Ga naar inhoud

Janey

Lid
  • Items

    10
  • Registratiedatum

  • Laatst bezocht

Janey's prestaties

  1. Ik heb mijn IE nog eens goed doorgesnuffeld en uiteindelijk wel accelerators van hyves kunnen verwijderen. Internet explorer wilde ik al toen ik mijn comp kreeg verwijderen, maar als ik op verwijderen druk krijg ik een rijtje te zien van alle programma´s die na IE geinstalleerd zijn (dat is zo ongeveer alle programma's die ik op mijn computer heb) met de melding dat als ik IE verwijder de kans is dat de andere programma's het ook niet meer doen. Dus heb ik het maar geannuleerd.
  2. Haha, dat is goed om te horen! Nee, helaas zit ie niet op firefox. De vorige gebruiker van deze computer heeft denk ik via hyves.nl internet explorer gedownload en is zo ´erin getrapt´. Ik hou helemaal niet van al die toolbars (leek mij ook vragen om virussen) en heb toendertijd ik deze computer kreeg firefox gedownload, toen mij niet lukte de toolbars te verwijderen. Gelukkig zijn de rest van de toolbars in ieder geval nu wel weg. Als ik explorer open zie ik de hyves toolbar niet, vreemd genoeg. Ik weet ook niet waar ik moet kijken, heb explorer al 5 jaar niet gebruikt, haha. Nog steeds geen virus in zicht. Kreeg wel bij emisoft scan de volgende error: Ik snap niet echt wat ermee bedoelt wordt, maar ik heb avira geupgrade, dus het zal wel goed nu zijn?
  3. tada: Edit: ik zie net dat ik bij mijn vorige logje van Hijack (zie vorige pagina van dit topic), het al heb verwijderd. Ben bang die ie in deze log dan ook niet aanwezig zal zijn. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:06:45, on 28/03/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\CAP3RSK.EXE C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MindfulClock\Mfclock.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ziggo.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [instantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c " O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MindfulClock] "C:\Program Files\MindfulClock\Mfclock.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162213379953 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162215196484 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: Google Updateservice (gupdate1c9b2012369ea28) (gupdate1c9b2012369ea28) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12145 bytes
  4. Nou, niet veel.. Ik kan even mijn logje van Avira vreemd genoeg niet localiseren, maar er werd niks gevonden, behalve 30 ´warnings´ (stom dat ik mijn log niet kan vinden). MBAM heeft ook niks gevonden. En tot nu toe is er nog geen scherm in beeld gekomen van avira met de bevinding dat er virus gevonden is.. Ik blijf nog wel een beetje sceptisch en ga morgen nog even scannen met eset (ik wacht dus nog even voor de zekerheid met het topic zetten op 'opgelost'. Ben ook gelijk verder met het opschonen en verwijderen van programma's die ik toch nooit gebruik. En mijn computer is echt veel sneller. Enige puntje, is dat de hyves toolbar maar niet verwijderd wil worden. Heb de map wel verwijderd, maar realiseerde me daarna dat ik combofix had kunnen gebruiken om het programma te verwijderen met behulp van de localisatie van de map, haha. Maar ik heb niet het idee dat het niet kunnen verwijderen, ligt aan een virus.. Heel erg bedankt voor de hulp! Ik denk dat ik hier nog wel even blijf rondhangen, dit forum bevalt mij wel en ik kan nog een hoop leren;-)
  5. Ja, klopt. Ik had avast nog gedownload om te controleren of alle virussen er nu wel af waren. Alle registry cleaners behalve CCleaner heb ik al verwijderd. Ik las een topic hierover op dit forum met de conclusie:-) Wat ik opvallend vind is dat het trojaans paard die nu telkens terugkeert, gevonden wordt in windows/temp/_avast_. Oftewel avast als in avast virusscanner... Misschien is de oplossing avast te uninstallen en vervolgens CCleaner erop los te laten om dingen in de temp te verwijderen? /////// Het is me nog gelukt met emisoft een 'slimme' scan te doen. Log emisoft: Emsisoft Emergency Kit - Versie 1.0 Laatste Update: 26/03/2012 8:40:55 Scaninstellingen: Scantype: Slimme Scan Objecten: Geheugen, Sporen, Cookies, C:\WINDOWS\, C:\Program Files Scan archieven: Uit Heuristieken: Uit ADS Scan: Aan Scan gestart: 26/03/2012 10:23:24 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332526845203000 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332526867593000 Ontdekt: Trace.TrackingCookie.about.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332526868218003 Ontdekt: Trace.TrackingCookie.about.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332526868234001 Ontdekt: Trace.TrackingCookie.about.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332526868234002 Ontdekt: Trace.TrackingCookie.about.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332573866078000 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332573866078001 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332573886265000 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332574238140000 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332616433140000 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332616433140001 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332622231218000 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332623784781000 Ontdekt: Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332623784781001 Ontdekt: Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332624471437000 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332626749671001 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332626749671002 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332626749671003 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332626749671004 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627918296000 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627918296003 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627918328000 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627918828001 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627919296003 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627919296007 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627920140000 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627920140002 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332632078093000 Ontdekt: Trace.TrackingCookie.track.adform.net!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332632078203002 Ontdekt: Trace.TrackingCookie.track.adform.net!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332665099593002 Ontdekt: Trace.TrackingCookie.tribalfusion.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332682624078000 Ontdekt: Trace.TrackingCookie.m.webtrends.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332748782015000 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2 C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL Ontdekt: Riskware.AdTool.Win32.MyWebSearch.az!A2 C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL Ontdekt: Adware.Win32.MyWebSearch!A2 C:\Program Files\HyvesToolbar\Hyves Toolbar\basis.xml Ontdekt: Riskware.AdWare.Win32.Mostofate!IK C:\Program Files\Trend Micro\HiJackThis\backups\backup-20120325-005443-637.dll Ontdekt: Adware.Win32.MyWebSearch!A2 C:\Program Files\Trend Micro\HiJackThis\backups\backup-20120325-005443-753.dll Ontdekt: Adware.Win32.AskTBar!A2 Gescand Bestanden: 86937 Sporen: 467090 Cookies: 640 Processen: 71 Gevonden Bestanden: 5 Sporen: 0 Cookies: 34 Processen: 0 Registersleutels: 0 Scan Geëindigd: 26/03/2012 11:46:27 Scantijd: 1:23:03 C:\Program Files\Trend Micro\HiJackThis\backups\backup-20120325-005443-753.dll Verwijderd Adware.Win32.AskTBar!A2 C:\Program Files\HyvesToolbar\Hyves Toolbar\basis.xml Verwijderd Riskware.AdWare.Win32.Mostofate!IK C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL Verwijderd Adware.Win32.MyWebSearch!A2 C:\Program Files\Trend Micro\HiJackThis\backups\backup-20120325-005443-637.dll Verwijderd Adware.Win32.MyWebSearch!A2 C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL Verwijderd Riskware.AdTool.Win32.MyWebSearch.az!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332682624078000 Verwijderd Trace.TrackingCookie.m.webtrends.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332665099593002 Verwijderd Trace.TrackingCookie.tribalfusion.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332632078093000 Verwijderd Trace.TrackingCookie.track.adform.net!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332632078203002 Verwijderd Trace.TrackingCookie.track.adform.net!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627918296000 Verwijderd Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627918296003 Verwijderd Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627918328000 Verwijderd Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627918828001 Verwijderd Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332626749671001 Verwijderd Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332626749671002 Verwijderd Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332626749671003 Verwijderd Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332626749671004 Verwijderd Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627919296003 Verwijderd Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627919296007 Verwijderd Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332623784781000 Verwijderd Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332623784781001 Verwijderd Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332622231218000 Verwijderd Trace.TrackingCookie.www.googleadservices.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332624471437000 Verwijderd Trace.TrackingCookie.www.googleadservices.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332616433140000 Verwijderd Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332616433140001 Verwijderd Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627920140000 Verwijderd Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627920140002 Verwijderd Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332573886265000 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332574238140000 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332573866078000 Verwijderd Trace.TrackingCookie.stat.onestat!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332573866078001 Verwijderd Trace.TrackingCookie.stat.onestat!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332526867593000 Verwijderd Trace.TrackingCookie.about.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332526868218003 Verwijderd Trace.TrackingCookie.about.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332526868234001 Verwijderd Trace.TrackingCookie.about.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332526868234002 Verwijderd Trace.TrackingCookie.about.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332526845203000 Verwijderd Trace.TrackingCookie.doubleclick.net!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332748782015000 Verwijderd Trace.TrackingCookie.doubleclick.net!A2 Verwijderd Bestanden: 5 Sporen: 0 Cookies: 32 log Eset: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=0d2bef68a0f5614ca9b5dfced8f81e29 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-03-26 09:05:34 # local_time=2012-03-26 11:05:34 (+0100, West-Europa (zomertijd)) # country="Belgium" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 145870 145870 0 0 # compatibility_mode=1797 16775125 100 94 106659 105435162 154303 0 # compatibility_mode=8192 67108863 100 0 367 367 0 0 # scanned=111504 # found=7 # cleaned=7 # scan_time=18911 C:\Documents and Settings\Hans\Mijn documenten\Downloads\SLOW-PCfighter_Web.exe a variant of Win32/SlowPCfighter application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Hans\Mijn documenten\Downloads\SoftonicDownloader_for_spss.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Hans\Mijn documenten\Downloads\SoftonicDownloader_voor_ibm-spss-statistics.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{D84D49D1-B1C5-4BFF-83AB-2C377E8089D1}\RP2\A0004341.dll Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{D84D49D1-B1C5-4BFF-83AB-2C377E8089D1}\RP2\A0004342.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{D84D49D1-B1C5-4BFF-83AB-2C377E8089D1}\RP2\A0004343.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{D84D49D1-B1C5-4BFF-83AB-2C377E8089D1}\RP2\A0004344.DLL Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  6. Ik heb alles verwijderd uit de quarantaine van avira en ook het verwijderen van heretic was succesvol. Het scannen met de emergency kit 1.0 werkt echter niet. Ik heb het nu 2 keer geprobeerd. Zodra de scanner bij de 20% is, verdwijnt het venster met het scan proces (start direct venster blijft wel staan). Hij scant wel heel goed, zodra ie bij de 15% was, waren er al 48 objecten gevonden. Overigens geen trojaans paard nog. Ik kan helaas niks terugvinden in de quarantaine. Ook blijf ik van Avira af en toe horen dat ie een trojaans paard heeft gevonden. Kan het zijn dat ik voor deze scanner mijn andere spyware /antivirus ook weer moet uitschakelen en dit de oorzaak is? Of heeft dit met het virus zelf te maken? Edit 1: Ik heb maar een snelle scan uitgevoerd. Die werkte wel. Hij heeft alleen niet alles kunnen verwijderen van de cookies. Dit is het rapport: Emsisoft Emergency Kit - Versie 1.0 Laatste Update: 26/03/2012 8:40:55 Scaninstellingen: Scantype: Snelle Scan Objecten: Geheugen, Sporen, Cookies Scan archieven: Uit Heuristieken: Uit ADS Scan: Aan Scan gestart: 26/03/2012 10:11:44 c:\program files\eGames Ontdekt: Trace.Directory.Bling-O!A2 Value: HKEY_CURRENT_USER\Software\zylom\Games\29\zgw --> dgfilename Ontdekt: Trace.Registry.GameFiesta Babel Deluxe!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\CLSID\{09BD51AE-7E02-4916-9B12-647A92C02B7F} Ontdekt: Trace.Registry.AskTBar!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\CLSID\{72FE8681-0BFA-471b-9B2A-B37ED68DD09E} Ontdekt: Trace.Registry.AskTBar!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\CLSID\{83453071-3F9C-4ab0-BE30-EDA368D7976D} Ontdekt: Trace.Registry.AskTBar!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BD04DAE2-8C1B-4cc5-9E06-22DE05C2EDA0} Ontdekt: Trace.Registry.AskTBar!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{83453070-3F9C-4AB0-BE30-EDA368D7976D} Ontdekt: Trace.Registry.AskTBar!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{FE063DBA-4EC0-403E-8DD8-394C54984B2C} Ontdekt: Trace.Registry.AskTBar!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{BD04DAE0-8C1B-4CC5-9E06-22DE05C2EDA0} Ontdekt: Trace.Registry.AskTBar!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{FE063DB0-4EC0-403E-8DD8-394C54984B2C} Ontdekt: Trace.Registry.AskTBar!A2 Key: HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Ext\PreApproved\{83453071-3F9C-4ab0-BE30-EDA368D7976D} Ontdekt: Trace.Registry.AskTBar!A2 Key: HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Ext\PreApproved\{FE063DBB-4EC0-403e-8DD8-394C54984B2C} Ontdekt: Trace.Registry.AskTBar!A2 Key: HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C} Ontdekt: Trace.Registry.AskTBar!A2 Key: HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} Ontdekt: Trace.Registry.AskTBar!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332526845203000 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332526867593000 Ontdekt: Trace.TrackingCookie.about.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332526868218003 Ontdekt: Trace.TrackingCookie.about.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332526868234001 Ontdekt: Trace.TrackingCookie.about.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332526868234002 Ontdekt: Trace.TrackingCookie.about.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332573866078000 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332573866078001 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332573886265000 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332574238140000 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332616433140000 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332616433140001 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332622231218000 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332623784781000 Ontdekt: Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332623784781001 Ontdekt: Trace.TrackingCookie.adbrite.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332624471437000 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332626749671001 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332626749671002 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332626749671003 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332626749671004 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627918296000 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627918296003 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627918328000 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627918828001 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627919296003 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627919296007 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627920140000 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332627920140002 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332632078093000 Ontdekt: Trace.TrackingCookie.track.adform.net!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332632078203002 Ontdekt: Trace.TrackingCookie.track.adform.net!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332665099593002 Ontdekt: Trace.TrackingCookie.tribalfusion.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332682624078000 Ontdekt: Trace.TrackingCookie.m.webtrends.com!A2 C:\Documents and Settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\cookies.sqlite:1332748782015000 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2 Gescand Bestanden: 632 Sporen: 467090 Cookies: 638 Processen: 71 Gevonden Bestanden: 0 Sporen: 14 Cookies: 34 Processen: 0 Registersleutels: 0 Scan Geëindigd: 26/03/2012 10:13:40 Scantijd: 0:01:56 Key: HKEY_LOCAL_MACHINE\software\Classes\CLSID\{09BD51AE-7E02-4916-9B12-647A92C02B7F} Verwijderd Trace.Registry.AskTBar!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\CLSID\{72FE8681-0BFA-471b-9B2A-B37ED68DD09E} Verwijderd Trace.Registry.AskTBar!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\CLSID\{83453071-3F9C-4ab0-BE30-EDA368D7976D} Verwijderd Trace.Registry.AskTBar!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BD04DAE2-8C1B-4cc5-9E06-22DE05C2EDA0} Verwijderd Trace.Registry.AskTBar!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{83453070-3F9C-4AB0-BE30-EDA368D7976D} Verwijderd Trace.Registry.AskTBar!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{FE063DBA-4EC0-403E-8DD8-394C54984B2C} Verwijderd Trace.Registry.AskTBar!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{BD04DAE0-8C1B-4CC5-9E06-22DE05C2EDA0} Verwijderd Trace.Registry.AskTBar!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{FE063DB0-4EC0-403E-8DD8-394C54984B2C} Verwijderd Trace.Registry.AskTBar!A2 Key: HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Ext\PreApproved\{83453071-3F9C-4ab0-BE30-EDA368D7976D} Verwijderd Trace.Registry.AskTBar!A2 Key: HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Ext\PreApproved\{FE063DBB-4EC0-403e-8DD8-394C54984B2C} Verwijderd Trace.Registry.AskTBar!A2 Key: HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C} Verwijderd Trace.Registry.AskTBar!A2 Key: HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} Verwijderd Trace.Registry.AskTBar!A2 Value: HKEY_CURRENT_USER\Software\zylom\Games\29\zgw --> dgfilename Verwijderd Trace.Registry.GameFiesta Babel Deluxe!A2 c:\program files\eGames Verwijderd Trace.Directory.Bling-O!A2 Verwijderd Bestanden: 0 Sporen: 14 Cookies: 64
  7. ComboFix 12-03-22.01 - Hans 25/03/2012 14:07:06.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1073 [GMT 2:00] Gestart vanuit: c:\documents and settings\Hans\Bureaublad\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Hans\Menu Start\Internet Explorer.lnk c:\windows\IsUn0413.exe c:\windows\kb913800.exe c:\windows\system32\SET4F.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))) . . 2012-03-25 08:56 . 2012-03-25 08:56 -------- d-----w- c:\documents and settings\Hans\Application Data\Malwarebytes 2012-03-25 08:55 . 2012-03-25 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-03-25 08:55 . 2012-03-25 08:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-25 08:55 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-24 23:19 . 2012-03-24 23:19 388096 ----a-r- c:\documents and settings\Hans\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-03-24 23:19 . 2012-03-24 23:19 -------- d-----w- c:\program files\Trend Micro 2012-03-24 21:59 . 2012-03-24 22:02 -------- d-----w- c:\documents and settings\Hans\Application Data\Auslogics 2012-03-24 21:47 . 2012-03-24 21:47 -------- d-----w- c:\documents and settings\Hans\Application Data\Registry Mechanic 2012-03-24 21:32 . 2012-03-25 10:18 -------- d-----w- c:\program files\Common Files\PC Tools 2012-03-24 21:31 . 2012-03-24 21:31 -------- d-----w- c:\program files\PC Tools 2012-03-24 21:31 . 2012-03-24 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2012-03-24 21:31 . 2012-03-24 21:31 -------- d-----w- c:\documents and settings\Hans\Application Data\Product_RM 2012-03-24 21:20 . 2012-03-24 21:20 -------- d-----w- c:\documents and settings\Hans\Application Data\Fighters 2012-03-24 21:19 . 2012-03-24 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters 2012-03-23 18:17 . 2012-03-25 09:56 -------- d--h--r- c:\documents and settings\Hans\Onlangs geopend 2012-03-23 18:03 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-23 18:03 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-03-23 18:03 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-23 18:03 . 2012-03-07 00:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-03-23 18:03 . 2012-03-07 00:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-23 18:03 . 2012-03-07 00:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-03-23 18:03 . 2012-03-07 00:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-03-23 18:03 . 2012-03-06 23:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-03-23 18:02 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr 2012-03-23 18:02 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-23 18:02 . 2012-03-23 18:02 -------- d-----w- c:\program files\AVAST Software 2012-03-23 18:02 . 2012-03-23 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-03-13 17:33 . 2012-03-13 17:33 -------- d-----w- c:\program files\Winnie . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-03 09:57 . 2006-04-10 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 19:07 . 2012-02-16 12:02 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2006-09-27 15:23 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-10 39408] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192] "MindfulClock"="c:\program files\MindfulClock\Mfclock.exe" [2008-02-21 442368] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-10-09 16236032] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-06 7700480] "LanguageShortcut"="c:\program files\Home Cinema\PowerDVD\Language\Language.exe" [2006-05-18 49152] "InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2006-06-21 93640] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 176128] "HPHUPD05"="c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152] "HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-05-05 491520] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-08-21 22528] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-19 149280] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Hans\Menu Start\Programma's\Opstarten\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-9 113664] Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2008-10-20 30720] Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *\0pgdfgsvc c 1\0lsdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^DataViz Inc Messenger.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\DataViz Inc Messenger.lnk backup=c:\windows\pss\DataViz Inc Messenger.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Hans^Menu Start^Programma's^Opstarten^Desktop Calendar Reminder.lnk] backup=c:\windows\pss\Desktop Calendar Reminder.lnkStartup path=c:\documents and settings\Hans\Menu Start\Programma's\Opstarten\Desktop Calendar Reminder.lnk backupExtension=Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Hans^Menu Start^Programma's^Opstarten^palmOne Registration.lnk] path=c:\documents and settings\Hans\Menu Start\Programma's\Opstarten\palmOne Registration.lnk backup=c:\windows\pss\palmOne Registration.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-22 14:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2009-05-13 18:58 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2005-08-17 20:40 64512 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus D68 Series] 2005-01-25 04:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKey] 2004-01-06 12:02 618496 -c--a-w- c:\windows\twain_32\SlimU2TA\HotKey.Exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-06-05 11:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-05-28 07:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-10-06 14:38 1617920 -c--a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\NetMeeting\\Conf.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Messenger\\Msmsgs.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\IBM\\SPSS\\Statistics\\20\\WinWrapIDE.exe"= "c:\\Program Files\\IBM\\SPSS\\Statistics\\20\\stats.exe"= "c:\\Program Files\\IBM\\SPSS\\Statistics\\20\\stats.com"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/03/2012 20:03 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/03/2012 20:03 337880] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 20:25 12872] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [10/05/2010 20:41 67656] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [29/01/2010 20:51 108289] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/03/2012 20:03 20696] R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27/08/2009 17:09 1253376] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25/03/2012 10:55 652360] R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [30/10/2006 11:14 1105664] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/03/2012 10:55 20464] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [30/10/2006 11:22 7040] S2 gupdate1c9b2012369ea28;Google Updateservice (gupdate1c9b2012369ea28);c:\program files\Google\Update\GoogleUpdate.exe [31/03/2009 15:03 133104] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7/08/2008 11:10 3276800] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31/03/2009 15:03 133104] S3 SPC220NC;Philips SPC220NC Webcam;c:\windows\system32\DRIVERS\SPC220NC.SYS --> c:\windows\system32\DRIVERS\SPC220NC.SYS [?] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - AAWSERVICE . Inhoud van de 'Gedeelde Taken' map . 2012-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 13:03] . 2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 13:03] . 2012-03-25 c:\windows\Tasks\HP Usg Daily.job - c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 10:33] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.ziggo.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\ FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Destroy the Web: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532} - %profile%\extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532} FF - user.js: network.proxy.type - 0 FF - user.js: network.proxy.http - user_pref(network.proxy.http_port,); FF - user.js: network.proxy.no_proxies_on - . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{AB8DC1E0-22BE-4181-B77E-02C495E031F8} - (no file) MSConfigStartUp-Skype - c:\program files\Skype\\Phone\Skype.exe AddRemove-{FAF88B432344413595BB2DED98385684} - c:\program files\DivX\DivXUserGuideUninstall . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-03-25 14:14 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-909846072-1415281087-2201200390-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(676) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . Voltooingstijd: 2012-03-25 14:20:56 ComboFix-quarantined-files.txt 2012-03-25 12:20 . Pre-Run: 235.500.650.496 bytes beschikbaar Post-Run: 235.843.760.128 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 7297AE198F6D6D16B1DE0D1F00FA9582 Bij uninstal staat er: C:\DOSprog\Hereticje en bij zoeken vind ik dit: Heel erg bedankt voor de hulp. Ben alleen dom genoeg vergeten mijn superantispyware uit te schakelen (de rest was wel uitgeschakeld)... Nog een keer combofix toepassen? Update: Realtime bescherming bij superantispyware was wel uitgeschakeld. Voor zover ik begreep via internet was dat je het kan afsluiten en dat ie dan geheel uitgeschakeld is... Heb voor de zekerheid nog een keer combofix gedaan. Deze keer is volgens mij niks verwijderd.. ComboFix 12-03-22.01 - Hans 25/03/2012 15:14:27.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1044 [GMT 2:00] Gestart vanuit: c:\documents and settings\Hans\Bureaublad\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))) . . 2012-03-25 08:56 . 2012-03-25 08:56 -------- d-----w- c:\documents and settings\Hans\Application Data\Malwarebytes 2012-03-25 08:55 . 2012-03-25 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-03-25 08:55 . 2012-03-25 08:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-25 08:55 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-24 23:19 . 2012-03-24 23:19 388096 ----a-r- c:\documents and settings\Hans\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-03-24 23:19 . 2012-03-24 23:19 -------- d-----w- c:\program files\Trend Micro 2012-03-24 21:59 . 2012-03-24 22:02 -------- d-----w- c:\documents and settings\Hans\Application Data\Auslogics 2012-03-24 21:47 . 2012-03-24 21:47 -------- d-----w- c:\documents and settings\Hans\Application Data\Registry Mechanic 2012-03-24 21:32 . 2012-03-25 10:18 -------- d-----w- c:\program files\Common Files\PC Tools 2012-03-24 21:31 . 2012-03-24 21:31 -------- d-----w- c:\program files\PC Tools 2012-03-24 21:31 . 2012-03-24 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2012-03-24 21:31 . 2012-03-24 21:31 -------- d-----w- c:\documents and settings\Hans\Application Data\Product_RM 2012-03-24 21:20 . 2012-03-24 21:20 -------- d-----w- c:\documents and settings\Hans\Application Data\Fighters 2012-03-24 21:19 . 2012-03-24 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters 2012-03-23 18:17 . 2012-03-25 12:37 -------- d--h--r- c:\documents and settings\Hans\Onlangs geopend 2012-03-23 18:03 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-23 18:03 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-03-23 18:03 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-23 18:03 . 2012-03-07 00:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-03-23 18:03 . 2012-03-07 00:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-23 18:03 . 2012-03-07 00:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-03-23 18:03 . 2012-03-07 00:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-03-23 18:03 . 2012-03-06 23:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-03-23 18:02 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr 2012-03-23 18:02 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-23 18:02 . 2012-03-23 18:02 -------- d-----w- c:\program files\AVAST Software 2012-03-23 18:02 . 2012-03-23 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-03-13 17:33 . 2012-03-13 17:33 -------- d-----w- c:\program files\Winnie . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-03 09:57 . 2006-04-10 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 19:07 . 2012-02-16 12:02 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2006-09-27 15:23 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-10 39408] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192] "MindfulClock"="c:\program files\MindfulClock\Mfclock.exe" [2008-02-21 442368] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-10-09 16236032] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-06 7700480] "LanguageShortcut"="c:\program files\Home Cinema\PowerDVD\Language\Language.exe" [2006-05-18 49152] "InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2006-06-21 93640] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 176128] "HPHUPD05"="c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152] "HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-05-05 491520] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-08-21 22528] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-19 149280] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Hans\Menu Start\Programma's\Opstarten\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-9 113664] Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2008-10-20 30720] Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *\0pgdfgsvc c 1\0lsdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^DataViz Inc Messenger.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\DataViz Inc Messenger.lnk backup=c:\windows\pss\DataViz Inc Messenger.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Hans^Menu Start^Programma's^Opstarten^Desktop Calendar Reminder.lnk] backup=c:\windows\pss\Desktop Calendar Reminder.lnkStartup path=c:\documents and settings\Hans\Menu Start\Programma's\Opstarten\Desktop Calendar Reminder.lnk backupExtension=Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Hans^Menu Start^Programma's^Opstarten^palmOne Registration.lnk] path=c:\documents and settings\Hans\Menu Start\Programma's\Opstarten\palmOne Registration.lnk backup=c:\windows\pss\palmOne Registration.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-22 14:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2009-05-13 18:58 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2005-08-17 20:40 64512 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus D68 Series] 2005-01-25 04:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKey] 2004-01-06 12:02 618496 -c--a-w- c:\windows\twain_32\SlimU2TA\HotKey.Exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-06-05 11:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-05-28 07:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-10-06 14:38 1617920 -c--a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\NetMeeting\\Conf.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Messenger\\Msmsgs.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\IBM\\SPSS\\Statistics\\20\\WinWrapIDE.exe"= "c:\\Program Files\\IBM\\SPSS\\Statistics\\20\\stats.exe"= "c:\\Program Files\\IBM\\SPSS\\Statistics\\20\\stats.com"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/03/2012 20:03 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/03/2012 20:03 337880] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 20:25 12872] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [10/05/2010 20:41 67656] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [29/01/2010 20:51 108289] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/03/2012 20:03 20696] R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27/08/2009 17:09 1253376] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25/03/2012 10:55 652360] R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [30/10/2006 11:14 1105664] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/03/2012 10:55 20464] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [30/10/2006 11:22 7040] S2 gupdate1c9b2012369ea28;Google Updateservice (gupdate1c9b2012369ea28);c:\program files\Google\Update\GoogleUpdate.exe [31/03/2009 15:03 133104] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7/08/2008 11:10 3276800] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31/03/2009 15:03 133104] S3 SPC220NC;Philips SPC220NC Webcam;c:\windows\system32\DRIVERS\SPC220NC.SYS --> c:\windows\system32\DRIVERS\SPC220NC.SYS [?] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - AAWSERVICE . Inhoud van de 'Gedeelde Taken' map . 2012-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 13:03] . 2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 13:03] . 2012-03-25 c:\windows\Tasks\HP Usg Daily.job - c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 10:33] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.ziggo.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\Hans\Application Data\Mozilla\Firefox\Profiles\lh8abi7t.default\ FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Destroy the Web: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532} - %profile%\extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532} FF - user.js: network.proxy.type - 0 FF - user.js: network.proxy.http - user_pref(network.proxy.http_port,); FF - user.js: network.proxy.no_proxies_on - . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-25 15:21 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-909846072-1415281087-2201200390-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(676) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . - - - - - - - > 'explorer.exe'(1804) c:\progra~1\WINDOW~3\wmpband.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2012-03-25 15:27:48 ComboFix-quarantined-files.txt 2012-03-25 13:27 ComboFix2.txt 2012-03-25 12:20 . Pre-Run: 238.978.920.448 bytes beschikbaar Post-Run: 239.463.616.512 bytes beschikbaar . - - End Of File - - 836D4B723E2A300D2E8DB28C612E5750 Update / edit 2: Misschien via de veilige modus virus opsporen? Ik heb alleen geen idee hoe dit werkt. Ik heb nog nooit veilige modus gebruikt, heb er alleen van gehoord. (tr/crypt/XPACK.gen). of Zpack blijft terugkomen. Telkens zelfde locatie: C:\WINDOWS\temps\_avast_\unp7947506.tmp edit 3: Enkele trojaanse paarden (xpack / zpack) staan ook nog in quarantaine in avira (dus niet gedelete). Misschien heeft dit er iets mee te maken..?
  8. Hij weigert Ask Toolbar te verwijderen. Er staat: kan opgegeven module niet vinden. CCleaner zegt hetzelfde. Wanneer ik de map probeer te verwijderen, staat er: A5SRCHAS.DLL niet verwijderen. Toegang geweigerd. Controleer of de schijf vol of tegen schijven is beveiligd of dat het bestand momenteel in gebruik is. Bij scannen van register.. met MBAM, heeft avira 3 trojaanse paarden gevonden. Ik heb ze gedelete. Kan het zijn dat avira scanproces van MBAM verstoord? Mijn logje van MBAM: Malwarebytes Anti-Malware (-evaluatieversie-) 1.60.1.1000 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.03.25.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Hans :: MEDION [administrator] Realtime bescherming: Ingeschakeld 25/03/2012 11:00:20 mbam-log-2012-03-25 (11-00-20).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 229558 Verstreken tijd: 10 minuut/minuten, 3 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 2 C:\Documents and Settings\Hans\Mijn documenten\Downloads\installer_doom_3.exe (PUP.Adbunbler) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Hans\Mijn documenten\Downloads\installer_doom_3_patch.exe (PUP.Adbunbler) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Bij openen Hijackthis en scannen weer detectie trojaans paard (tr/crypt/XPACK.gen). Dezelfde als bij het scannen met MBAM. Is hier te vinden: C:\WINDOWS\temps\_avast_\unp7947506.tmp Hijackthis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:34:03, on 25/03/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\system32\CAP3RSK.EXE C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Fighters\Tray\FightersTray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\MindfulClock\Mfclock.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ziggo.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [instantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c " O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB003" /M "Stylus D68" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [MindfulClock] "C:\Program Files\MindfulClock\Mfclock.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162213379953 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162215196484 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: Google Updateservice (gupdate1c9b2012369ea28) (gupdate1c9b2012369ea28) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 16233 bytes Update: Ben ook even mijn programmalijstje nagegaan om te controleren voor mogelijke onbetrouwbare programma's. Ben hierbij computerspel tegengekomen die ik niet kan verwijderen. Als ik op verwijderen druk, reageert mijn avast!. programma wordt geopend in sandbox, omdat ie het programma onbetrouwbaar vind (echter geen genoeg bewijs voor malware). Ik ben echter wel vrij zeker dat dit programma wel een probleem vormt. Ik heb ook al meerdere keren gedrukt op uninstall, dit gebeurd dan ook, maar vervolgens blijft het programma in de lijst staan en is dus alsnog niet verwijderd.
  9. Bedankt, voor de snelle reactie. Dit is wat ik kreeg (moet hierbij wel zeggen dat bij downloaden, installatie en openen programma mijn avira antivirussen weer trojaanse paarden heeft gedetecteerd <heb ze gedelete>) : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 0:20:46, on 25/03/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\CAP3RSK.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\MindfulClock\Mfclock.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE C:\Program Files\Desktop Calendar Reminder\Desktop Calendar Reminder.exe C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\Fighters\Tray\FightersTray.exe C:\Program Files\Auslogics\Auslogics BoostSpeed\boostspeed.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ziggo.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: TBSB00081 - {32B279E3-5023-4CD8-A295-70C79EDBB294} - C:\Program Files\HyvesToolbar\Hyves Toolbar\tbcore3.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Hyves Toolbar - {AB8DC1E0-22BE-4181-B77E-02C495E031F8} - C:\Program Files\HyvesToolbar\Hyves Toolbar\tbcore3.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [instantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c " O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB003" /M "Stylus D68" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [MindfulClock] "C:\Program Files\MindfulClock\Mfclock.exe" O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_Plugin.exe -update plugin O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-21-909846072-1415281087-2201200390-500\..\Run: [bullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" (User 'Administrator') O4 - HKUS\S-1-5-21-909846072-1415281087-2201200390-500\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User 'Administrator') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162213379953 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162215196484 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: Google Updateservice (gupdate1c9b2012369ea28) (gupdate1c9b2012369ea28) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 17808 bytes
  10. Hoi, Ik hoop dat iemand hier mij misschien kan helpen. Er zitten trojaanse paarden op mijn computer. Mijn superantispyware vindt niks. Mijn Avast! ook niet. Maar als ik mijn Avast laat scannen detecteert mijn Avira antivirus constant trojaanse paarden, waaronder generic, spy en banloader. Deze delete ik dan. Ik heb ook wat registry cleaners erop los gelaten. Deze vinden echt super veel fouten (zo'n 1500). Hierbij heb ik ook een paar namen tegengekomen met woorden erin als spy en worm. Ik kan alleen niet alles repareren, want dan moet je het programma weer kopen. Oftewel er is dus wel iets.. Maar hoe kom ik er weer van af? Ik heb geen idee wat ik nu nog kan doen. Ik hoop dat jullie me kunnen helpen:-) p.s. Heb bar weinig verstand hiervan.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.