE9BC60C4BBE3415FE627245E64CAD00F77BCADEC916EF7F71094","prompt_seed":"3431A1134C87C7E1FCEAAD755A9A53EDB989F5114343CF34EA155C594E049CE4","prompt_version":"A17D3AB0F02E877CB8783EAC003966717C6D9C4D5B33201F9EF5790B18F0A394"},"sync":{"remaining_rollback_tries":"21CF2D64B90365D2E2868A76519C62D1834FAF8B63391C5F2ED62129E156DFCE"}},"super_mac":"67E887FC3DB37E16D1B52B3F474C17E3D4BC2462BE085A12A077513C6B7B12CA"},"session":{"restore_on_startup":5,"startup_urls":["https://www.google.be/]},"sync":{"remaining_rollback_tries":0}} ==== C:\zoek_backup content ====================== ==== EOF on sam. 15/08/2015 at 13:07:31,00 ====================== -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
Ik heb nu gedaan wat je vroeg, hierbij de gevraagde "log". Logfile of random's system information tool 1.10 (written by random/random) Run by admin at 2015-08-15 11:19:31 Microsoft Windows XP Professional Service Pack 3 System drive C: has 91 GB (60%) free of 153 GB Total RAM: 1015 MB (30% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:19:32, on 15/08/2015 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MESSEN~1\msmsgs.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\admin\Desktop\RSIT.exe C:\Program Files\trend micro\admin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gfe_rd=cr&ei=grGCVYe5JIKEVObRgOgM&gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bing.com/search?q={searchTerms} O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [beidsccertprop] C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKCU\..\Run: [spybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\Bin\hpqtra08.exe O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1359655492015 O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - http://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.200.0.cab O18 - Protocol: skype-ie-addon-data - (no CLSID) - (no file) O20 - AppInit_DLLs: O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe -- End of file - 6183 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe C:\WINDOWS\tasks\AXEFTRRE.job - C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\DirectXS.dll",guzx C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job - C:\WINDOWS\system32\xp_eos.exe -c C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job - C:\WINDOWS\system32\xp_eos.exe C:\WINDOWS\tasks\ParetoLogic Registration3.job - C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns C:\WINDOWS\tasks\ParetoLogic Update Version3 Startup Task.job - C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe -StartupTask C:\WINDOWS\tasks\ParetoLogic Update Version3.job - C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe C:\WINDOWS\tasks\User_Feed_Synchronization-{D9A43893-FAB6-468E-8F60-847CC8571533}.job - C:\WINDOWS\system32\msfeedssync.exe sync ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-31 460384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-31 172640] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2014-03-10 166424] "LWS"=C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [2011-11-11 205336] "hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-06-08 334896] "beidsccertprop"=C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe [2012-02-21 31768] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "MSMSGS"=C:\PROGRA~1\MESSEN~1\msmsgs.exe [2008-04-14 1695232] "CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2015-07-17 6453528] "SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\Bin\hpqtra08.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2014-03-10 208896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "SoftwareSASGeneration"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=221 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\HP\Digital Imaging\Bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\Bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Program Files\HP\Digital Imaging\Bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\Bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\Bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\Bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Program Files\HP\Digital Imaging\Bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\Bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Program Files\HP\Digital Imaging\Bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\Bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\Bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\Bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\Program Files\HP\Digital Imaging\Bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\Bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Program Files\HP\Digital Imaging\Bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\Bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe" "C:\Program Files\HP\Digital Imaging\Bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\Bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "VIDC.I420"=lvcodec2.dll "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.dll "VIDC.IYUV"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVU9"=tsbyuv.dll "VIDC.YVYU"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm "wave"=serwvdrv.dll "MSVideo"=vfwwdm32.dll "MSVideo8"=VfWWDM32.dll "wave2"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave3"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux2"=wdmaud.drv "wave1"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======List of files/folders created in the last 1 month====== 2015-08-15 11:07:50 ----D---- C:\Program Files\trend micro 2015-08-15 11:07:49 ----D---- C:\rsit 2015-08-14 16:46:14 ----D---- C:\Documents and Settings\admin\Application Data\DriverCure 2015-08-14 16:46:13 ----D---- C:\Documents and Settings\admin\Application Data\ParetoLogic 2015-08-14 16:46:05 ----D---- C:\Program Files\Common Files\ParetoLogic 2015-08-14 16:46:00 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic 2015-08-14 10:59:06 ----D---- C:\Documents and Settings\admin\Application Data\Solvusoft 2015-08-14 10:58:59 ----A---- C:\WINDOWS\system32\roboot.exe 2015-08-13 17:51:18 ----A---- C:\WINDOWS\system32\drivers\bdfsfltr.sys 2015-08-12 15:06:08 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe 2015-08-11 20:12:05 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$ 2015-08-11 19:41:02 ----A---- C:\WINDOWS\wininit.ini 2015-08-11 18:31:49 ----D---- C:\Program Files\Common Files\AV 2015-08-11 18:25:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2015-08-11 18:25:07 ----D---- C:\Program Files\Spybot - Search & Destroy 2 2015-08-08 10:31:14 ----D---- C:\AdwCleaner 2015-08-04 20:18:28 ----D---- C:\Program Files\AVAST Software 2015-08-01 09:44:03 ----D---- C:\Program Files\Belgium Identity Card 2015-07-31 15:00:12 ----D---- C:\Program Files\Common Files\Java 2015-07-29 13:03:11 ----D---- C:\Program Files\CCleaner 2015-07-21 14:37:21 ----D---- C:\Documents and Settings\All Users\Application Data\{D76294E6-03B8-4971-AF2E-3F846161A690} 2015-07-21 14:37:20 ----D---- C:\Documents and Settings\All Users\Application Data\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA} 2015-07-21 12:30:38 ----HD---- C:\Documents and Settings\All Users\Application Data\{31BD6CA4-2E71-4B80-94A6-E927A32594A9} ======List of files/folders modified in the last 1 month====== 2015-08-15 11:16:32 ----D---- C:\WINDOWS\Prefetch 2015-08-15 11:07:50 ----RD---- C:\Program Files 2015-08-15 11:03:53 ----SHD---- C:\WINDOWS\Installer 2015-08-15 11:03:53 ----HD---- C:\Config.Msi 2015-08-15 11:02:53 ----D---- C:\WINDOWS\Temp 2015-08-15 11:01:02 ----D---- C:\Program Files\IObit 2015-08-15 11:00:21 ----A---- C:\WINDOWS\SchedLgU.Txt 2015-08-15 10:58:55 ----D---- C:\WINDOWS\system32\drivers 2015-08-15 10:58:49 ----SD---- C:\WINDOWS\Tasks 2015-08-14 19:39:41 ----D---- C:\WINDOWS\system32\CatRoot2 2015-08-14 19:08:07 ----D---- C:\Documents and Settings\admin\Application Data\vlc 2015-08-14 16:46:05 ----D---- C:\Program Files\Common Files 2015-08-14 16:34:20 ----D---- C:\WINDOWS 2015-08-14 11:13:13 ----RSD---- C:\WINDOWS\assembly 2015-08-14 11:13:11 ----D---- C:\Program Files\Hewlett-Packard 2015-08-14 10:58:59 ----D---- C:\WINDOWS\system32 2015-08-13 21:05:48 ----D---- C:\WINDOWS\SoftwareDistribution 2015-08-13 21:04:10 ----D---- C:\WINDOWS\Debug 2015-08-12 19:04:31 ----A---- C:\WINDOWS\system32\MRT.exe 2015-08-12 15:06:13 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe 2015-08-12 12:19:10 ----HD---- C:\WINDOWS\inf 2015-08-12 12:19:10 ----DC---- C:\WINDOWS\system32\DRVSTORE 2015-08-12 12:16:09 ----D---- C:\WINDOWS\twain_32 2015-08-12 12:13:23 ----D---- C:\Documents and Settings\admin\Application Data\IObit 2015-08-12 12:08:27 ----D---- C:\Documents and Settings\All Users\Application Data\ProductData 2015-08-11 23:13:04 ----A---- C:\WINDOWS\win.ini 2015-08-11 23:11:34 ----D---- C:\Drivers 2015-08-11 20:12:18 ----RSHDC---- C:\WINDOWS\system32\dllcache 2015-08-11 20:12:18 ----D---- C:\WINDOWS\system32\mui 2015-08-11 18:25:53 ----D---- C:\WINDOWS\system32\config 2015-08-11 18:18:18 ----D---- C:\WINDOWS\system32\NtmsData 2015-08-11 18:17:42 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2015-08-11 14:05:56 ----D---- C:\Documents and Settings\All Users\Application Data\AVG2015 2015-08-11 14:05:55 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData 2015-08-11 11:45:27 ----D---- C:\Documents and Settings\admin\Application Data\Skype 2015-08-08 12:49:38 ----D---- C:\WINDOWS\system32\CatRoot 2015-08-04 20:18:25 ----ASH---- C:\boot.ini 2015-08-04 13:20:45 ----D---- C:\WINDOWS\security 2015-08-04 13:13:52 ----SD---- C:\Documents and Settings\admin\Application Data\Microsoft 2015-08-04 13:13:52 ----HD---- C:\WINDOWS\system32\GroupPolicy 2015-08-04 12:17:23 ----D---- C:\Program Files\Google 2015-08-04 11:37:40 ----RD---- C:\Program Files\Skype 2015-08-04 11:36:32 ----D---- C:\Documents and Settings\All Users\Application Data\Skype 2015-08-04 10:52:12 ----SHD---- C:\RECYCLER 2015-08-04 10:49:24 ----D---- C:\Documents and Settings\All Users\Application Data\Google 2015-08-04 09:59:08 ----D---- C:\Documents and Settings\All Users\Application Data\HitmanPro 2015-07-31 15:00:41 ----D---- C:\Program Files\Java 2015-07-31 14:58:44 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 sisidex;sisidex; C:\WINDOWS\system32\drivers\sisidex.sys [2002-05-28 48896] R0 sisperf;Add Performance Filter Driver; C:\WINDOWS\system32\drivers\sisperf.sys [2002-07-12 8832] R1 FD;FD; C:\WINDOWS\system32\drivers\FD.sys [2012-02-01 22403] R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\WINDOWS\system32\drivers\HWiNFO32.SYS [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R2 bdfsfltr;bdfsfltr; \??\C:\WINDOWS\system32\Drivers\bdfsfltr.sys [] R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192] R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320] R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-02-28 63232] R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-02-28 55936] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2014-03-10 5854752] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2014-03-10 5630168] R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2014-04-05 47360] R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2014-03-10 40936] R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-02-28 5888] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2015-03-05 441048] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384] R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2011-02-16 11520] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136] S3 ACSSCR;ACR38 Smart Card Reader; C:\WINDOWS\system32\DRIVERS\a38usb.sys [2014-10-04 33536] S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2014-03-10 1691480] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 cpuz134;cpuz134; \??\C:\DOCUME~1\admin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [] S3 cxbu0wdm;CardMan 1021; C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2013-07-11 97792] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2014-04-01 56352] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2014-04-01 22928] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2014-04-01 28000] S3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2003-05-27 1086261] S3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2003-05-27 480649] S3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2003-05-27 51301] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016] S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [] S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] S3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2003-05-27 31440] S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2014-03-10 1395800] S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2005-05-27 1317152] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-26 107848] S2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 LiveUpdateSvc;LiveUpdate; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2015-07-31 2909472] S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-06-25 327296] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12 269000] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gupdatem;Service Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-26 107848] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- -
Verschillende iconen op mijn desktop werken niet meer.
JJdM reageerde op JJdM's topic in Archief Bestrijding malware & virussen
Heb ik al naar gekeken maar ik heb geen herstelpunt. -
Beste dames en heren, Bijvoorbeeld kan ik niet meer op hotmail via mijn desktop, ik krijg een blanke pagina met links onderaan "DONE", op Ebay krijg ik enkel een cirkeltje die draait (oplaad?) ipv een afbeelding van het object, op Google zijn er bepaalde sites die niet reageren op mijn klikken, ook wanneer ik in mijn mail ben is er ineens een groot deel van de pagina niet meer zichtbaar, ik moet dan mijn mail sluiten en heropenen en dan is het goed voor een bepaalde tijd en daarna terug on zichtbaar. Ik heb dit sinds een week ongeveer. De miserie is in feite begonnen met mijn printer HP5280C, ik heb die verwijdert voor ik weet niet meer welke duistere reden en heb hem nooit op een correcte manier kunnen herinstalleren, na ontelbare pogingen had ik telkens hetzelfde het solutioncenter mankeerde telkens op mijn desktop en dit heb ik nodig om documenten te kunnen scannen, het afprinten van documenten via mijn pc ging wel. Ik had hetzelfde gedaan een tweetal jaren terug, de link gedownload van de photosmart C5280 en herinstalleren zonder problemen. (ik heb geen installatie-CD). Ik weet nu niet of de problemen die ik met mijn pc heb gelinkt zijn of niet. Vandaag heb ik ook gemerkt dat als ik mijn pc opstart een kleine venster krijg van "Windows Installer" met de tekst "Preparing to install..." en een knop "Cancel" Mijn PC draait onder XP sp 3. Ik voeg hierbij een Hijack-bestand, misschien is dit wel nuttig. hijackthis.log 6,86KB 1 Number of downloads Hopelijk kunt u mij helpen want ik zit serieus in de penarie. Met dank en vriendelijke groeten,
