Ga naar inhoud

ongewenste reclame e.a.


Aanbevolen berichten

Hallo, bij het internetten krijg ik vreselijk veel reclame en andere geopende vensters. Hier is het hijackthis logje:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:06:43, on 3/11/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Betcat\WBDesktop.Updater.1.0.0.16.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Administrator\Application Data\Betcat\WebCakeDesktop.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Desktop\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Kaatje

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: LyricsContainer - {2581ed35-4120-4611-aff0-7bb38a0331be} - C:\Program Files\LyricsContainer\133.dll

O2 - BHO: WebCake Layers - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files\Betcat\WebCakeIEClient.dll

O2 - BHO: LyricsContainer - {463B0ED4-8AFA-404B-90E7-4063A0708050} - C:\Program Files\LyricsContainer\122.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll

O2 - BHO: LyricsContainer - {DA3D98A6-868D-4E1B-BB78-0887230DA405} - C:\Program Files\LyricsContainer\125.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WebCake Desktop] C:\Documents and Settings\Administrator\Application Data\Betcat\WebCakeDesktop.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1310648238796

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1310648299000

O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\bitguard\271769~1.27\{c16c1~1\bitguard.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: BitGuard - Unknown owner - C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: WebCake Desktop Updater - cake bake - C:\Program Files\Betcat\WBDesktop.Updater.1.0.0.16.exe

--

End of file - 7313 bytes

Link naar reactie
Delen op andere sites

Hallo mafe,

HijackThis wordt helaas niet meer gebruikt op PCH. Kan je even een RSIT logje maken aub?

Download 51a5f5d096dae-icon_RSIT.pngRSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

Dubbelklik op RSIT.exe om de tool te starten.


  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  • Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  • Plaats de inhoud hiervan in het volgende bericht.

Link naar reactie
Delen op andere sites

Zo, hier is het logje:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Administrator at 2013-11-03 17:54:56

Microsoft Windows XP Professional Service Pack 3

System drive C: has 31 GB (62%) free of 50 GB

Total RAM: 2047 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:54:57, on 3/11/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Betcat\WBDesktop.Updater.1.0.0.16.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Administrator\Application Data\Betcat\WebCakeDesktop.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3GNBKJRH\RSIT[1].exe

C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Kaatje

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: LyricsContainer - {2581ed35-4120-4611-aff0-7bb38a0331be} - C:\Program Files\LyricsContainer\133.dll

O2 - BHO: WebCake Layers - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files\Betcat\WebCakeIEClient.dll

O2 - BHO: LyricsContainer - {463B0ED4-8AFA-404B-90E7-4063A0708050} - C:\Program Files\LyricsContainer\122.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll

O2 - BHO: LyricsContainer - {DA3D98A6-868D-4E1B-BB78-0887230DA405} - C:\Program Files\LyricsContainer\125.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WebCake Desktop] C:\Documents and Settings\Administrator\Application Data\Betcat\WebCakeDesktop.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1310648238796

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1310648299000

O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\bitguard\271769~1.27\{c16c1~1\bitguard.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: BitGuard - Unknown owner - C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: WebCake Desktop Updater - cake bake - C:\Program Files\Betcat\WBDesktop.Updater.1.0.0.16.exe

--

End of file - 7122 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

C:\WINDOWS\tasks\BitGuard.job

C:\WINDOWS\tasks\EPUpdater.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\LyricsContainer Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2581ed35-4120-4611-aff0-7bb38a0331be}]

LyricsContainer - C:\Program Files\LyricsContainer\133.dll [2013-09-11 145920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]

WebCake - C:\Program Files\Betcat\WebCakeIEClient.dll [2013-08-19 200984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{463B0ED4-8AFA-404B-90E7-4063A0708050}]

LyricsContainer - C:\Program Files\LyricsContainer\122.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-03 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]

delta Helper Object - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll [2013-05-20 295832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA3D98A6-868D-4E1B-BB78-0887230DA405}]

LyricsContainer - C:\Program Files\LyricsContainer\125.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-03 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{82E1477C-B154-48D3-9891-33D83C26BCD3} - Delta Toolbar - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll [2013-05-20 284056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-13 208952]

"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]

"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-11-02 18782720]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\udaterui.exe [2011-01-12 161088]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-10-08 16744256]

"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []

"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2011-10-08 1632360]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"WebCake Desktop"=C:\Documents and Settings\Administrator\Application Data\Betcat\WebCakeDesktop.exe [2013-08-18 52504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="c:\docume~1\alluse~1\applic~1\bitguard\271769~1.27\{c16c1~1\bitguard.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"

"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-11-03 17:54:56 ----D---- C:\rsit

2013-11-03 17:54:56 ----D---- C:\Program Files\trend micro

2013-11-03 16:01:04 ----D---- C:\Program Files\Common Files\Java

2013-11-03 16:01:01 ----A---- C:\WINDOWS\system32\javaws.exe

2013-11-03 16:00:55 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll

2013-11-03 16:00:55 ----A---- C:\WINDOWS\system32\javaw.exe

2013-11-03 16:00:55 ----A---- C:\WINDOWS\system32\java.exe

2013-11-03 16:00:42 ----D---- C:\Program Files\Java

2013-10-10 02:08:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2847311$

2013-10-10 02:07:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2862335$

2013-10-10 02:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2883150$

2013-10-10 02:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2862330$

======List of files/folders modified in the last 1 month======

2013-11-03 17:54:56 ----RD---- C:\Program Files

2013-11-03 17:53:15 ----SHD---- C:\WINDOWS\Installer

2013-11-03 17:53:08 ----D---- C:\WINDOWS\Prefetch

2013-11-03 16:41:00 ----A---- C:\WINDOWS\SchedLgU.Txt

2013-11-03 16:05:52 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft

2013-11-03 16:01:04 ----D---- C:\Program Files\Common Files

2013-11-03 16:01:01 ----D---- C:\WINDOWS\Temp

2013-11-03 16:01:01 ----D---- C:\WINDOWS\system32

2013-11-03 15:55:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2013-11-03 15:54:46 ----D---- C:\Documents and Settings\Administrator\Application Data\Betcat

2013-11-03 15:51:25 ----SD---- C:\WINDOWS\Tasks

2013-11-03 15:51:10 ----D---- C:\Documents and Settings\All Users\Application Data\BitGuard

2013-11-02 16:34:33 ----RSD---- C:\WINDOWS\assembly

2013-11-02 16:34:33 ----D---- C:\WINDOWS\Microsoft.NET

2013-10-21 17:38:32 ----D---- C:\WINDOWS

2013-10-21 17:36:52 ----SHD---- C:\WINDOWS\CSC

2013-10-10 02:10:00 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2013-10-10 02:09:31 ----D---- C:\WINDOWS\WinSxS

2013-10-10 02:08:14 ----RSHDC---- C:\WINDOWS\system32\dllcache

2013-10-10 02:08:14 ----HD---- C:\WINDOWS\inf

2013-10-10 02:07:54 ----A---- C:\WINDOWS\imsins.BAK

2013-10-10 02:07:53 ----D---- C:\WINDOWS\system32\drivers

2013-10-10 02:04:47 ----A---- C:\WINDOWS\system32\MRT.exe

2013-10-10 02:04:22 ----D---- C:\Program Files\Microsoft Silverlight

2013-10-10 02:03:18 ----D---- C:\Program Files\Internet Explorer

2013-10-09 17:35:39 ----D---- C:\WINDOWS\system32\CatRoot2

2013-10-09 13:12:11 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel RAID Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2009-03-24 328728]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]

R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]

R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-11-26 187392]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-08-28 4609024]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-10-08 12791488]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]

S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-03 1389056]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BitGuard;BitGuard; C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2013-10-22 2864096]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-11-03 182696]

R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2011-01-12 120128]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-10-08 298304]

R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-08 2253120]

R2 WebCake Desktop Updater;WebCake Desktop Updater; C:\Program Files\Betcat\WBDesktop.Updater.1.0.0.16.exe [2013-08-18 51992]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Update-service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-12 116648]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-12 116648]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Link naar reactie
Delen op andere sites

Hoi,

Download 51a612a8b27e2-Zoek.pngZoek.zip naar het bureaublad.

  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

Antivirussoftware uitschakelen

Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

Zoek.exe uitvoeren

Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.

  • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  • Download Zoekscript.txt uit de bijlage naar de map waarin Zoek.exe is uitgepakt.
  • Dubbelklik op "Zoek.exe" om de tool te starten, wanneer u een melding krijgt van het gebruikersaccountbeheer staat u dit toe.
  • Vervolgens verschijnt er een scherm met de vraag "Are you sure you want to run these commands?" klik hier op "Yes" om door te gaan.
    525feecee4a5c-zoekscript.png
  • Wanneer zoek.exe opgestart is zonder de bovenstaande melding te tonen dan kan je op "Load Script" drukken om zoekscript.txt alsnog te laden.
  • Zoek.exe zal nu de commando's in zoekscript.txt uitvoeren, wacht geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

Zoek.exe logbestand plaatsen

  • Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.
  • Op het bureaublad zal nu een bestand genaamd sample_20120615_0718.zip staan (de cijfers achter Sample_ duiden de datum en tijd aan).
  • Upload dit bestand naar Gratis bestanden delen en uploaden via Mijn Bestand! en plaats het linkje in het volgende bericht.

zoekscript.txt

aangepast door Mako
Informatielinks gecorrigeerd
Link naar reactie
Delen op andere sites

Hallo,

Start 51a612a8b27e2-Zoek.pngZoek.exe nogmaals met het onderstaande script.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe

(hier of hier) kan je lezen hoe je dat doet.


  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
     
    autoclean;
    C:\WINDOWS\tasks\EPUpdater.job;f
    C:\DOCUME1\ADMINI1\APPLIC1\BABSOL1;fs
    C:\WINDOWS\tasks\LyricsContainer Update.job;f
    C:\Program Files\LyricsContainer;fs
    abfmigjiaapipflmopkaaooigcjjdojh;chr
    eooncjejnppfjjklapaamhcdmjbilmde;chr
    fjoijdanhaiflhibkljeklcghcmmfffh;chr
    C:\Program Files\Betcat;fs
    {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9};c
    startupall;
    filesrcm; 
    


  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.

Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.