Traag opstarten

[Knip]

ComboFix 14-01-04.03 - rokn01 04-01-2014 19:47:42.6.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.2038.1287 [GMT 1:00]

Gestart vanuit: c:\documents and settings\rokn01\Desktop\ComboFix.exe

AV: F-Secure Client Security 11.00 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: F-Secure Client Security 11.00 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}

FW: McAfee Host Intrusion Prevention Firewall *Disabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\jebr02\WINDOWS

c:\documents and settings\rokn01\System

c:\documents and settings\rokn01\System\win_qs8.jqx

c:\windows\IsUn0413.exe

c:\windows\XSxS

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-12-04 to 2014-01-04 ))))))))))))))))))))))))))))))

.

.

2014-01-04 10:56 . 2014-01-04 10:24 24064 ----a-w- c:\windows\zoek-delete.exe

2014-01-04 10:24 . 2014-01-04 10:50 -------- d-----w- C:\zoek_backup

2013-12-22 18:03 . 2013-12-26 08:42 -------- d-----w- c:\documents and settings\rokn01\Application Data\uTorrent

2013-12-07 20:49 . 2013-12-07 20:49 -------- d-----w- c:\documents and settings\rokn01\Local Settings\Application Data\LEGO

2013-12-07 20:47 . 2013-12-07 20:47 -------- d-----w- c:\program files\IVI Foundation

2013-12-07 20:47 . 2013-12-07 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\IVI Foundation

2013-12-07 20:45 . 2013-12-07 20:45 -------- d-----w- c:\program files\LEGO Software

2013-12-07 20:44 . 2013-12-07 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\LEGO MINDSTORMS EV3

2013-12-07 20:44 . 2013-12-07 20:44 -------- d-----w- c:\program files\National Instruments

2013-12-07 20:43 . 2013-12-07 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\National Instruments

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-12 09:14 . 2012-05-09 08:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-12-12 09:14 . 2012-05-09 08:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-11-13 02:59 . 2009-06-30 23:00 150528 ----a-w- c:\windows\system32\imagehlp.dll

2013-11-07 05:38 . 2009-06-30 23:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll

2013-11-06 01:03 . 2009-06-30 15:19 7168 ----a-w- c:\windows\system32\xpsp4res.dll

2013-10-30 02:26 . 2009-06-30 23:01 1879040 ----a-w- c:\windows\system32\win32k.sys

2013-10-29 07:57 . 2009-06-30 23:01 920064 ----a-w- c:\windows\system32\wininet.dll

2013-10-29 07:57 . 2009-06-30 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-10-29 07:57 . 2009-06-30 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2013-10-29 07:57 . 2009-06-30 23:00 18944 ----a-w- c:\windows\system32\corpol.dll

2013-10-29 00:45 . 2009-06-30 23:00 385024 ----a-w- c:\windows\system32\html.iec

2013-10-23 23:45 . 2009-06-30 23:00 172032 ----a-w- c:\windows\system32\scrrun.dll

2013-10-12 15:56 . 2009-06-30 23:00 278528 ----a-w- c:\windows\system32\oakley.dll

2013-10-09 13:12 . 2009-06-30 23:00 287744 ----a-w- c:\windows\system32\gdi32.dll

2013-10-07 10:59 . 2009-06-30 23:00 603136 ----a-w- c:\windows\system32\crypt32.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NetSP - restore settings on power failure"="c:\program files\AT&T Global Network Client\NetSP.exe" [2009-10-08 53600]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-12-02 176128]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-09 134656]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-09 166912]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-09 135680]

"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 20530]

"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 24626]

"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-05-07 45056]

"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 20530]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2013-06-25 348608]

"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2013-06-25 1878976]

"InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707"="c:\program files\National Instruments\Shared\NIUninstaller\InstallValidator.exe" [2013-06-19 265096]

"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2009-02-04 78848]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2007-3-22 40048]

Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-3-22 734872]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\AT&T Global Network Client\\SwiApiMux.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AT&T Global Network Client\\NetClient.exe"=

"c:\\Documents and Settings\\rokn01\\Desktop\\utorrent.exe"=

"c:\\Program Files\\IBM\\Client Access\\cwbunnav.exe"=

"c:\\Program Files\\LEGO Software\\LEGO MINDSTORMS EV3 Home Edition\\MindstormsEV3.exe"=

"c:\\Documents and Settings\\rokn01\\Application Data\\uTorrent\\uTorrent.exe"=

.

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [29-4-2013 12:12 44240]

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [29-4-2013 12:12 83360]

R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [15-2-2007 19:00 26624]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [11-12-2013 12:30 73328]

R2 fsdevcon;F-Secure Device Control Daemon;c:\program files\F-Secure\Device Control\fsdevcon32.exe [29-4-2013 12:12 411584]

R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [22-8-2012 19:48 158832]

R2 NetClientSvc;AT&T Global Network Client Service;c:\program files\AT&T Global Network Client\NetClientSvc.exe [8-10-2009 12:48 342368]

R2 SnowInventoryClient;Snow Inventory Client;c:\program files\INVENTORYCLIENT\client.exe [28-10-2013 17:50 3359744]

R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [18-9-2009 17:48 9216]

R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [7-2-2007 19:00 3712]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [29-4-2013 12:12 146472]

R3 fsni;fsni;c:\program files\F-Secure\NIF\bin\fsnixp32.sys [29-4-2013 12:12 50728]

R3 fsnitdi;fsnitdi;c:\program files\F-Secure\NIF\bin\fsnitdi32.sys [29-4-2013 12:12 24104]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [29-4-2013 12:12 60352]

R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [8-6-2007 7:36 81280]

S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [30-6-2009 16:22 96256]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [27-8-2010 14:23 112640]

S3 gtermddo;gtermddo;\??\c:\docume~1\rokn01\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\rokn01\LOCALS~1\Temp\gtermddo.sys [?]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [27-8-2010 14:30 100480]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [17-5-2010 13:10 7680]

S3 NetLogSvc;NetLogSvc;c:\progra~1\AT&TGL~1\NETLOG~1.EXE [8-10-2009 12:48 75616]

S3 ProService8.3B;ProService for 8.3B;c:\dlc\bin\prosrvc.exe [18-11-2011 9:40 30208]

S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [30-6-2009 16:22 65664]

S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [29-4-2013 12:12 40256]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [29-4-2013 12:12 25536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-06 10:46 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2014-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 09:14]

.

2014-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 19:29]

.

2014-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 19:29]

.

2014-01-04 c:\windows\Tasks\User_Feed_Synchronization-{2BFC4E6F-924A-48AF-93FE-87A96F6D8FC7}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

.

2014-01-04 c:\windows\Tasks\User_Feed_Synchronization-{72015A0F-3E0B-49A9-825D-746A296A2E24}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

.

2014-01-04 c:\windows\Tasks\User_Feed_Synchronization-{8D4D68DF-33A1-4E5E-AEC5-902CCC0E324C}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

.

2014-01-04 c:\windows\Tasks\User_Feed_Synchronization-{F1EB52EA-AF37-4D99-A556-1A1E11AA03D9}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files\PokerStars.EU\PokerStarsUpdate.exe

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://84.54.135.77/activex/AMC.cab

.

- - - - ORPHANS VERWIJDERD - - - -

.

c:\documents and settings\rokn01\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk - c:\documents and settings\rokn01\Local Settings\temp\{3E401CE9-6822-4CC3-8897-8005C492AF66}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind /language=NLD /PRNM="RollerCoaster Tycoon 3"/PRMP="RCT3"/SKUN="PCXX"/GTYP="STRY"

AddRemove-ClientAccessExpressAFP Viewer - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressAFPPrinterDriver - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressAS400OperationsConsole - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressDirectoryUpdate - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressEmulator - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressEmulatorPdfPdt - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressEZSetup - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressFileTransferBase - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressFileTransferExcel - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressFileTransferWK4 - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressIRC - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressJavaToolbox - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressJRE - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressODBC - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOLEDB - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOnlineUsersGuide - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOpNavAdmin - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOpNavAFPMan - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOpNavAppDev - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOpNavBackup - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOpNavBase - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOpNavBasicOp - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOpNavCABase - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOpNavCommands - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOpNavDatabase - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOpNavFileSys - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOpNavJobMan - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOpNavLogSys - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOpNavMonitors - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOpNavNetworks - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOpNavPackProd - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOpNavSecurity - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOpNavSysConfig - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOpNavToolkit - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressOpNavUandG - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressREDIST - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressRequiredPrograms - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressSCSPrinterDriver - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressSPCOMP - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressTJ - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressToolkit - c:\windows\IsUn0413.exe

AddRemove-ClientAccessExpressVBW - c:\windows\IsUn0413.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2014-01-04 19:56

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(556)

c:\program files\f-secure\hips\fshook32.dll

c:\windows\system32\igfxdev.dll

.

Voltooingstijd: 2014-01-04 19:58:47

ComboFix-quarantined-files.txt 2014-01-04 18:58

ComboFix2.txt 2010-10-13 21:43

ComboFix3.txt 2010-10-11 15:49

.

Pre-Run: 37.147.299.840 bytes free

Post-Run: 37.123.178.496 bytes free

.

- - End Of File - - A659DAFFEBFFCC86702C3D1DE426D09C

16AAED9FF9BD7B064230E4D89FDC8B05

[kape]

En hoe gaat het nu met het opstarten nà het scannen met deze Combofix ?

5 januari 2014 aangepast door kape

[Knip]

Heel stuk beter inmiddels hij zal ea hebben verwijderd / rechtgezet

[kape]

Download AdwCleaner by Xplode naar het bureaublad.

AdwCleaner uitvoeren

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op de knop Scan.
  
• Wanneer de scan gereed is Klikt u vervolgens op de knop Clean.
  
• Als dit gereed is wordt er gevraagd om de computer opnieuw op te starten, klik hier op OK.
  
• Nadat de computer opnieuw is opgestart wordt het logbestand automatisch geopend.
  
• Plaats dit logbestand in het volgende bericht.
  

[Knip]

# AdwCleaner v3.016 - Report created 05/01/2014 at 14:12:18

# Updated 23/12/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : rokn01 - LT21776

# Running from : C:\Documents and Settings\rokn01\Desktop\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_17AA20DA

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKCU\Software\FLEXnet

Key Deleted : HKLM\Software\SearchProtect

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v31.0.1650.63

[ File : C:\Documents and Settings\rokn01\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [1871 octets] - [05/01/2014 14:09:56]

AdwCleaner[s0].txt - [1456 octets] - [05/01/2014 14:12:18]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1516 octets] ##########

[kape]

Download de Junkware Removal Tool by Thisisu naar je bureaublad.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met JRT

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

• Dubbelklik op JRT.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• De tool zal vervolgens het systeem scannen.
  
• De scan kan afhankelijk van je systeemspecificaties soms vrij lang duren, wacht geduldig af.
  
• Als de scan gereed is zal er een logje (JRT.txt) op het bureaublad opgeslagen worden en automatisch worden geopend.
  
• Post de inhoud van deze log in je volgende bericht als bijlage.
  

[Knip]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.9 (01.01.2014:1)

OS: Microsoft Windows XP x86

Ran by rokn01 on zo 05-01-2014 at 17:42:23,70

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E87EA0C-D5FA-4BD8-A9E1-C341F4B798F8}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\rokn01\Application Data\getrighttogo"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on zo 05-01-2014 at 17:52:28,98

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[kape]

Dan zijn we nu zo'n beetje rond met de mogelijkheden om 1. de malware te verwijderen en 2. de snelheid te verhogen. Hoe loopt alles nu ?

[Knip]

Heel stuk beter en sneller, super !

[kape]

Mooi zo ... dan mag je de gebruikte tools nog verwijderen:

Download Delfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:

• Remove disinfection tools
  
• Purge System Restore
  
• Reset system settings
  

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

Indien dit allemaal probleemloos verlopen is en je binnen dit topic verder geen vragen of problemen meer hebt, mag je dit onderwerp afsluiten door een klik op de knop "Markeer als opgelost", die je links onderaan kan terugvinden … zo blijft het voor iedereen overzichtelijk.