Ga naar inhoud

Alles vast op mijn Bureaublad


Aanbevolen berichten

Beste PCH,

Op mijn desktopcomputer met WinXp staan bij het openen van "Deze Computer" al mijn iconen op het bureaublad vast en het openen van "deze computer" lukt niet ook kan ik niets anders openen.

Nochtans is de computer steeds voor 50% aan het werk.

Als ik dan een heropstart uitvoert krijg ik steeds een melding van "ctfmon.exe" sluit niet af en "Explorer.exe" reageert niet.

Ook nog wanneer ik een Brouwser opent is dit zeer lang voor hij opstart.

Ik heb de indruk dat de computer steeds aan het werk is, maar wat ????

Opstarten in veilige modus werkt dan weer goed.

Wie kan mij helpen.

groeten djdanvan.

Link naar reactie
Delen op andere sites

Ik heb de indruk dat de computer steeds aan het werk is, maar wat ????

'k weet niet of het alleen vandaag was ofwel dat je het al daaaagen hebt ?

is het alleen vandaag: het is patchdinsdag van Microsoft en dan gaat hij achter je rug al dingen binnenhalen of dingen voorbereiden of weet-ik-veel: vanmorgen had mijn XP-tje het ook: 'k moest een half uur niks doen, maar hem gewoon laten doen tot hij er door is. ('k Ken het de laatste tijd al een beetje).

'k Had eerst ook al gereboot maar toen het na de reboot ook nog zo was, heb ik hem laten doen en 'het ging over'.

is het al een tijdje aan de gang dan rijst de vraag: heb je een goed en bijgehouden (allebei!) antivirus en anti mal/spyware? Want het zou wel eens kunnen dat je met een boel malware zit die achter je rug van alles aan het net aan het doorgeven is..

Link naar reactie
Delen op andere sites

@passer,

Nee het is niet van vandaag het is al enige tijd. Ik heb nu mijn huidige virusscanner verwijderd en ik was van plan er een nieuwe versie er op te plaatsen maar blijkbaar lukt het niet van een map op het bureaublad te openen. Zoals ik in mijn vorig berichtje al aangaf.

Ik laat hem eens verder werken tot hij moe wordt?

Nog een vraagje aan PCH?

Mag ik mijn virusscanner install. vanuit veilige modus?

Grts djdanvan

Link naar reactie
Delen op andere sites

Als je onderstaande instructies precies leest en opvolgt dan zou dat geen probleem moeten zijn ;)

Download zhpdiag.exe vanaf deze website: http://en.kioskea.net/download/download-23176-zhpdiag


iV2VCbEW-capture2-s-.png

  1. XP gebruikers: dubbelklik zhpdiag.exe om het te installeren.
    Voor Windows Vista en hoger: rechtsklik zhpdiag.exe en kies voor "Uitvoeren als administrator".
  2. Klik meerdere keren op "Suivant" om het installatieproces te doorlopen.
  3. Klik op "Installer" wanneer daar om gevraagd wordt en op "Terminer" wanneer de installatie voltooid is.
  4. Er zijn nu 2 pictogrammen op je bureaublad verschenen: ZHPDiag en ZHPFix.
  5. Dubbelklik nu op de snelkoppeling met de naam ZHPDiag
  6. Het startvenster verschijnt, klik nu op "Configurer".
  7. Klik rechts onderaan op het icoontje met het huisje "Sélectionner une langue" en kies "Anglais"(Engels).
  8. Klik daarna links onderaan op het middelste icoontje(een vergrootglas en een + symbool) "Diagnostic options".
  9. Er wordt nu een scan van je systeem gemaakt wacht geduldig tot deze voltooid is.
  10. Na afloop staat er een tekstbestand met de naam ZHPDiag.txt op je bureaublad, post deze

aangepast door juisterr
Link naar reactie
Delen op andere sites

Juisterr,

Dank voor het vlugge antwoord.

Als het niet lukt mag dit ook in veilige modus?

grts djdanvan

juisterr,

Hieronder het gevraagde logje, maar dan wel vanuit veilige modus.

grts djdanvan

~ Report of ZHPDiag v2013.11.13.29 - Nicolas Coolman (12/11/2013)

~ Launched by Ik (13/11/2013 18:57:38)

~ Web site address : http://nicolascoolman.webs.com

~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/

~ Translated by

~ Version State :

~ White List : Activate by program

~ Elevation of privilege : OK

~ User Account Control : Not Found

---\\ Internet browsers

MSIE: Internet Explorer v8.0.6001.18702 (Defaut)

GCIE: Google Chrome v30.0.1599.101

---\\ Windows product information

~ Langage: Anglais

Windows XP Home Edition Service Pack 3 (Build 2600)

Windows Automatic Updates : OK

Windows Genuine Advantage : KO

---\\ System protection software

Malwarebytes Anti-Malware versie 1.75.0.1300

Spybot - Search & Destroy v1.6.2

---\\ System optimization software

CCleaner v4.07 =>Piriform Ltd

---\\ Sharing software PeerToPeer

FrostWire 4.18.1 v4.18.1.0

---\\ Surveillance software

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.1 - Nederlands

---\\ Information on the system

~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel

~ Operating System: 32 Bits

Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)

Total RAM: 1023 MB (68% free)

System Restore: Activé (Enable)

System drive C: has 76 GB (65%) free of 116 GB

---\\ Connection to the system mode

~ Computer Name: OLIVIER

~ User Name: Ik

~ All Users Names: SUPPORT_388945a0, Ik, HelpAssistant, Gast, ASPNET, Administrator,

~ Unselected Option: None

Logged in as Administrator

---\\ Environment variables

~ System Unit : C:\

~ %AppZHP% : C:\Documents and Settings\Ik\Application Data\ZHP\

~ %AppData% : C:\Documents and Settings\Ik\Application Data\

~ %Desktop% : C:\Documents and Settings\Ik\Bureaublad\

~ %Favorites% : C:\Documents and Settings\Ik\Favorieten\

~ %LocalAppData% : C:\Documents and Settings\Ik\Local Settings\Application Data\

~ %StartMenu% : C:\Documents and Settings\Ik\Menu Start\

~ %Windir% : C:\WINDOWS\

~ %System% : C:\WINDOWS\system32\

---\\ Enumeration of the disk units

C: Hard drive, Flash drive, Thumb drive (Free 76 Go of 116 Go)

D: Hard drive, Flash drive, Thumb drive (Free 35 Go of 116 Go)

E: Floppy drive, Flash card reader, USB Key (Not Inserted)

F: Floppy drive, Flash card reader, USB Key (Not Inserted)

G: Floppy drive, Flash card reader, USB Key (Not Inserted)

H: Floppy drive, Flash card reader, USB Key (Not Inserted)

I: CD-ROM drive (Not Inserted)

---\\ State of the Windows Security Center

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date

~ Security Center: 44 Legitimates Filtered in 00mn 00s

---\\ Search Generic System Files

[MD5.AA04F042A820BF1868E643575887E1A6] - (.Microsoft Corporation - Windows Verkenner.) (.14/04/2008 - 21:33:00.) -- C:\WINDOWS\Explorer.exe [1037312]

[MD5.C1466A8E803261BB11FC25EF096E4E3D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.16/05/2012 - 16:09:47.) -- C:\WINDOWS\system32\wininet.dll [916992]

[MD5.1247D4D5444E28519BBE31BE8AB4C029] - (.Microsoft Corporation - Toepassing Windows NT-aanmelding.) (.14/04/2008 - 21:33:20.) -- C:\WINDOWS\system32\Winlogon.exe [510464]

[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]

[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 23:10:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]

[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 23:44:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]

[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 23:10:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]

[MD5.8BFFFB5AC954E19DFDB96D56512AA518] - (.Microsoft Corporation - Cryptografisch FIPS-stuurprogramma.) (.14/04/2008 - 21:02:52.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]

[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 21:06:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]

[MD5.C43372D0682F8E32E4EC21117E089EC0] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14/04/2008 - 21:05:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]

[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 23:11:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]

[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 23:27:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]

[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 23:49:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]

[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]

[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 23:51:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]

[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 23:45:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]

[MD5.E3934CCC20A4D24F1924E13D36D2A5BD] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14/04/2008 - 21:13:20.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80256]

[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 23:49:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]

[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 23:02:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]

[MD5.4173BC66E485FD77A03C4819F60BD0DA] - (.Microsoft Corporation - Redbook Audio Filter-stuurprogramma.) (.14/04/2008 - 21:04:04.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58112]

[MD5.8AB662B3C4691E6DDF61C96BB5B7D103] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.14/04/2008 - 21:03:42.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53504]

~ Generic Processes: Scanned in 00mn 00s

---\\ Hidden files state (Hidden/Total)

~ Mes images (My Pictures) : 2/18298

~ Mes musiques (My Musics) : 1/375

~ Mes Videos (My Videos) : 1/47

~ Mes Favoris (My Favorites) : 1/131

~ Mes Documents (My Documents) : 3/21664

~ Mon Bureau (My Desktop) : 1/27

~ Menu demarrer (Programs) : 1/46

~ Hidden Files: Scanned in 00mn 16s

---\\ Process running

[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe [638816] [PID.1884]

[MD5.65C05CC168F30145E893641A4C4167C8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8214016] [PID.520]

~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)

C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

G2 - GCE: Preference [user Data\Default] [jmfkcklnlgedgbglfkkgedjfmejoahla] AVG Safe Search v.12.0.0.1901 (Désactivé)

G2 - GCE: Preference [user Data\Default] [ndgonipadfipmlmdfofnjnhhlgojnjdn] BittorrentBar_NL v.2.5.0.1 (Désactivé) =>P2P.BitTorrent

~ Google Browser: 12 Legitimates Filtered in 00mn 04s

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)

P2 - FPN: [HKLM] [@gamersfirst.com/LiveLauncher] - (...) -- C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll (.not file.)

P2 - FPN: [HKLM] [@ngm.nexoneu.com/NxGame] - (...) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonEU\NGM\npNxGameeu.dll (.not file.)

P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.)

~ Firefox Browser: 14 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)

R3 - URLSearchHook: (no name) - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} . (...) (No version) -- (.not file.)

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)

~ IE Browser: 18 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs

F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe

F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

~ Keys: Scanned in 00mn 00s

---\\ Hosts file redirection (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 1

---\\ Internet Explorer toolbars (O3)

O3 - Toolbar: (no name) - [HKLM]{74198672-5F7D-4FE9-A611-4AC1D5A66A15} Orphan key

O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Orphan key

O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Orphan key

O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key

O3 - Toolbar\WebBrowser: (no name) - [HKCU]{00000000-0000-0000-0000-000000000000} Orphan key

~ Toolbar: Scanned in 00mn 00s

---\\ Auto loading programs from Registry and folders (O4)

O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe

O4 - HKUS\S-1-5-21-1343024091-1682526488-725345543-1004\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-1343024091-1682526488-725345543-1004\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe

~ Application: Scanned in 00mn 00s

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)

O9 - Extra button: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: SimilarWeb - {5D06ED6E-DA78-4486-A246-B131A2C39807} -- C:\Program Files\SimilarWeb\hotbtn.ico (.not file.)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO

O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Orphan key

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe

~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Reset Web Settings' hijack (O14)

O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com"

~ IE Paramètres WEB: Scanned in 00mn 00s

---\\ ActiveX Objects (Downloaded Program Files) (O16)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} ((no name)) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} ((no name)) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_IKEA_Win32.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} ((no name)) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} ((no name)) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1284845097765

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} ((no name)) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} ((no name)) - http://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.134.0.cab

O16 - DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} ((no name)) - http://www.sony.be/bravia/RegistrationAgent.cab

O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} ((no name)) - http://www.extrafilm.be/ExtraFilmUploader6.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ((no name)) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} ((no name)) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab

~ Objets ActiveX: Scanned in 00mn 00s

---\\ Lop.com/Domain Hijackers (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{2CC6E56C-E6FF-4700-B29C-5A26E5B9842C}: DhcpNameServer = 195.130.130.5 195.130.131.5

O17 - HKLM\System\CS1\Services\Tcpip\..\{2CC6E56C-E6FF-4700-B29C-5A26E5B9842C}: DhcpNameServer = 195.130.130.5 195.130.131.5

O17 - HKLM\System\CS3\Services\Tcpip\..\{2CC6E56C-E6FF-4700-B29C-5A26E5B9842C}: DhcpNameServer = 195.130.130.5 195.130.131.5

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.5 195.130.131.5

~ Domain: Scanned in 00mn 00s

---\\ Extra protocols (O18)

O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

---\\ AppInit_DLLs Registry value Autorun (O20)

O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll

O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto-API32.) -- C:\WINDOWS\system32\crypt32.dll

O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll

O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Off line netwerk-agent.) -- C:\WINDOWS\system32\cscdll.dll

O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll

O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - Algemeen DLL-bestand voor het ontvangen van.) -- C:\WINDOWS\system32\wlnotify.dll

O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - Algemeen DLL-bestand voor het ontvangen van.) -- C:\WINDOWS\system32\wlnotify.dll

O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL-meldingsbestand voor de Secondary Logon.) -- C:\WINDOWS\system32\sclgntfy.dll

O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - Algemeen DLL-bestand voor het ontvangen van.) -- C:\WINDOWS\system32\WlNotify.dll

O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - Algemeen DLL-bestand voor het ontvangen van.) -- C:\WINDOWS\system32\wlnotify.dll

O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - Algemeen DLL-bestand voor het ontvangen van.) -- C:\WINDOWS\system32\wlnotify.dll

~ Winlogon: Scanned in 00mn 00s

---\\ SharedTaskScheduler (O22)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Shell Browser-bibliotheek voor gebruikersin.) -- C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Preloader van browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser-bibliotheek voor gebruikersin.) -- C:\WINDOWS\system32\browseui.dll

~ STS/SSO: Scanned in 00mn 00s

---\\ Windows Active Desktop & MHTML Editor (O24)

O24 - Desktop Component 0: Mijn huidige introductiepagina - file:About:Home

O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Ik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Ik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

---\\ BootExecute (BEX) (O34)

O34 - HKLM BootExecute: (lsdelete) - File not found

~ BEX: 3 Legitimates Filtered in 00mn 00s

---\\ Software installed (O42)

O42 - Logiciel: Kruidvat fotoservice - (...) [HKLM] -- Kruidvat fotoservice

~ Logic: 167 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys

[HKCU\Software\LOGEN]

[HKLM\Software\System32retsaMebuC]

[HKLM\Software\WRUpdater]

~ Key Software: 192 Legitimates Filtered in 00mn 01s

---\\ Contents of the Common Files folders (O43)

O43 - CFD: 19/09/2011 - 18:51:38 - [233,000] ----D C:\Program Files\Fotoservice

O43 - CFD: 14/02/2013 - 20:32:09 - [4,594] ----D C:\Program Files\GUMEB.tmp

O43 - CFD: 13/11/2013 - 10:11:32 - [0] ----D C:\Program Files\Pando Networks

O43 - CFD: 13/11/2013 - 15:22:04 - [51,101] ----D C:\Program Files\Pixbook

O43 - CFD: 2/12/2011 - 20:15:23 - [0,811] ----D C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate

O43 - CFD: 13/11/2013 - 10:08:43 - [0] ----D C:\Documents and Settings\All Users.WINDOWS\Application Data\Spotnet

O43 - CFD: 6/01/2013 - 12:59:44 - [0] -SH-D C:\Documents and Settings\All Users.WINDOWS\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

O43 - CFD: 6/01/2013 - 12:59:44 - [0] --H-D C:\Documents and Settings\All Users.WINDOWS\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}

O43 - CFD: 17/02/2013 - 9:33:30 - [132,394] ----D C:\Documents and Settings\Ik\Application Data\splitscreen

O43 - CFD: 24/02/2012 - 21:23:14 - [7,797] ----D C:\Documents and Settings\Ik\Local Settings\Application Data\Roblox

O43 - CFD: 24/02/2012 - 21:19:31 - [18,709] ----D C:\Documents and Settings\Ik\Local Settings\Application Data\RobloxDownloads

O43 - CFD: 14/02/2013 - 17:55:57 - [0] ----D C:\Documents and Settings\Ik\Local Settings\Application Data\RobloxVersions

O43 - CFD: 13/11/2013 - 10:08:43 - [0] ----D C:\Documents and Settings\Ik\Local Settings\Application Data\Spotnet

O43 - CFD: 18/09/2010 - 19:42:59 - [0,014] R---D C:\Documents and Settings\Ik\Menu Start\Programma's\Bureau-accessoires

O43 - CFD: 1/02/2013 - 17:43:26 - [0,009] ----D C:\Documents and Settings\Ik\Menu Start\Programma's\Logen Solutions

O43 - CFD: 18/09/2010 - 16:46:29 - [0] R---D C:\Documents and Settings\Ik\Menu Start\Programma's\Opstarten

O43 - CFD: 20/11/2011 - 10:44:51 - [0] R---D C:\Documents and Settings\Ik\Menu Start\Programma's\Systeembeheer

~ Program Folder: 222 Legitimates Filtered in 00mn 46s

---\\ Last modified or created files under Windows and System32 (O44)

O44 - LFC:[MD5.CB17A47D090938A02DACB066D6D5A124] - 10/11/2013 - 19:01:53 ---A- . (...) -- C:\WINDOWS\system32\rp_rules.dat [44]

O44 - LFC:[MD5.8A3D5B46FF8C9CED46304F1EBB5F9AFE] - 10/11/2013 - 19:01:53 ---A- . (...) -- C:\WINDOWS\system32\rp_stats.dat [64]

O44 - LFC:[MD5.2C6C03D1D116D452D85AE852346A735F] - 12/11/2013 - 18:59:35 ---A- . (...) -- C:\Boot.bak [210]

O44 - LFC:[MD5.5A95B19F6F57CB11D6D818E4A08AFF34] - 12/11/2013 - 18:59:35 ---A- . (...) -- C:\WINDOWS\win.ini [582]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 12/11/2013 - 19:01:00 ----- . (...) -- C:\WINDOWS\Sti_Trace.log [0]

O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 13/11/2013 - 10:44:42 ---A- . (...) -- C:\WINDOWS\MBR.exe [208896]

O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 13/11/2013 - 10:44:42 ---A- . (...) -- C:\WINDOWS\PEV.exe [256000]

O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 13/11/2013 - 10:44:42 ---A- . (...) -- C:\WINDOWS\grep.exe [80412]

O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 13/11/2013 - 10:44:42 ---A- . (...) -- C:\WINDOWS\sed.exe [98816]

O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 13/11/2013 - 10:44:42 ---A- . (...) -- C:\WINDOWS\zip.exe [68096]

O44 - LFC:[MD5.271E9B6A3AEC7BCA63D9231A4B3575C0] - 13/11/2013 - 10:46:51 RSHA- . (...) -- C:\cmldr [261936]

O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 13/11/2013 - 11:03:20 ---A- . (...) -- C:\WINDOWS\system.ini [227]

O44 - LFC:[MD5.37BF4F2BA1C983BC223B86CF26ECBBF9] - 13/11/2013 - 11:05:19 ---A- . (...) -- C:\ComboFix.txt [12592]

O44 - LFC:[MD5.5B8A3837ACC563EA4A22350F47DAE9E2] - 13/11/2013 - 17:37:57 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]

O44 - LFC:[MD5.62F66373E846557CCBF3E03EB810B8E1] - 13/11/2013 - 17:59:30 ---A- . (...) -- C:\WINDOWS\wiadebug.log [216]

O44 - LFC:[MD5.C5964D075A9CD5D63FE9A777014E05AA] - 13/11/2013 - 18:53:07 ---A- . (...) -- C:\aaw7boot.log [469494]

O44 - LFC:[MD5.BED04E53B8319B49A60507864554A498] - 13/11/2013 - 18:53:22 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [163188]

~ Files: 33 Legitimates Filtered in 00mn 06s

---\\ Last files created in Windows Prefetcher (O45)

O45 - LFCP:[MD5.5FEBE954025CF587D5BCECE913984404] - 13/11/2013 - 15:06:50 ---A- - C:\WINDOWS\Prefetch\MPN20.EXE-17D42507.pf

O45 - LFCP:[MD5.DE6DEDDD3213F43F9343FBC4F188B38A] - 13/11/2013 - 15:20:29 ---A- - C:\WINDOWS\Prefetch\_IU14D2O.TMP-25DAF620.pf

O45 - LFCP:[MD5.74D9E7D067E626B416829C49450E0BC9] - 13/11/2013 - 15:22:18 ---A- - C:\WINDOWS\Prefetch\_IU14D2N.TMP-13F09820.pf

O45 - LFCP:[MD5.522FACC5CC243ABBD1910804EA3CB39D] - 13/11/2013 - 17:38:27 ---A- - C:\WINDOWS\Prefetch\ATI2SGAG.EXE-034D00DE.pf

O45 - LFCP:[MD5.E4A74DBA2FC6906F4654B1DFCEAAAD03] - 13/11/2013 - 9:09:03 ---A- - C:\WINDOWS\Prefetch\AD-AWAREADMIN.EXE-102E374C.pf

O45 - LFCP:[MD5.4DA852CD8FBE8DFF3E4319F96C4C5C46] - 13/11/2013 - 9:09:03 ---A- - C:\WINDOWS\Prefetch\THREATWORK.EXE-0F50642D.pf

O45 - LFCP:[MD5.9B5717277ACCA24A01875C0CB77AB90E] - 13/11/2013 - 9:17:58 ---A- - C:\WINDOWS\Prefetch\AAWTRAY.EXE-1858AE3F.pf

~ Prefetcher: 77 Legitimates Filtered in 00mn 00s

---\\ Operations and functions at Windows Explorer startup (O46)

O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Image File Execution Options (IFEO) (O50)

O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

~ IFEO: Scanned in 00mn 00s

---\\ System Drivers List (SDL) (O58)

O58 - SDL:[MD5.9612CC2E08F8185179F2C225860BF942] - 4/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main-stuurprogramma.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]

O58 - SDL:[MD5.D9813A015C5CA62411B8E0A0167D00F2] - 4/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9029]

~ Drivers: 6 Legitimates Filtered in 00mn 00s

---\\ Last modified or created user files (O61)

O61 - LFC: 10/11/2013 - 18:59:28 -S-A- . (...) -- C:\Documents and Settings\Ik\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1343024091-1682526488-725345543-1004\ed024c1d62d832874946823704b45fe1_1e5812ec-0789-4e94-b7c4-4a68eee66903 [1333]

O61 - LFC: 12/11/2013 - 18:59:28 ---A- . (...) -- C:\Documents and Settings\Ik\Application Data\Microsoft\Windows\Themes\Custom.theme [6089]

O61 - LFC: 12/11/2013 - 18:59:28 -S-A- . (...) -- C:\Documents and Settings\Ik\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1343024091-1682526488-725345543-1004\88204f700c93dff7e059dd09a004fe10_1e5812ec-0789-4e94-b7c4-4a68eee66903 [1333]

O61 - LFC: 12/11/2013 - 18:59:28 -SHA- . (...) -- C:\Documents and Settings\Ik\Application Data\Microsoft\Internet Explorer\Desktop.htt [2692]

O61 - LFC: 12/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies [6144]

O61 - LFC: 12/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOCK [0]

O61 - LFC: 12/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG.old [46]

O61 - LFC: 12/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db [7168]

O61 - LFC: 12/11/2013 - 18:59:31 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG.old [142]

O61 - LFC: 12/11/2013 - 18:59:31 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_0 [8192]

O61 - LFC: 12/11/2013 - 18:59:31 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_1 [270336]

O61 - LFC: 12/11/2013 - 18:59:31 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_2 [8192]

O61 - LFC: 12/11/2013 - 18:59:31 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_3 [8192]

O61 - LFC: 12/11/2013 - 18:59:31 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\index [262512]

O61 - LFC: 12/11/2013 - 18:59:31 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data [12288]

O61 - LFC: 12/11/2013 - 18:59:32 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager [13312]

O61 - LFC: 12/11/2013 - 18:59:32 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG.old [264]

O61 - LFC: 12/11/2013 - 18:59:32 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts [12288]

O61 - LFC: 12/11/2013 - 18:59:32 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies [6144]

O61 - LFC: 12/11/2013 - 18:59:35 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp [13381686]

O61 - LFC: 13/11/2013 - 18:59:27 -S-A- . (...) -- C:\Documents and Settings\Ik\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1343024091-1682526488-725345543-1004\4f43b932a506a45fe55a18df0dc0703f_1e5812ec-0789-4e94-b7c4-4a68eee66903 [1333]

O61 - LFC: 13/11/2013 - 18:59:28 -SHA- . (...) -- C:\Documents and Settings\Ik\Application Data\Microsoft\Internet Explorer\UserData\index.dat [32768]

O61 - LFC: 13/11/2013 - 18:59:29 ---A- . (...) -- C:\Documents and Settings\Ik\Application Data\ZHP\HOSTS.txt [27] =>.Nicolas Coolman

O61 - LFC: 13/11/2013 - 18:59:29 ---A- . (...) -- C:\Documents and Settings\Ik\Application Data\ZHP\Log.txt [19563] =>.Nicolas Coolman

O61 - LFC: 13/11/2013 - 18:59:29 ---A- . (...) -- C:\Documents and Settings\Ik\Application Data\ZHP\TestsZHPDiag.txt [3109] =>.Nicolas Coolman

O61 - LFC: 13/11/2013 - 18:59:29 ---A- . (...) -- C:\Documents and Settings\Ik\Bureaublad\adaware.txt [40390]

O61 - LFC: 13/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Bureaublad\PC Helpforum - Gratis hulp bij computer problemen.url [178]

O61 - LFC: 13/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Bureaublad\ZHPDiag.lnk [1523] =>.Nicolas Coolman

O61 - LFC: 13/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Bureaublad\ZHPFix.lnk [1628] =>.Nicolas Coolman

O61 - LFC: 13/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Bureaublad\adaware2.txt [40392]

O61 - LFC: 13/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Bureaublad\mbam-log-2013-11-12 (18-08-13).txt [45088]

O61 - LFC: 13/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Archived History [57344]

O61 - LFC: 13/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Archived History-journal [512]

O61 - LFC: 13/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Bookmarks [47598]

O61 - LFC: 13/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies [80896]

O61 - LFC: 13/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal [4640]

O61 - LFC: 13/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session [69477]

O61 - LFC: 13/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Tabs [45676]

O61 - LFC: 13/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT [16]

O61 - LFC: 13/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG [259]

O61 - LFC: 13/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\CURRENT [16]

O61 - LFC: 13/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG [264]

O61 - LFC: 13/11/2013 - 18:59:30 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\chrome_shutdown_ms.txt [5]

O61 - LFC: 13/11/2013 - 18:59:30 -SHA- . (...) -- C:\Documents and Settings\Ik\Bureaublad\Wat nog op uw Buroblad stond\2011_06_27\Thumbs.db [16384]

O61 - LFC: 13/11/2013 - 18:59:30 -SHA- . (...) -- C:\Documents and Settings\Ik\IECompatCache\index.dat [147456]

O61 - LFC: 13/11/2013 - 18:59:30 -SHA- . (...) -- C:\Documents and Settings\Ik\IETldCache\index.dat [262144]

O61 - LFC: 13/11/2013 - 18:59:31 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000019 [354]

O61 - LFC: 13/11/2013 - 18:59:31 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons [90112]

O61 - LFC: 13/11/2013 - 18:59:31 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons-journal [16384]

O61 - LFC: 13/11/2013 - 18:59:31 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\History [110592]

O61 - LFC: 13/11/2013 - 18:59:31 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\History Provider Cache [884]

O61 - LFC: 13/11/2013 - 18:59:31 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal [16384]

O61 - LFC: 13/11/2013 - 18:59:31 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_www.google.be_0.localstorage [3072]

O61 - LFC: 13/11/2013 - 18:59:31 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_www.google.be_0.localstorage-journal [3608]

O61 - LFC: 13/11/2013 - 18:59:31 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Managed Mode Settings [8]

O61 - LFC: 13/11/2013 - 18:59:31 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor [16384]

O61 - LFC: 13/11/2013 - 18:59:31 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor-journal [3608]

O61 - LFC: 13/11/2013 - 18:59:31 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs [11264]

O61 - LFC: 13/11/2013 - 18:59:32 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs-journal [4640]

O61 - LFC: 13/11/2013 - 18:59:32 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [87176]

O61 - LFC: 13/11/2013 - 18:59:32 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\CURRENT [16]

O61 - LFC: 13/11/2013 - 18:59:32 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG [272]

O61 - LFC: 13/11/2013 - 18:59:32 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000838 [434]

O61 - LFC: 13/11/2013 - 18:59:32 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites [20480]

O61 - LFC: 13/11/2013 - 18:59:32 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites-journal [12824]

O61 - LFC: 13/11/2013 - 18:59:32 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links [131072]

O61 - LFC: 13/11/2013 - 18:59:32 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data [86016]

O61 - LFC: 13/11/2013 - 18:59:32 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal [10792]

O61 - LFC: 13/11/2013 - 18:59:32 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Local State [56526]

O61 - LFC: 13/11/2013 - 18:59:33 ---A- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Microsoft\Internet Explorer\frameiconcache.dat [18420]

O61 - LFC: 13/11/2013 - 18:59:33 -SHA- . (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1343024091-1682526488-725345543-1004\Credentials [2986]

O61 - LFC: 13/11/2013 - 18:59:36 -SHA- . (...) -- C:\Documents and Settings\Ik\PrivacIE\index.dat [16187392]

~ 3 Fichiers temporaires (Temporary files)

~ 15 Fichiers cookies (Cookies files)

~ Files: 217 Legitimates Filtered in 00mn 21s

---\\ List all tools cleaner (LATC) (O63)

O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

~ ADS: Scanned in 00mn 00s

---\\ List all legacy services(LALS) (O64)

O64 - Services: CurCS - 18/02/2013 - C:\WINDOWS\system32\drivers\avgtpx86.sys (avgtp) .(.AVG Technologies - No Comment.) - LEGACY_AVGTP

~ Legacy: 143 Legitimates Filtered in 00mn 00s

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.html> <htmlfile>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 10 Legitimates Filtered in 00mn 00s

---\\ Start Menu Internet (SMI) (O68)

O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

---\\ Search Browser Infection (SBI) (O69)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {1C9DD383-2A29-43A1-ADD7-6F1D2B521DD6} - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com

~ Keys: Scanned in 00mn 00s

---\\ Crack & Keygen Files (CKF) (O82)

C:\Documents and Settings\Ik\Application Data\.minecraft\Minecraft Beta Cracked.exe

C:\Documents and Settings\Ik\Application Data\.minecraft\Minecraft Beta Cracked.exe

~ Files: Scanned in 01mn 17s

---\\ Search Particular Root Folder (SPRF) (O84)

[MD5.1FFB2EBE1F95C5E5AEC1512EA686049C] [sPRF][29/08/2012] (...) -- C:\Documents and Settings\Ik\Local Settings\Application Data\dt.dat [27520]

[MD5.73709547A3B136DE4FCFDE3EF78C1B8F] [sPRF][28/02/2012] (...) -- C:\Documents and Settings\Ik\Application Data\PnkBstrK.sys [138056]

[MD5.8C27D71B2F6719136407C525ECF18D51] [sPRF][25/10/2013] (...) -- C:\Documents and Settings\Ik\Bureaublad\adwcleaner.exe [1060070]

[MD5.B4F3EDB46D7D06E0466B5DF57F10158E] [sPRF][25/08/2009] (...) -- C:\Documents and Settings\Ik\Bureaublad\revosetup.exe [1079272]

~ Files: 12 Legitimates Filtered in 00mn 00s

---\\ Product Upgrade Codes (PUC) (O90)

O90 - PUC: "342C9E3FE221B6D4CA1C1EEF0CF2C61A" . (.Command and ConquerTM Generals Zero Hour.) -- C:\WINDOWS\Installer\{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}\ARPPRODUCTICON.exe

~ Update Products: 127 Legitimates Filtered in 00mn 00s

---\\ Windows Installer Scan (WIS) (O93) (NTFS)

[MD5.86D7C17939A45DF9A3D5669AB51916DE] [WIS][15/08/2011] (.Bandoo Media Inc. - iLivid Installation.) -- C:\Windows\Installer\2e1d42.msi [262656] =>Adware.Bandoo

[MD5.B83FA5714D167811B82497D826F598AD] [WIS][25/12/2010] (.Movavi - Movavi Video Converter 10.) -- C:\Windows\Installer\319ade.msi [11216896]

[MD5.A066516E9D30D50C8C454E30227899B5] [WIS][1/02/2013] (.SoftTruck - CargoWiz.) -- C:\Windows\Installer\50129c.msi [10836992]

[MD5.EB1EF515E4EDA542BA37AEFC2E0EE6D8] [WIS][1/02/2013] (.Logen Solutions - CUBEMA~1|CubeMaster Enterprise Edition 30 Days Trial.) -- C:\Windows\Installer\694914.msi [11066880]

~ WIS: 142 Legitimates Filtered in 00mn 11s

---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Demand 10/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

SS - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

SS - | Auto 11/02/2010 602112 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe

SS - | Auto 10/02/2010 593920 | (ATI Smart) . (...) - C:\WINDOWS\system32\ati2sgag.exe

SS - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe

SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe

SS - | Auto 10/04/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Demand 10/04/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Demand 16/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

SS - | Demand 9/09/2012 821648 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe

SS - | Demand 23/09/2012 1737728 | (Lavasoft Ad-Aware Service) . (.Lavasoft Limited.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

SS - | Auto 28/02/2012 75136 | (PnkBstrA) . (...) - C:\WINDOWS\system32\PnkBstrA.exe

~ Services: Scanned in 00mn 12s

---\\ Search Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Run by Ik at 13/11/2013 19:01:14

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys

1 nt!IofCallDriver[0x804E13B9] >> \Device\Harddisk0\DR0[0x8675CAB8]

kernel: MBR read successfully

user & kernel MBR OK

~ MBR: 13 Legitimates Filtered in 00mn 02s

---\\ Search Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by Ik at 13/11/2013 19:01:16

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s

---\\ Scan Additionnel (O88)

Database Version : 12994 - (12/11/2013)

Clés trouvées (Keys found) : 5

Valeurs trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 4

Fichiers trouvés (Files found) : 1

[HKLM\Software\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn] =>P2P.BitTorrent^

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}] =>Toolbar.TuneUp

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E0C8759C69912A4485AD49572CE7CA3] =>Adware.Bandoo

[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar] =>Toolbar.DVDVideoSoft

C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn =>P2P.BitTorrent^

C:\Documents and Settings\All Users.WINDOWS\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820} =>Toolbar.Conduit

C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate =>PUP.Tarma

C:\Program Files\FrostWire\OpenCandy =>Adware.OpenCandy

C:\Windows\Installer\2e1d42.msi =>Adware.Bandoo^

~ Additionnel Scan: 289648 Items scanned in 00mn 18s

---\\ Summary of the detections found on your workstation

~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo

~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask

~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit

~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma

~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy

~ MSI: 5 link(s) detected in 00mn 18s

~ 1366 Legitimates filtered by white list

End of the scan (590 lines in 03mn 57s)(2)

Link naar reactie
Delen op andere sites

Start ZHPFix opnieuw.

Kopieer de tekst in het code-veld volledig:

Script ZHPFix 
[HKLM\Software\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn] =>P2P.BitTorrent^
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}] =>Toolbar.TuneUp
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E0C8759C69912A4485AD49572CE7C A3] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar] =>Toolbar.DVDVideoSoft
C:\Documents and Settings\Ik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn =>P2P.BitTorrent^
C:\Documents and Settings\All Users.WINDOWS\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820} =>Toolbar.Conduit
C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate =>PUP.Tarma
C:\Program Files\FrostWire\OpenCandy =>Adware.OpenCandy
C:\Windows\Installer\2e1d42.msi =>Adware.Bandoo^
shortcutfix
emptytemp
emptyflash
emptyjava


Dubbelklik de snelkoppeling: ZHPFix

Druk op de button "Import"

Druk daarna onderaan op de knop "Go".

De fix zal beginnen post het resultaat ZPHFix[r2].txt

Link naar reactie
Delen op andere sites

@juisterr,

k'denk dat het het juiste logje is want ik heb er twee gekregen, daarom ook nog te tweede

thx djdanvan

Rapport de ZHPFix 2013.11.12.4 par Nicolas Coolman, Update du 12/11/2013

Fichier d'export Registre :

Run by Ik at 13/11/2013 20:44:20

High Elevated Privileges : OK

Windows XP Home Edition Service Pack 3 (Build 2600)

Recycle Bin emptied (00mn 05s)

Repair of browser shortcuts

========== Registry keys ==========

REMOVES: HKLM\Software\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn

REMOVES: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

REMOVES: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

REMOVES: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar

========== Folders ==========

REMOVES: c:\documents and settings\all users.windows\application data\{9cd61942-8da1-4781-925c-4fe1471e0820}

REMOVES: c:\documents and settings\all users.windows\application data\installmate

REMOVES: c:\program files\frostwire\opencandy

Deletes temporary Windows (2) (0 octets)

REMOVES Flash Cookies (1) (0 octets)

========== Files ==========

REMOVES: C:\Windows\Installer\2e1d42.msi

Deletes temporary Windows (0) (0 octets)

REMOVES Flash Cookies (0) (0 octets)

========== Other ==========

NON-TREATY emptyjava

========== Summary ==========

4 : Registry keys

5 : Folders

3 : Files

1 : Other

End of clean in 00mn 06s

========== Path to file report ==========

C:\Documents and Settings\Ik\Application Data\ZHP\ZHPFix[R1].txt - 13/11/2013 20:44:25 [1457]

----------------------------------------------------------------------------------------------------

Rapport de ZHPFix 2013.11.12.4 par Nicolas Coolman, Update du 12/11/2013

Fichier d'export Registre : C:\Documents and Settings\Ik\Application Data\ZHP\ZHPExportRegistry-13-11-2013-20-44-26.txt

Run by Ik at 13/11/2013 20:44:20

High Elevated Privileges : OK

Windows XP Home Edition Service Pack 3 (Build 2600)

Recycle Bin emptied (00mn 05s)

Repair of browser shortcuts

========== Registry keys ==========

REMOVES: HKLM\Software\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn

REMOVES: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

REMOVES: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

REMOVES: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar

========== Folders ==========

REMOVES: c:\documents and settings\all users.windows\application data\{9cd61942-8da1-4781-925c-4fe1471e0820}

REMOVES: c:\documents and settings\all users.windows\application data\installmate

REMOVES: c:\program files\frostwire\opencandy

Deletes temporary Windows (2) (0 octets)

REMOVES Flash Cookies (1) (0 octets)

========== Files ==========

REMOVES: C:\Windows\Installer\2e1d42.msi

Deletes temporary Windows (0) (0 octets)

REMOVES Flash Cookies (0) (0 octets)

========== Other ==========

NON-TREATY emptyjava

 

========== Summary ==========

4 : Registry keys

5 : Folders

3 : Files

1 : Other

 

End of clean in 00mn 06s

========== Path to file report ==========

C:\Documents and Settings\Ik\Application Data\ZHP\ZHPFix[R1].txt - 13/11/2013 20:44:25 [1457]

- - - Updated - - -

Ik haak hier af, want op gebied van veiligheid ben je veel beter af bij Juisterr dan bij deze simpele mus...

succes nog (maar dat zal wel lukken :-) )

(Juisterr : verzorg hem goed hé? xD )

alvast dank hoor, djdanvan uit jabbeke

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.