Pizza_heidi
-
Items
39 -
Registratiedatum
-
Laatst bezocht
Pizza_heidi's prestaties
-
Nee! geweldig, had het niet zo snel verwacht. heb nog even ccleaner geinstalleerd, dus we zijn weer schoon. Heel erg bedankt voor je snelle hulp!
-
Bij deze... [ATTACH]24608[/ATTACH] AdwCleaner[S1].txt
-
Hoi Kape, de vorige keer was je ook al mijn redder in nood . Ik hoop dat je er iets mee kunt: hijackthis.log mbam-log-2013-03-15 (19-48-23).txt
-
Dat is snel, dankjewel... ik dacht dat ik mijn log niet kon opslaan maar hier is hij: [ATTACH]24601[/ATTACH] hijackthis 1.txt
-
Hallo, al eerder ben ik hier geholpen met dit virus. Nu zit hij echter bij mijn dochter op de laptop. Ik dacht meteen een hijack logje mee te sturen, maar dan krijg ik een foutmelding: [ATTACH]24600[/ATTACH] Hoop dat iemand me kan helpen, wat een rot claro!!! hijack foutmelding.docx
-
Nou Kape, ik heb hem 3x laten scannen met eset, hij is nu helemaal schoon en doet het nog steeds goed! (ik ben nog wel een beetje aan het bibberen hoor, maar krijg er steeds meer vertrouwen in!;-)). Dus bij deze: heel heel heeeeeeeel erg bedankt voor je tijd en moeite! Problem solved!!!
-
Ik krijg bijna een beetje hoop dat we hem te pakken hebben! Heb vanavond geen last gehad... Morgenavond opnieuw opstarten, op hoop van zegen, dat zou echt super fijn zijn! Ik laat het je morgen weten!
-
Het is stil aan de overkant...
-
Nou, ben gisteravond nog bezig geweest, en heb met CCleaner de 2e avg 2013 kunnen verwijderen. Nu kan ik hem vreemd genoeg alleen nog maar in veilige modus opstarten (!). Volgens mij zit er niet veel anders op dan formatteren . Heb laten zoeken op AVG maar krijg nog zoveel te zien dat het niet op 1 screenshot past?
-
Ik had er eergisteren eentje kunnen verwijderen, vraag me niet hoe, volgens mij heb ik wel 15 keer de verwijder-tool gebruikt. De andere blijft nog steeds hardnekkig staan... zo ook de 3 tabbladen
-
Ben ik weer met het resultaat: ComboFix 12-11-16.02 - Gebruiker 16-11-2012 21:18:06.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3063.2268 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . FILE :: "c:\program files\GUM6F.tmp" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\$AVG c:\documents and settings\All Users\Application Data\AVG2013(2) c:\documents and settings\All Users\Application Data\AVG2013(2)\log(2)\history.xml c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013(2) c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013(2)\log(2)\avgdiagex.log c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013(2)\log(2)\avgdiagex.log.lock c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013(2)\log(2)\avgui.log c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013(2)\log(2)\avgui.log.lock c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013(2)\log(2)\commonpriv.log c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013(2)\log(2)\commonpriv.log.lock c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCall.dll c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla.dll c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla17.dll c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla18.dll c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla18.exe c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla19.dll c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla2.dll c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla20.dll c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla21.dll c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla21.exe c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseData.ini . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))) . . 2012-11-16 17:45 . 2012-11-16 17:45 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Deployment 2012-11-16 16:59 . 2012-11-16 16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-16 16:59 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-15 21:53 . 2012-11-15 22:16 -------- d-----w- C:\sh4ldr 2012-11-15 21:53 . 2012-11-15 21:53 -------- d-----w- c:\program files\Enigma Software Group 2012-11-15 21:53 . 2012-11-15 21:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-11-14 20:14 . 2012-11-14 20:16 -------- d-----w- c:\program files\Unlocker 2012-11-14 19:55 . 2012-11-16 20:10 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend 2012-11-09 18:45 . 2012-11-09 18:45 -------- d-----w- c:\program files\Speccy 2012-11-06 19:07 . 2011-09-01 10:08 987904 ----a-r- c:\windows\system32\drivers\RTL8192cu.sys 2012-11-05 19:06 . 2012-11-05 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2012-11-05 18:47 . 2012-11-05 18:47 -------- d-----w- c:\program files\ESET 2012-11-05 18:47 . 2012-11-05 18:47 -------- d-----w- c:\windows\system32\searchplugins 2012-11-05 18:47 . 2012-11-05 18:47 -------- d-----w- c:\windows\system32\Extensions 2012-11-04 19:43 . 2012-11-04 19:43 -------- d-----w- c:\windows\system32\wbem\Repository 2012-11-04 18:51 . 2012-11-05 18:47 -------- d-----w- c:\program files\VS Revo Group 2012-10-27 14:44 . 2012-10-27 14:44 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\TuneUp Software 2012-10-20 11:40 . 2012-09-24 21:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-22 19:57 . 2008-04-15 12:00 1866496 ------w- c:\windows\system32\win32k.sys 2012-10-04 19:47 . 2012-07-06 20:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-04 19:47 . 2011-11-02 10:17 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-02 18:04 . 2008-04-15 12:00 58368 ------w- c:\windows\system32\synceng.dll 2012-08-28 15:17 . 2008-04-15 12:00 916992 ------w- c:\windows\system32\wininet.dll 2012-08-28 15:17 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:17 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2008-04-15 12:00 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2008-04-15 12:00 177664 ------w- c:\windows\system32\wintrust.dll 2012-08-23 06:27 . 2008-04-15 12:00 2153472 ------w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:27 . 2008-04-14 22:11 2032128 ------w- c:\windows\system32\ntkrnlpa.exe 2012-08-21 11:01 . 2012-07-26 20:07 26840 ------w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-08-21 11:01 . 2012-07-26 20:07 106928 ------w- c:\windows\system32\GEARAspi.dll 2012-07-18 14:01 . 2012-07-18 14:01 0 ----a-w- c:\program files\GUM6F.tmp 2011-11-25 19:03 . 2011-11-25 19:03 10424515 ----a-w- c:\program files\SABnzbd-0.6.10-win32-setup.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "HP Deskjet 3070 B611 series (NET)"="c:\program files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 1804648] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-12 143360] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-12 172032] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-12 143360] "RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\SABnzbd\\SABnzbd.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\ImgBurn\\ImgBurn.exe"= "c:\\Program Files\\CCleaner\\CCleaner.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= . R1 A2DDA;A2 Direct Disk Access Support Driver;c:\documents and settings\Gebruiker\Bureaublad\Run\a2ddax86.sys [09-11-2012 10:28 17904] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14-03-2012 08:40 120152] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14-03-2012 08:40 104160] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [07-03-2012 15:40 913144] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [16-11-2012 17:59 399432] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16-11-2012 17:59 676936] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16-11-2012 17:59 22856] R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [06-11-2012 20:07 987904] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE1200xp.sys [15-05-2012 19:32 1034240] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - GUPDATE *NewlyCreated* - MBAMPROTECTOR *NewlyCreated* - MBAMSCHEDULER *NewlyCreated* - MBAMSERVICE . Inhoud van de 'Gedeelde Taken' map . 2012-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2012-11-15 c:\windows\Tasks\At1.job - c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 16:06] . 2012-11-15 c:\windows\Tasks\At2.job - c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 16:06] . 2012-11-16 c:\windows\Tasks\At3.job - c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 16:06] . 2012-11-16 c:\windows\Tasks\At4.job - c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 16:06] . 2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-16 17:45] . 2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-16 17:45] . 2012-11-16 c:\windows\Tasks\HP Photo Creations Messager.job - c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-11-16 21:22 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2012-11-16 21:23:17 ComboFix-quarantined-files.txt 2012-11-16 20:23 ComboFix2.txt 2012-11-16 19:40 ComboFix3.txt 2012-11-08 15:49 ComboFix4.txt 2012-11-08 13:45 . Pre-Run: 7.997.087.744 bytes beschikbaar Post-Run: 7.983.521.792 bytes beschikbaar . - - End Of File - - CA155FB4956A49BDC5FB8B5B4E7E059F
-
Gedaan, komt het: ComboFix 12-11-16.02 - Gebruiker 16-11-2012 20:34:27.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3063.2295 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))) . . 2012-11-16 17:45 . 2012-11-16 17:45 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Deployment 2012-11-16 16:59 . 2012-11-16 16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-16 16:59 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-15 21:53 . 2012-11-15 22:16 -------- d-----w- C:\sh4ldr 2012-11-15 21:53 . 2012-11-15 21:53 -------- d-----w- c:\program files\Enigma Software Group 2012-11-15 21:53 . 2012-11-15 22:16 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP 2012-11-15 21:53 . 2012-11-15 21:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-11-14 20:14 . 2012-11-14 20:16 -------- d-----w- c:\program files\Unlocker 2012-11-14 19:55 . 2012-11-16 19:26 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend 2012-11-09 18:45 . 2012-11-09 18:45 -------- d-----w- c:\program files\Speccy 2012-11-06 19:07 . 2011-09-01 10:08 987904 ----a-r- c:\windows\system32\drivers\RTL8192cu.sys 2012-11-05 19:06 . 2012-11-05 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2012-11-05 18:47 . 2012-11-05 18:47 -------- d-----w- c:\program files\ESET 2012-11-05 18:47 . 2012-11-05 18:47 -------- d-----w- c:\windows\system32\searchplugins 2012-11-05 18:47 . 2012-11-05 18:47 -------- d-----w- c:\windows\system32\Extensions 2012-11-05 18:47 . 2012-11-05 18:47 -------- d-----w- C:\$AVG 2012-11-04 19:43 . 2012-11-04 19:43 -------- d-----w- c:\windows\system32\wbem\Repository 2012-11-04 18:51 . 2012-11-05 18:47 -------- d-----w- c:\program files\VS Revo Group 2012-11-04 13:18 . 2012-11-05 18:47 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013(2) 2012-11-04 13:11 . 2012-11-05 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013(2) 2012-10-27 14:44 . 2012-10-27 14:44 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\TuneUp Software 2012-10-20 11:40 . 2012-09-24 21:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-22 19:57 . 2008-04-15 12:00 1866496 ------w- c:\windows\system32\win32k.sys 2012-10-04 19:47 . 2012-07-06 20:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-04 19:47 . 2011-11-02 10:17 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-02 18:04 . 2008-04-15 12:00 58368 ------w- c:\windows\system32\synceng.dll 2012-08-28 15:17 . 2008-04-15 12:00 916992 ------w- c:\windows\system32\wininet.dll 2012-08-28 15:17 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:17 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2008-04-15 12:00 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2008-04-15 12:00 177664 ------w- c:\windows\system32\wintrust.dll 2012-08-23 06:27 . 2008-04-15 12:00 2153472 ------w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:27 . 2008-04-14 22:11 2032128 ------w- c:\windows\system32\ntkrnlpa.exe 2012-08-21 11:01 . 2012-07-26 20:07 26840 ------w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-08-21 11:01 . 2012-07-26 20:07 106928 ------w- c:\windows\system32\GEARAspi.dll 2012-07-18 14:01 . 2012-07-18 14:01 0 ----a-w- c:\program files\GUM6F.tmp 2011-11-25 19:03 . 2011-11-25 19:03 10424515 ----a-w- c:\program files\SABnzbd-0.6.10-win32-setup.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "HP Deskjet 3070 B611 series (NET)"="c:\program files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 1804648] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-12 143360] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-12 172032] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-12 143360] "RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\SABnzbd\\SABnzbd.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\ImgBurn\\ImgBurn.exe"= "c:\\Program Files\\CCleaner\\CCleaner.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= . R1 A2DDA;A2 Direct Disk Access Support Driver;c:\documents and settings\Gebruiker\Bureaublad\Run\a2ddax86.sys [09-11-2012 10:28 17904] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14-03-2012 08:40 120152] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14-03-2012 08:40 104160] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [07-03-2012 15:40 913144] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [16-11-2012 17:59 399432] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16-11-2012 17:59 676936] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16-11-2012 17:59 22856] R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [06-11-2012 20:07 987904] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE1200xp.sys [15-05-2012 19:32 1034240] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - GUPDATE *NewlyCreated* - MBAMPROTECTOR *NewlyCreated* - MBAMSCHEDULER *NewlyCreated* - MBAMSERVICE . Inhoud van de 'Gedeelde Taken' map . 2012-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2012-11-15 c:\windows\Tasks\At1.job - c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 16:06] . 2012-11-15 c:\windows\Tasks\At2.job - c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 16:06] . 2012-11-16 c:\windows\Tasks\At3.job - c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 16:06] . 2012-11-16 c:\windows\Tasks\At4.job - c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 16:06] . 2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-16 17:45] . 2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-16 17:45] . 2012-11-16 c:\windows\Tasks\HP Photo Creations Messager.job - c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-11-16 20:38 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(1960) c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll c:\program files\Common Files\Ahead\Lib\MFC71U.DLL c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2012-11-16 20:40:22 ComboFix-quarantined-files.txt 2012-11-16 19:40 ComboFix2.txt 2012-11-08 15:49 ComboFix3.txt 2012-11-08 13:45 . Pre-Run: 7.847.378.944 bytes beschikbaar Post-Run: 7.930.515.456 bytes beschikbaar . - - End Of File - - BA1E62D0FAD17A1074AC02C84756FAEF
-
Bij allemaal niets te vinden/leeg. Ik heb wel het idee dat het goed gaat, zolang ik me niet aanmeld bij chrome (weet niet helemaal zeker). Ook die avg zit me niet lekker, omdat het 2e en 3e tablad van avg zijn. Nog meer opties? Ik heb trouwens chrome eraf gehaald en opnieuw geinstalleerd, dat mocht ook niet baten...
-
Hoi Kape, De Claro in mijn browser blijft gewoon tevoorschijn komen. Ook krijg ik de avg programma's niet verwijderd met de speciale Tool??
-
Grrrrrr, weer terug bij af! Ik dacht echt dat het goed was, maar nu ineens kan ik niet op internet komen (wel in veilige modus) én de tabbladen komen weer tevoorschijn. Er staat nog steeds 2 x AVG 2013 in mijn lijst met programma's die ik niet kan verwijderen. Ik heb voor de duidelijkheid een foto erbij gedaan waarop je mijn programma's kunt zien én de tabbladen die ik bedoel. Alvast bedankt maar weer! - - - Updated - - - Heb AdwCleaner nog een keer gedraaid, hier mijn logfile: # AdwCleaner v2.007 - Verslag gemaakt op 14/11/2012 om 21:59:57 # Geactualiseerd op 06/11/2012 door Xplode # Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits) # Gebruiker : Gebruiker - HEIDI # Opstarten Modus : Veillige modus met netwerk # Gelanceerd vanaf : C:\Documents and Settings\Gebruiker\Bureaublad\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** File Verwijdert : C:\Documents and Settings\Gebruiker\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.url File Verwijdert : C:\Documents and Settings\Gebruiker\Bureaublad\QuickStores.url File Verwijdert : C:\Documents and Settings\Gebruiker\Menu Start\QuickStores.url Map Verwijdert : C:\Documents and Settings\Gebruiker\Application Data\QuickStoresToolbar Map Verwijdert : C:\WINDOWS\assembly\GAC_MSIL\QuickStoresToolbar ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuickStores-Toolbar_is1 Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1 Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}] ***** [browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Google Chrome v23.0.1271.64 File : C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Verwijdert [l.12] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxps://isearch.avg.com/?cid={1E3AEA31-CE57-4493-BABE-F6FB56DE2185}&mid=〈=nl&ds=hk011&pr=sa&d=2012-10-04 21:29:08&v=12.1.0.20&sap=hp", "hxxps://isearch.avg.com/?cid={13E812D1-ECFC-4069-9384-BDD02A5AB324}&mid=〈=nl&ds=st011&pr=sa&d=2012-10-11 18:47:06&v=12.2.0.5&sap=hp", "hxxp://www.claro-search.com/?affID=114508&tt=4412_8&babsrc=HP_clro&mntrId=f83a7c4a000000000000c0c1c068113b" ] Verwijdert [l.1818] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxps://isearch.avg.com/?cid={1E3AEA31-CE57-4493-BABE-F6FB56DE2185}&mid=〈=nl&ds=hk011&pr=sa&d=2012-10-04 21:29:08&v=12.1.0.20&sap=hp", "hxxps://isearch.avg.com/?cid={13E812D1-ECFC-4069-9384-BDD02A5AB324}&mid=〈=nl&ds=st011&pr=sa&d=2012-10-11 18:47:06&v=12.2.0.5&sap=hp", "hxxp://www.claro-search.com/?affID=114508&tt=4412_8&babsrc=HP_clro&mntrId=f83a7c4a000000000000c0c1c068113b" ] ************************* AdwCleaner[R1].txt - [4295 octets] - [06/11/2012 21:11:13] AdwCleaner[s1].txt - [7209 octets] - [14/07/2012 13:37:08] AdwCleaner[s2].txt - [3834 octets] - [10/11/2012 11:59:01] AdwCleaner[s3].txt - [1139 octets] - [10/11/2012 12:09:43] AdwCleaner[s4].txt - [1199 octets] - [12/11/2012 18:01:19] AdwCleaner[s5].txt - [1259 octets] - [12/11/2012 18:04:28] AdwCleaner[s6].txt - [1319 octets] - [12/11/2012 19:41:33] AdwCleaner[s7].txt - [1366 octets] - [12/11/2012 19:49:31] AdwCleaner[s8].txt - [3443 octets] - [14/11/2012 21:59:57] ########## EOF - C:\AdwCleaner[s8].txt - [3503 octets] ##########
