opstartherstel mislukt

[anoniem]

Ik hoop dat iemand mij kan en wil helpen met het volgende probleem: Het is allemaal begonnen met foutmeldingen "ongeldige installatiekopie", dit bij het opstarten van mijn laptop en vervolgens bij het starten van verschillende programma's. Op aanraden van één van de leden heb ik een systeemherstel toegepast. Het probleem leek opgelost, maar bij opnieuw opstarten kom ik telkens in "opstartherstel" terecht. (zie topic http://forum.computertotaal.nl/phpBB/viewtopic.php?p=1453006#1453006) Vervolgens gescand met Malwarebytes, Anti-Malware en Hijackthis. Hieronder de resultaten. Is er een reddende engel voor mij aanwezig? Alvast bedankt! Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 6479 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.19048 30-4-2011 20:10:41 mbam-log-2011-04-30 (20-10-41).txt Scantype: Volledige scan (C:\|E:\|) Objecten gescand: 324946 Verstreken tijd: 51 minuut/minuten, 53 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 4 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 2 Mappen geïnfecteerd: 2 Bestanden geïnfecteerd: 7 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultDns Service (Adware.ResultDNS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultDns (Adware.ResultDNS) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.tangosearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.tangosearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully. Mappen geïnfecteerd: c:\programdata\resultdns (Adware.ResultDns) -> Quarantined and deleted successfully. c:\program files\resultdns (Adware.ResultDns) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: c:\programdata\resultdns\resultdns115.exe (Adware.ResultDNS) -> Quarantined and deleted successfully. c:\program files\resultdns\resultdns.exe (Adware.ResultDNS) -> Quarantined and deleted successfully. c:\program files\resultdns\uninstall.exe (Adware.ResultDNS) -> Quarantined and deleted successfully. c:\program files\youruninstaller2008\Keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully. c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Emsisoft Anti-Malware - Versie 5.1 Laatste Update: 1-5-2011 15:28:09 Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\, E:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 1-5-2011 15:28:36 C:\Users\Annelie\Documents\keygen etc\Gamehouse\Gamehouse_Patch.exe Ontdekt: Trojan.Generic!IK C:\Users\Annelie\Documents\keygen etc\Reflexive\!!Universal Reflexive Key Generator!!.exe Ontdekt: Virus.Win32.Trojan!IK C:\Users\Annelie\Downloads\rcoasterty.rar/rcoasterty\rcttrn.EXE Ontdekt: BehavesLikeWin32.RemoteInjector!IK C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZA4U4VOD\upgrade[1].cab/$0\resultdns.dll Ontdekt: Riskware.AdWare.Win32.Zwangi!IK C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZA4U4VOD\upgrade[1].cab/$0\resultdns.exe Ontdekt: BHO.Win32.Zwangi!IK Gescand Bestanden: 399666 Sporen: 399197 Cookies: 1 Processen: 22 Gevonden Bestanden: 6 Sporen: 0 Cookies: 0 Processen: 0 Registersleutels: 0 Scan Geëindigd: 1-5-2011 18:25:54 Scantijd: 2:57:18 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZA4U4VOD\upgrade[1].cab/$0\resultdns.exe In Quarantaine BHO.Win32.Zwangi!IK C:\Users\Annelie\Downloads\rcoasterty.rar/rcoasterty\rcttrn.EXE In Quarantaine BehavesLikeWin32.RemoteInjector!IK C:\Users\Annelie\Documents\keygen etc\Reflexive\!!Universal Reflexive Key Generator!!.exe In Quarantaine Virus.Win32.Trojan!IK C:\Users\Annelie\Documents\keygen etc\Gamehouse\Gamehouse_Patch.exe In Quarantaine Trojan.Generic!IK In Quarantaine Bestanden: 6 Sporen: 0 Cookies: 0 Verwijderd Bestanden: 1 Sporen: 0 Cookies: 0 Dit kon niet verwijderd worden: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZA4U4VOD\upgrade[1].cab/$0\resultdns.dll - File not found Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:31:20, on 2-5-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19048) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alawar.co.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll O1 - Hosts: ::1 localhost O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file) O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Free YouTube Download - C:\Users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - (no file) O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - (no file) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file) O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AVG Security Toolbar Service - AVAST Software - (no file) O23 - Service: AVGIDSAgent - AVAST Software - (no file) O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - (no file) O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Common Toolkit Tools - Unknown owner - C:\Program Files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe (file missing) O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c9f67b409fb1c7) (gupdate1c9f67b409fb1c7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TomTomHOMEService - TomTom - C:\Users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 12584 bytes

[anoniem]

Hallo Eline, een van de problemen in jouw Windows is een conflict dat resten van AVG hebben met Avast! Ter verdere informatie: we gaan ComboFix gebruiken. Je leest aandachtig onderstaande en je download ComboFix naar je bureaublad en verder doe je nog niks, want via een script gaan we AVG definitief uit jouw Windows halen middels ComboFix! 1) [b:53e7ecd818]Welk programma[/b:53e7ecd818]: ComboFix [b:53e7ecd818]Waarvoor/waarom[/b:53e7ecd818]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:53e7ecd818]Moeilijkheidsgraad[/b:53e7ecd818]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:53e7ecd818]Downloadlokatie[/b:53e7ecd818]: Dit programma absoluut naar het bureaublad downloaden! [b:53e7ecd818]Download ComboFix via één van deze locaties[/b:53e7ecd818]: [list:53e7ecd818][*:53e7ecd818][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:53e7ecd818]Bleepingcomputer[/b:53e7ecd818][/url] [*:53e7ecd818][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:53e7ecd818]ForoSpyware[/b:53e7ecd818][/url] [*:53e7ecd818][url=http://subs.geekstogo.com/ComboFix.exe][b:53e7ecd818]Geekstogo[/b:53e7ecd818][/url][/list:u:53e7ecd818] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:53e7ecd818]Hier[/b:53e7ecd818][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:53e7ecd818]Hier[/b:53e7ecd818][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:53e7ecd818]hier[/b:53e7ecd818][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:53e7ecd818]Voor alle duidelijkheid nogmaals[/b:53e7ecd818]: ComboFix dient vanaf het bureaublad gestart te worden. [b:53e7ecd818]Opmerkingen[/b:53e7ecd818]: [list:53e7ecd818][*:53e7ecd818] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:53e7ecd818]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:53e7ecd818]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:53e7ecd818] [b:53e7ecd818]ComboFix is opgestart[/b:53e7ecd818]: [list:53e7ecd818][*:53e7ecd818]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:53e7ecd818]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:53e7ecd818]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:53e7ecd818]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:53e7ecd818]Post de inhoud van dit logbestand in je volgende bericht. [*:53e7ecd818]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:53e7ecd818] [b:53e7ecd818]Belangrijke opmerking[/b:53e7ecd818]: [list:53e7ecd818][*:53e7ecd818][b:53e7ecd818][color=Red:53e7ecd818]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:53e7ecd818][/b:53e7ecd818] [*:53e7ecd818][b:53e7ecd818][color=blue:53e7ecd818]Illegal operation attempted on a registery key that has been marked for deletion.[/color:53e7ecd818][/b:53e7ecd818] [*:53e7ecd818][b:53e7ecd818][color=Red:53e7ecd818]Start dan de computer opnieuw op.[/color:53e7ecd818][/b:53e7ecd818][/list:u:53e7ecd818] 2) Script! Open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:53e7ecd818]Kladblok[/b:53e7ecd818]". Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster. sla vervolgens het kladblokbestand op jouw bureaublad op als [b:53e7ecd818]CFScript_AVG2011.txt[/b:53e7ecd818] [b:53e7ecd818][color=Blue:53e7ecd818]REGISTRY:: [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEnd] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEndFail] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdStart] [-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray] [-HKEY_CURRENT_USER\Software\Avg] [-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG9 Shell Extension] [-HKEY_CLASSES_ROOT\.avgdx] [-HKEY_CLASSES_ROOT\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}] [-HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] [-HKEY_CLASSES_ROOT\CLSID\{41B21542-2055-4212-A6F2-395CD109B14B}] [-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}] [-HKEY_CLASSES_ROOT\CLSID\{6F59E522-4689-156E-316C-D5B48819DE95} ] [-HKEY_CLASSES_ROOT\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}] [-HKEY_CLASSES_ROOT\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}] [-HKEY_CLASSES_ROOT\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}] [-HKEY_CLASSES_ROOT\CLSID\{F1FE4608-7924-4908-8E12-81CFA206F00A}] [-HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}] [-HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\AVG9 Shell Extension] [-HKEY_CLASSES_ROOT\Installer\Features\36E852A15FD8BDA48923830A21D156BE] [-HKEY_CLASSES_ROOT\Installer\Features\69BC3230A1222404483A39DE4E0799CF] [-HKEY_CLASSES_ROOT\Installer\Features\CFD2C1F142D260E3CB8B271543DA9F98] [-HKEY_CLASSES_ROOT\Installer\Products\36E852A15FD8BDA48923830A21D156BE] [-HKEY_CLASSES_ROOT\Installer\Products\69BC3230A1222404483A39DE4E0799CF] [-HKEY_CLASSES_ROOT\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98] [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\06DD9E4F7F3FF9C41BC2BD64A2CE18FE] [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\38F747DBDC97B4E459142E21199F9D10] [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011] [-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter] [-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter.1] [-HKEY_CLASSES_ROOT\MicroScanner.MicroScanner] [-HKEY_CLASSES_ROOT\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension] [-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\linkscanner] [-HKEY_LOCAL_MACHINE\SOFTWARE\AVG] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VC] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0323CB96-221A-4042-84A3-93EDE47099FC}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A258E63-8DF5-4ADB-9832-38A0121D65EB}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AlwaysUnloadDll] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG] DRIVER:: Avg AVGIDSAgent AVGIDSDriver AVGIDSEH AVGIDSFilter AVGIDSShim Avgldx86 Avgmfx86 Avgrkx86 Avgtdix avgwd FOLDER:: %SYSTEMDRIVE%\$AVG %COMMONAPPDATA%\AVG10 %COMMONAPPDATA%\MFAData %COMMONPROGRAMS%\AVG 2011 %APPDATA%\AVG10 %PROGRAMFILES%\AVG %SYSTEM%\drivers\AVG File:: %COMMONAPPDATA%\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat %COMMONDESKTOP%\AVG 2011.lnk %SYSTEM%\drivers\AVGIDSDriver.sys %SYSTEM%\drivers\AVGIDSEH.sys %SYSTEM%\drivers\AVGIDSFilter.sys %SYSTEM%\drivers\AVGIDSShim.sys %SYSTEM%\drivers\avgldx86.sys %SYSTEM%\drivers\avgmfx86.sys %SYSTEM%\drivers\avgrkx86.sys %SYSTEM%\drivers\avgtdix.sys[/b:53e7ecd818][/color:53e7ecd818] Sla dit kladblokbestand op je bureaublad op als [b:53e7ecd818]CFScript_AVG2011.txt[/b:53e7ecd818]. Start de computer in veilige modus: http://www.nationaalcomputerforum.nl/showthread.php?t=27396 Sleep [b:53e7ecd818]CFScript_AVG2011.txt[/b:53e7ecd818] in [b:53e7ecd818]ComboFix.exe[/b:53e7ecd818] zoals getoond in onderstaand voorbeeld : [img:53e7ecd818]http://img517.imageshack.us/img517/8662/cfscript10uc2.gif[/img:53e7ecd818] Dit zal [b:53e7ecd818]ComboFix[/b:53e7ecd818] doen herstarten. [b:53e7ecd818]Start opnieuw op als daarom gevraagd wordt.[/b:53e7ecd818] Post het Combofix log dat na het opnieuw starten wordt getoond!

[anoniem]

Heel fijn dat je me wilt helpen. Ik zit te popelen om te beginnen, maar ik begrijp iets niet: Ik kan nu alleen maar werken in veilige modus, en volgens mij zijn er dan geen anti virus en spyware programma's geaktiveerd. Ik zie tenminste geen icoontjes in de taakbalk. Klopt dat? Verder zeg je dat ik Combifix moet downloaden en "verder niks doen". Begrijp ik het goed dat ik Combifix dus niet moet opstarten, alleen dat script in een kladblokbestand bestand moet plakken en vervolgens naar Combofix moet slepen? Dat "verder niks doen" brengt mij in verwarring, daarom vraag ik het maar even voor de zekerheid; ben bang iets verkeerd te doen, ben nog maar een leek... [/u]

[anoniem]

Hoi, ja - je begrijpt het goed - in jouw geval moet dat script over ComboFix heen gesleepd worden. Want eerst moet AVG volledig verwijderd zijn, wil ComboFix normaal kunnen opstarten!

[anoniem]

Hopelijk ben je er nog. Ik krijg een waarschuwing van Combifix, dat Avast actief is, maar ik zie helemaal geen pictogram of iets van Avast. Wat nu??

[anoniem]

Negeer de waarschuwing maar en laat ComboFix scannen!

[anoniem]

Dit is het Combofix log: ComboFix 11-05-02.03 - Annelie 02-05-2011 21:51:58.1.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2939.2393 [GMT 2:00] Gestart vanuit: c:\users\Annelie\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Annelie\Desktop\CFScript_AVG2011.txt AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Emsisoft Anti-Malware *Disabled/Updated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Emsisoft Anti-Malware *Disabled/Updated* {B1BD7E99-06FB-2B81-3B52-7834153DC387} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . FILE :: "c:\programdata\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat" "c:\users\Public\Desktop\AVG 2011.lnk" "c:\windows\system32\drivers\AVGIDSDriver.sys" "c:\windows\system32\drivers\AVGIDSEH.sys" "c:\windows\system32\drivers\AVGIDSFilter.sys" "c:\windows\system32\drivers\AVGIDSShim.sys" "c:\windows\system32\drivers\avgldx86.sys" "c:\windows\system32\drivers\avgmfx86.sys" "c:\windows\system32\drivers\avgrkx86.sys" "c:\windows\system32\drivers\avgtdix.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\$AVG c:\$avg\$CHJW\04951666-ac29-4f58-a228-98b2d31590c9 c:\$avg\$CHJW\067744b0-67fd-4804-97ac-b1c97d1ef087 c:\$avg\$CHJW\0f4141ac-9705-4edc-b757-1088aa5317c2 c:\$avg\$CHJW\21bc3615-053d-45ae-822d-29e70a3dbe1a c:\$avg\$CHJW\231ddebd-2881-481c-a968-ed45f3763a32 c:\$avg\$CHJW\4fd83ff7-37b3-49a4-9a82-1e43193a9b19 c:\$avg\$CHJW\57bf817e-2fd3-4ff0-a357-41220f4b8344 c:\$avg\$CHJW\7ea099be-8f0b-4c6d-bd96-5ffab87f19ae c:\$avg\$CHJW\8c3adf8e-9966-46a2-a71a-6af2e4a11f35 c:\$avg\$CHJW\9a35aa6a-fc41-4f22-874c-8dcd33fd5fef c:\$avg\$CHJW\9d97b374-62b4-4bbf-b8d3-a0535b8ffbcf c:\$avg\$CHJW\avgcchff.dat c:\$avg\$CHJW\avgcchfi.dat c:\$avg\$CHJW\avgcchmf.dat c:\$avg\$CHJW\avgcchmi.dat c:\$avg\$CHJW\b417e3d0-879a-4bcd-971c-140322af3d26 c:\$avg\$CHJW\d3852d67-d13c-4414-8b93-a794fe1ddeb1 c:\$avg\$CHJW\d546e75a-6bad-498e-959c-e6dde9a2cd7b c:\$avg\$CHJW\e097f445-47ce-43b9-896f-eb63658b4489 c:\$avg\$CHJW\e5a634c6-5025-4b64-9d09-6d76ad434794 c:\$avg\$CHJW\ec8d2fe8-54fc-4e4b-8bf3-f336133b7acb c:\$avg\$CHJW\ecfddcf4-be9c-40ca-be5b-ca9df3f499a1 c:\$avg\$VAULT\V_00000237.fil c:\$avg\$VAULT\V_00000238.fil c:\$avg\$VAULT\V_00000239.fil c:\$avg\$VAULT\V_00000240.fil c:\$avg\$VAULT\V_00000241.fil c:\$avg\$VAULT\V_00000242.fil c:\$avg\$VAULT\V_00000243.fil c:\$avg\$VAULT\vvfolder.idx c:\program files\AVG c:\program files\AVG\AVG10\avgcertx.dll c:\program files\AVG\AVG10\avgcfgx.dll c:\program files\AVG\AVG10\avgchclx.dll c:\program files\AVG\AVG10\avgchjwx.dll c:\program files\AVG\AVG10\avgchsvx.exe c:\program files\AVG\AVG10\avgclitx.dll c:\program files\AVG\AVG10\avgcorex.dll c:\program files\AVG\AVG10\avglogx.dll c:\program files\AVG\AVG10\avgmfapx.exe c:\program files\AVG\AVG10\avgrsx.exe c:\program files\AVG\AVG10\avgse.dll c:\program files\AVG\AVG10\HtmLayout.dll c:\programdata\AVG10 c:\programdata\AVG10\Cfg\admin.cfg c:\programdata\AVG10\Cfg\changecfgreg.cfg c:\programdata\AVG10\Cfg\csl.cfg c:\programdata\AVG10\Cfg\emssrv.cfg c:\programdata\AVG10\Cfg\erd.cfg c:\programdata\AVG10\Cfg\except.cfg c:\programdata\AVG10\Cfg\idp.cfg c:\programdata\AVG10\Cfg\krnl.cfg c:\programdata\AVG10\Cfg\mail.cfg c:\programdata\AVG10\Cfg\mailsrv.cfg c:\programdata\AVG10\Cfg\mailsrvvsapi.cfg c:\programdata\AVG10\Cfg\malrep.cfg c:\programdata\AVG10\Cfg\scan.cfg c:\programdata\AVG10\Cfg\sched.cfg c:\programdata\AVG10\Cfg\setup.cfg c:\programdata\AVG10\Cfg\spsrv.cfg c:\programdata\AVG10\Cfg\update.cfg c:\programdata\AVG10\Cfg\updatecomps.cfg c:\programdata\AVG10\Cfg\user.cfg c:\programdata\AVG10\cfgall\falsealarm.cfg c:\programdata\AVG10\cfgall\krnlall.cfg c:\programdata\AVG10\cfgall\pctuneupall.cfg c:\programdata\AVG10\cfgall\srmall.cfg c:\programdata\AVG10\cfgall\updateall.cfg c:\programdata\AVG10\cfgall\userall.cfg c:\programdata\AVG10\Chjw\480e17a10e1786da.dat c:\programdata\AVG10\Chjw\480e17a10e1786da\avgcchff.dat c:\programdata\AVG10\Chjw\480e17a10e1786da\avgcchmf.dat c:\programdata\AVG10\Chjw\6e701558701527fb.dat c:\programdata\AVG10\Chjw\6e701558701527fb\avgcchff.dat c:\programdata\AVG10\Chjw\6e701558701527fb\avgcchmf.dat c:\programdata\AVG10\Chjw\823013053012ffb9.dat c:\programdata\AVG10\Dumps\iexplore.exe_129478566539724866.exh c:\programdata\AVG10\Dumps\iexplore.exe_129478566539724866_F.dmp c:\programdata\AVG10\Dumps\iexplore.exe_129478566539724866_M.dmp c:\programdata\AVG10\IDS(85)\log\AVGIDSAgent_boot.log c:\programdata\AVG10\IDS\config\ClientConfig.cfg c:\programdata\AVG10\IDS\log\AVGIDSAgent_boot.log c:\programdata\AVG10\IDS\profile\globalLoadable.gdb c:\programdata\AVG10\log\arklog.cfg c:\programdata\AVG10\log\avgcfg.log c:\programdata\AVG10\log\avgcfg.log.lock c:\programdata\AVG10\log\avgcfgex.log c:\programdata\AVG10\log\avgcfgex.log.lock c:\programdata\AVG10\log\avgchjw.log c:\programdata\AVG10\log\avgchjw.log.lock c:\programdata\AVG10\log\avgchjwsrv.log c:\programdata\AVG10\log\avgchjwsrv.log.lock c:\programdata\AVG10\log\avgldr.log c:\programdata\AVG10\log\avgldr.log.lock c:\programdata\AVG10\log\avglng.log c:\programdata\AVG10\log\avglng.log.lock c:\programdata\AVG10\log\avgmail.cfg c:\programdata\AVG10\log\avgrs.log c:\programdata\AVG10\log\avgrs.log.1 c:\programdata\AVG10\log\avgrs.log.2 c:\programdata\AVG10\log\avgrs.log.lock c:\programdata\AVG10\log\avgtbapi.cfg c:\programdata\AVG10\log\avgtdi.log c:\programdata\AVG10\log\avgtdi.log.lock c:\programdata\AVG10\log\avgui.log c:\programdata\AVG10\log\avgui.log.lock c:\programdata\AVG10\log\avguilog.cfg c:\programdata\AVG10\log\avgwd.log c:\programdata\AVG10\log\avgwd.log.lock c:\programdata\AVG10\log\avgwdsvc.log c:\programdata\AVG10\log\avgwdsvc.log.lock c:\programdata\AVG10\log\cfgexlog.cfg c:\programdata\AVG10\log\cfglog.cfg c:\programdata\AVG10\log\chjwlog.cfg c:\programdata\AVG10\log\commonpriv.log c:\programdata\AVG10\log\commonpriv.log.lock c:\programdata\AVG10\log\commonpub.log c:\programdata\AVG10\log\commonpub.log.lock c:\programdata\AVG10\log\corelog.cfg c:\programdata\AVG10\log\csllog.cfg c:\programdata\AVG10\log\emclog.cfg c:\programdata\AVG10\log\fixcfg.log c:\programdata\AVG10\log\fixcfg.log.lock c:\programdata\AVG10\log\ldrlog.cfg c:\programdata\AVG10\log\lnglog.cfg c:\programdata\AVG10\log\lscanlog.cfg c:\programdata\AVG10\log\nslog.cfg c:\programdata\AVG10\log\privlog.cfg c:\programdata\AVG10\log\publog.cfg c:\programdata\AVG10\log\rslog.cfg c:\programdata\AVG10\log\scanlog.cfg c:\programdata\AVG10\log\schedlog.cfg c:\programdata\AVG10\log\srmlog.cfg c:\programdata\AVG10\log\tdilog.cfg c:\programdata\AVG10\log\updlog.cfg c:\programdata\AVG10\log\vaultlog.cfg c:\programdata\AVG10\log\wdlog.cfg c:\programdata\AVG10\log\wdsvclog.cfg c:\programdata\AVG10\SetupBackup\Avgx86.msi c:\programdata\AVG10\SetupBackup\corex86.msi c:\programdata\AVG10\Temp\file9514.tmp c:\programdata\AVG10\update\download\fixcorex3.exe c:\programdata\MFAData c:\programdata\MFAData\logs\mfa-20101112-074712.log c:\programdata\MFAData\logs\mfa-20101112-075533.log c:\programdata\MFAData\logs\mfa-20110413-162221.log c:\programdata\MFAData\logs\mfa-20110428-194956.log c:\programdata\MFAData\logs\mfa-20110429-152333.log c:\programdata\MFAData\logs\mfa-20110429-153132.log c:\programdata\MFAData\logs\mfa-20110429-153151.log c:\programdata\MFAData\logs\mfa-20110429-153251.log c:\programdata\MFAData\logs\mfa-20110429-153550.log c:\programdata\MFAData\logs\mfa-20110429-155731.log c:\programdata\MFAData\logs\mfa-20110429-155810.log c:\programdata\MFAData\logs\mfa-20110429-160757.log c:\programdata\MFAData\logs\msi-20101112-074712.log c:\programdata\MFAData\logs\msi-20110413-162221.log c:\programdata\MFAData\logs\msi-20110428-194956.log c:\programdata\MFAData\logs\msi-20110429-152333.log c:\programdata\MFAData\logs\msi-20110429-155731.log c:\programdata\MFAData\mfaurlconf.ini c:\programdata\MFAData\public_installation_log.xml c:\programdata\MFAData\setup_tp.cab c:\programdata\Microsoft\Windows\Start Menu\Programs\AVG 2011 c:\programdata\Microsoft\Windows\Start Menu\Programs\AVG 2011\Installatie van AVG.lnk ongedaan maken.lnk c:\puzzelhulp\Puzzelhulp.exe c:\users\Annelie\AppData\Roaming\.# c:\users\Annelie\AppData\Roaming\AVG10 c:\users\Annelie\AppData\Roaming\AVG10\cfgall\usergui.cfg c:\users\Annelie\AppData\Roaming\log.txt c:\windows\system32\drivers\AVG c:\windows\system32\drivers\AVG\iavichjg.avm c:\windows\system32\drivers\AVG\iavichjw.avm c:\windows\system32\drivers\AVG\incavi.avm c:\windows\system32\drivers\AVGIDSDriver.sys c:\windows\system32\drivers\AVGIDSEH.sys c:\windows\system32\drivers\AVGIDSFilter.sys c:\windows\system32\drivers\AVGIDSShim.sys c:\windows\system32\drivers\avgldx86.sys c:\windows\system32\drivers\avgmfx86.sys c:\windows\system32\drivers\avgrkx86.sys c:\windows\system32\drivers\avgtdix.sys c:\windows\XSxS . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_AVGIDSDRIVER -------\Legacy_AVGIDSEH -------\Legacy_AVGIDSFILTER -------\Legacy_AVGIDSSHIM -------\Legacy_AVGLDX86 -------\Legacy_AVGMFX86 -------\Legacy_AVGRKX86 -------\Legacy_AVGTDIX -------\Service_Avg -------\Service_AVGIDSAgent -------\Service_AVGIDSDriver -------\Service_AVGIDSEH -------\Service_AVGIDSFilter -------\Service_AVGIDSShim -------\Service_Avgldx86 -------\Service_Avgmfx86 -------\Service_Avgrkx86 -------\Service_Avgtdix -------\Service_avgwd . . (((((((((((((((((((( Bestanden Gemaakt van 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))) . . 2011-05-02 19:59 . 2011-05-02 20:06 -------- d-----w- c:\users\Annelie\AppData\Local\temp 2011-05-02 19:59 . 2011-05-02 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-04-29 17:36 . 2011-04-29 10:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-04-29 17:06 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-29 17:06 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-29 16:02 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-04-29 16:02 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-04-29 16:02 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-04-29 16:02 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-04-29 16:02 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-04-29 16:02 . 2011-04-18 17:13 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-04-29 16:01 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr 2011-04-29 16:01 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-04-29 15:37 . 2009-11-04 20:43 4915024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD3A99D1-48BB-401B-835B-7B25654BB522}\mpengine.dll 2011-04-29 15:35 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-04-29 15:35 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-04-29 15:35 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-04-29 07:47 . 2011-04-29 07:47 -------- d-----w- c:\program files\Panda Security 2011-04-28 20:08 . 2011-04-28 20:08 -------- d-----w- c:\programdata\AVAST Software 2011-04-28 20:08 . 2011-04-28 20:08 -------- d-----w- c:\program files\AVAST Software 2011-04-28 19:15 . 2011-04-28 19:15 -------- d-----w- c:\users\Annelie\AppData\Local\Sunbelt Software 2011-04-28 19:14 . 2011-04-28 19:14 -------- dc-h--w- c:\programdata\{91EC863D-D912-4466-91CC-9489A4A2ADD3} 2011-04-28 19:13 . 2011-04-28 19:15 -------- d-----w- c:\programdata\Lavasoft 2011-04-28 19:13 . 2011-04-28 19:13 -------- d-----w- c:\program files\Lavasoft 2011-04-28 12:11 . 2011-05-02 20:01 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2011-04-28 11:15 . 2011-04-28 11:15 -------- d-----w- c:\users\Annelie\AppData\Roaming\Malwarebytes 2011-04-28 11:14 . 2011-04-28 11:14 -------- d-----w- c:\programdata\Malwarebytes 2011-04-28 11:14 . 2011-04-30 17:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-27 20:21 . 2011-04-27 20:21 -------- d-----w- c:\users\Annelie\AppData\Roaming\Skype 2011-04-27 18:59 . 2011-04-27 18:59 -------- d-----w- c:\program files\Loaris 2011-04-27 18:16 . 2011-04-27 18:58 -------- d-----w- c:\program files\Loaris Trojan Remover 2011-04-26 10:23 . 2011-04-26 10:23 -------- d-----w- c:\users\Annelie\AppData\Local\{9E100F3C-EA2F-47A4-B425-21C819210AC5} 2011-04-24 19:11 . 2011-04-24 19:12 -------- d-----w- c:\users\Annelie\AppData\Local\{395F0E53-EA0F-43D1-BFD8-3073D5DEEA73} 2011-04-23 10:55 . 2011-04-23 10:55 -------- d-----w- c:\users\Annelie\AppData\Roaming\Ph03nixNewMedia 2011-04-23 10:30 . 2011-04-23 10:31 -------- d-----w- c:\users\Annelie\AppData\Local\{068C08DC-6D76-4637-979A-D7D0CAD19CE8} 2011-04-22 19:45 . 2011-04-22 19:45 -------- d-----w- c:\program files\Shangri La 2 Deluxe 2011-04-22 18:22 . 2011-04-22 18:22 -------- d-----w- c:\users\Annelie\AppData\Local\{16FFFFCA-AFFA-4391-8781-82ABF2CA3816} 2011-04-21 18:28 . 2011-04-21 18:33 -------- d-----w- c:\program files\Farmscapes Collectors Edition 2011-04-21 11:13 . 2011-04-21 11:13 -------- d-----w- c:\users\Annelie\AppData\Local\{9B64721A-ADD4-4208-8056-4954A31112B6} 2011-04-20 10:58 . 2011-04-20 10:58 -------- d-----w- c:\users\Annelie\AppData\Local\ElevatedDiagnostics 2011-04-20 10:56 . 2011-04-20 10:56 -------- d-----w- c:\program files\Microsoft ATS 2011-04-20 10:47 . 2011-04-20 10:47 -------- d-----w- c:\users\Annelie\AppData\Local\{BAFE4342-D6FA-4D73-8A27-61B441186B8E} 2011-04-19 13:03 . 2011-04-19 13:03 -------- d-----w- c:\users\Annelie\AppData\Local\{E0955E8B-3E15-4A18-9D01-EBF192D7A901} 2011-04-18 08:38 . 2011-04-18 08:38 -------- d-----w- c:\users\Annelie\AppData\Local\{C03CDA2F-C074-4E97-B1F5-72A2D702314B} 2011-04-17 15:13 . 2011-04-17 15:15 -------- d-----w- c:\program files\Campfire Legends - The Babysitter 2011-04-17 12:56 . 2011-04-29 16:11 -------- d-----w- c:\program files\Elizabeth Find M.D. - Diagnosis Mystery Deluxe 2011-04-17 10:55 . 2011-04-17 10:55 -------- d-----w- c:\users\Annelie\AppData\Local\{DDFDE472-6525-4B01-A6C1-6EC67D4F28A3} 2011-04-16 10:37 . 2011-04-16 10:37 -------- d-----w- c:\users\Annelie\AppData\Local\{1ACCFDEB-DB71-4C89-A9D4-8F6BA85BA551} 2011-04-14 18:02 . 2011-04-14 18:02 -------- d-----w- c:\users\Annelie\{b2edab7a-3cfa-40b2-9c18-53b00b56e1da} 2011-04-14 10:56 . 2011-04-14 10:56 -------- d-----w- c:\users\Annelie\AppData\Local\{F2FB913C-883A-4074-A119-1CF089BEE591} 2011-04-12 14:43 . 2011-04-12 14:43 -------- d-----w- c:\users\Annelie\AppData\Local\{6BE0F641-9E5D-4504-A4E7-C34F53CB82EC} 2011-04-11 18:19 . 2011-04-11 18:20 -------- d-----w- c:\program files\Little Shop - World Traveler Deluxe 2011-04-10 19:49 . 2011-04-10 19:49 -------- d-----w- c:\users\Annelie\AppData\Roaming\NevoSoft 2011-04-08 07:34 . 2011-04-08 07:35 -------- d-----w- c:\users\Annelie\AppData\Roaming\thejoyoffarming 2011-04-05 17:50 . 2011-04-05 17:50 -------- d-----w- c:\users\Annelie\AppData\Local\{A96C30B7-75C4-4B90-8139-FCCEFF976A89} 2011-04-04 19:38 . 2011-04-05 17:45 -------- d-----w- c:\program files\Fiction Fixers - De Vloek van Oz 2011-04-04 18:12 . 2011-04-08 18:01 -------- d-----w- c:\users\Annelie\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets 2011-04-04 18:10 . 2011-04-08 18:02 -------- d-----w- c:\program files\A Gypsy's Tale - The Tower of Secrets Deluxe 2011-04-03 11:59 . 2011-04-03 11:59 -------- d-----w- c:\users\Annelie\AppData\Local\{84FB63FE-2C6F-4D1E-97EF-BEF282DFFEAE} . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-18 07:15 . 2011-05-02 20:10 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98F519BA-5EFD-4B41-807F-CB08F51597D3}\mpengine.dll 2011-03-09 11:37 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-03-07 15:16 . 2010-01-19 13:00 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-03-07 15:16 . 2010-01-19 13:00 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2011-03-03 15:40 . 2011-04-29 15:35 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2011-03-03 15:40 . 2011-04-29 15:35 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2011-03-03 15:40 . 2011-04-29 15:35 542720 ----a-w- c:\windows\apppatch\AcLayers.dll 2011-03-03 15:40 . 2011-04-29 15:35 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll 2011-02-22 14:13 . 2011-03-23 12:25 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-22 13:33 . 2011-03-23 12:25 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-02-22 13:33 . 2011-03-23 12:25 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-02-11 17:26 . 2011-02-11 17:26 8198680 ----a-w- c:\windows\system32\TVWSetup.exe 2011-02-11 17:26 . 2009-07-17 14:48 137752 ----a-w- c:\windows\system32\igfxtray.exe 2011-02-11 17:26 . 2009-07-17 14:48 267800 ----a-w- c:\windows\system32\igfxsrvc.exe 2011-02-11 17:26 . 2009-07-17 14:48 172568 ----a-w- c:\windows\system32\igfxpers.exe 2011-02-11 17:26 . 2009-07-17 14:48 179224 ----a-w- c:\windows\system32\igfxext.exe 2011-02-11 17:26 . 2009-07-17 14:48 171032 ----a-w- c:\windows\system32\hkcmd.exe 2011-02-11 17:26 . 2011-02-11 17:26 3157528 ----a-w- c:\windows\system32\GfxUI.exe 2011-02-11 17:20 . 2011-02-11 17:20 81920 ----a-w- c:\windows\system32\igfxCoIn_v2302.dll 2011-02-11 17:12 . 2011-02-11 17:12 9036800 ----a-w- c:\windows\system32\drivers\igdkmd32.sys 2011-02-11 17:12 . 2008-08-19 11:04 4967424 ----a-w- c:\windows\system32\igdumd32.dll 2011-02-11 17:09 . 2008-08-19 11:04 571904 ----a-w- c:\windows\system32\igdumdx32.dll 2011-02-11 17:04 . 2011-02-11 17:04 4411392 ----a-w- c:\windows\system32\igd10umd32.dll 2011-02-11 16:51 . 2011-02-11 16:51 11039744 ----a-w- c:\windows\system32\ig4icd32.dll 2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrsky.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrtrk.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrslv.lrc 2011-02-11 16:44 . 2011-02-11 16:44 84992 ----a-w- c:\windows\system32\igfxrtha.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86528 ----a-w- c:\windows\system32\igfxresn.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrrus.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrptg.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrsve.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrplk.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrptb.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrnor.lrc 2011-02-11 16:44 . 2011-02-11 16:44 82944 ----a-w- c:\windows\system32\igfxrkor.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86528 ----a-w- c:\windows\system32\igfxrell.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrita.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrhun.lrc 2011-02-11 16:44 . 2011-02-11 16:44 84480 ----a-w- c:\windows\system32\igfxrheb.lrc 2011-02-11 16:44 . 2011-02-11 16:44 82944 ----a-w- c:\windows\system32\igfxrjpn.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86528 ----a-w- c:\windows\system32\igfxrfra.lrc 2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrdeu.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrfin.lrc 2011-02-11 16:44 . 2011-02-11 16:44 84992 ----a-w- c:\windows\system32\igfxrdan.lrc 2011-02-11 16:44 . 2009-07-17 14:48 86016 ----a-w- c:\windows\system32\igfxrnld.lrc 2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrcsy.lrc 2011-02-11 16:44 . 2011-02-11 16:44 84480 ----a-w- c:\windows\system32\igfxrara.lrc 2011-02-11 16:44 . 2011-02-11 16:44 81920 ----a-w- c:\windows\system32\igfxrcht.lrc 2011-02-11 16:44 . 2011-02-11 16:44 81920 ----a-w- c:\windows\system32\igfxrchs.lrc 2011-02-11 16:41 . 2011-02-11 16:41 195584 ----a-w- c:\windows\system32\igfxpph.dll 2011-02-11 16:41 . 2011-02-11 16:41 115200 ----a-w- c:\windows\system32\igfxcpl.cpl 2011-02-11 16:41 . 2008-08-19 11:04 261632 ----a-w- c:\windows\system32\igfxTMM.dll 2011-02-11 16:41 . 2008-08-19 11:04 23552 ----a-w- c:\windows\system32\igfxexps.dll 2011-02-11 16:41 . 2008-08-19 11:04 57856 ----a-w- c:\windows\system32\igfxsrvc.dll 2011-02-11 16:40 . 2011-02-11 16:40 130048 ----a-w- c:\windows\system32\igfxdo.dll 2011-02-11 16:40 . 2008-08-19 11:04 95232 ----a-w- c:\windows\system32\hccutils.dll 2011-02-11 16:40 . 2011-02-11 16:40 120320 ----a-w- c:\windows\system32\gfxSrvc.dll 2011-02-11 16:40 . 2011-02-11 16:40 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll 2011-02-11 16:40 . 2011-02-11 16:40 85504 ----a-w- c:\windows\system32\igfxrenu.lrc 2011-02-11 16:40 . 2008-08-19 11:04 828928 ----a-w- c:\windows\system32\igfxress.dll 2011-02-11 16:40 . 2008-08-19 11:04 228864 ----a-w- c:\windows\system32\igfxdev.dll 2011-02-11 16:35 . 2011-02-11 16:35 208896 ----a-w- c:\windows\system32\iglhsip32.dll 2011-02-11 16:35 . 2011-02-11 16:35 147456 ----a-w- c:\windows\system32\iglhcp32.dll 2011-02-02 20:40 . 2010-06-05 13:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 16:11 . 2009-12-24 06:39 222080 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] 2010-12-09 11:51 3911776 ----a-w- c:\program files\MyAshampoo\tbMyAs.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-12-09 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-22 2423752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-10-05 9742952] "WireLessMouse"="c:\program files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992] "KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992] "Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-07-21 1045904] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Users^Annelie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.83u1.lnk] path=c:\users\Annelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FreeRapid 0.83u1.lnk backup=c:\windows\pss\FreeRapid 0.83u1.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2010-07-02 13:35 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite] 2010-08-30 07:45 67448 ----a-w- c:\program files\Uniblue\PowerSuite\Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2010-08-24 09:38 247144 ----a-w- c:\users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1c9f67b409fb1c7;Google Update Service (gupdate1c9f67b409fb1c7);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 133104] R3 AVG Security Toolbar Service;AVG Security Toolbar Service; [x] R3 CFcatchme;CFcatchme;c:\users\Annelie\AppData\Local\Temp\CFcatchme.sys [x] R3 Common Toolkit Tools;Common Toolkit Tools;c:\program files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [x] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-02 30192] R3 KMWDFILTERx86;MLK KM DRIVER;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2008-03-22 17024] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-19 12872] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 BOHCI;BOHCI; [x] R4 BUHCI;BUHCI; [x] R4 BUSBD;BUSBD; [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-30 721904] S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2010-09-05 41928] S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-19 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-26 67656] S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-03-29 2860800] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960] S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2008-03-28 208896] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [2011-02-02 1176712] S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2009-07-21 116104] S2 TomTomHOMEService;TomTomHOMEService;c:\users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008] S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976] S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-02-20 73728] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] S3 RTL8187B;Realtek RTL8187B draadloos 802.11b/g 54Mbps USB 2.0 netwerkadapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 16:29] . 2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 16:29] . 2011-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000Core.job - c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 13:15] . 2011-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000UA.job - c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 13:15] . . ------- Bijkomende Scan ------- . mStart Page = hxxp://alawar.co.nl mSearch Bar = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local IE: Free YouTube Download - c:\users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm IE: Free YouTube to Mp3 Converter - c:\users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm Trusted Zone: microsoft.com\www . - - - - ORPHANS VERWIJDERD - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) BHO-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file) BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file) BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file) Toolbar-10 - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe SafeBoot-Lavasoft Ad-Aware Service SafeBoot-mcmscsvc SafeBoot-MCODS MSConfigStartUp-NDSTray - NDSTray.exe AddRemove-FULL-DISKfighter - c:\program files\Fighters\FULL-DISKfighter\Uninstall.exe AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-02 22:05 Windows 6.0.6002 Service Pack 2 NTFS . detected NTDLL code modification: ZwOpenFile . scannen van verborgen processen ... . scannen van verborgen autostart items ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????6~^????P?V?x?V???V???V?? . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000007b . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(1184) c:\windows\system32\WindowsCodecs.dll c:\windows\system32\es.dll c:\windows\system32\audioeng.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\system32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe c:\windows\system32\TODDSrv.exe c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\conime.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Voltooingstijd: 2011-05-02 22:17:31 - machine werd herstart ComboFix-quarantined-files.txt 2011-05-02 20:17 . Pre-Run: 31.229.173.760 bytes beschikbaar Post-Run: 30.592.929.792 bytes beschikbaar . - - End Of File - - 112DE8A280B1DB8C33926CA6E16D579D

[anoniem]

Hoi Eline, laat even weten hoe Windows na de ComboFixscan is opstart. Bovendien wil ik ook weten of Emisofts Antimalware gekocht is of als shareware wordt gebruikt. In principe heb je namelijk een overkill aan malwareprogramna's en antivirussoftware in jouw Windows!

[anoniem]

Windows start prima op. Alles lijkt weer "normaal".Mijn dank hiervoor. Emisoft Antimalware heb ik niet gekocht; gebruik het als shareware. Dat ik een overkill aan malwareprogramma's heb kan wel kloppen. Heb van alles gedownload onder het mom van: wat de één niet verwijderd, verwijderd de andere wel. Zou er best wel wat kunnen missen hoor....... Even iets heel anders, we zijn nu toch bezig: (als je geen oplossing weet, laat dan maar) Al sinds maanden heb ik, als ik de laptop uit stand-by opstart, een "remind"-melding: cmdpst.dll can't be initialize. Als het eenvoudig opgelost kan worden dan doe ik dat, maar het stoort me verder niet, 1 keer op ok klikken en het is weer weg. Ik hoor nog wel van je!

[anoniem]

Hoi Eline, via googelen gevonden; het betekent dat je de [b:de3b5318ae]Acoustic Silencer[/b:de3b5318ae], di de draaisnelheid van de DVD/RW naar beneden zet, opnieuw dient te installeren! http://eu.computers.toshiba-europe.com/innovation/download_drivers_bios.jsp En ik wil graag het volgende van je hebben: [b:de3b5318ae]Welk programma[/b:de3b5318ae]: Trend Micro [b:de3b5318ae]Hijack This Versie 2.0.4[/b:de3b5318ae] [b:de3b5318ae]Waarvoor/waarom[/b:de3b5318ae]: maakt een duidelijk overzicht van Windows door middel van een scan. [b:de3b5318ae]Moeilijkheidsgraad[/b:de3b5318ae]: geen, enkel Vista- en Win 7 gebruikers dienen even extra aandacht te geven. [b:de3b5318ae]Download[/b:de3b5318ae] de [url=http://www.trendmicro.com/ftp/products/hijackthis/HiJackThis.msi][b:de3b5318ae]HijackThis Installer[/b:de3b5318ae][/url] [b:de3b5318ae]Installatie[/b:de3b5318ae]: [list:de3b5318ae][*:de3b5318ae]Installeer HijackThis op de aangegeven lokatie - daarmee wordt voorkomen dat eventuele back-ups niet terugvindbaar zijn![/list:u:de3b5318ae] Gebruikers van [b:de3b5318ae]Windows Vista[/b:de3b5318ae] en [b:de3b5318ae]Windows 7[/b:de3b5318ae] gaan daarna naar de installatielokatie van HijackThis. [list:de3b5318ae][*:de3b5318ae]Vervolgens met rechts hijackthis.exe aanklikken en dan Eigenschappen kiezen. [*:de3b5318ae]Klik nu op de tab Comptabiliteit en zet dan een vinkje bij Als Administrator uitvoeren. [*:de3b5318ae]Als laatste wordt dan nog op [b:de3b5318ae]Toepassen[/b:de3b5318ae] en [b:de3b5318ae]OK[/b:de3b5318ae] geklikt[/list:u:de3b5318ae] [b:de3b5318ae]Hijack This gebruiken[/b:de3b5318ae]: [list:de3b5318ae][*:de3b5318ae]Sluit eerst alle openstaande programma's en de webbrowsers. [*:de3b5318ae]Start nu 'Hijack This' en klik vervolgens op de knop 'Do a system scan and save a logfile' [*:de3b5318ae]Sluit nu alle openstaande vensters en start vervolgens 'HijackThis' en kies voor 'Do a system scan and save a logfile'. [*:de3b5318ae]Kopieer en plak inhoud van het Hijack This-logfile in je aansluitende bericht. [*:de3b5318ae]Hierna mag je Hijack This weer sluiten[/list:u:de3b5318ae]

[anoniem]

Krijg tijdens installeren van HijackThis de volgende vraag: An installation for Ad-Aware is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes? Yes or no?? Ik heb er wel een puinhoop van gemaakt geloof ik... Dat Acoustic geval installeer ik later wel, eerst het echte probleem maar oplossen.

[anoniem]

[quote:88113726c8="eline"]Krijg tijdens installeren van HijackThis de volgende vraag: An installation for Ad-Aware is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes? Yes or no?? Ik heb er wel een puinhoop van gemaakt geloof ik... Dat Acoustic geval installeer ik later wel, eerst het echte probleem maar oplossen.[/quote:88113726c8] :roll: Heb maar "yes" geantwoord, hopende dat dit de goede keus is.

[anoniem]

Het duurde even.. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:26:49, on 3-5-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19048) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Mouse Driver\StartAutorun.exe C:\Program Files\Toshiba TEMPRO\TemproTray.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\igfxtray.exe C:\Program Files\Mouse Driver\KMConfig.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe C:\Windows\System32\igfxpers.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mouse Driver\KMProcess.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\System32\mobsync.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alawar.co.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Free YouTube Download - C:\Users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - (no file) O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - (no file) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AVG Security Toolbar Service - AVAST Software - (no file) O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Common Toolkit Tools - Unknown owner - C:\Program Files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe (file missing) O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c9f67b409fb1c7) (gupdate1c9f67b409fb1c7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TomTomHOMEService - TomTom - C:\Users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 11837 bytes

[anoniem]

Hallo Eline, indien je in "Configuratiescherm\Programma's en onderdelen" Lavasoft AdAware hebt staan - verwijder dan dit programma! Door op "JA\Yes" te klikken heb je juist gehandeld! Daarna mag je het volgende doen: sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:d701513ef7]Fix checked[/b:d701513ef7] klikt! Start nu HijackThis middels rechtsklik met Administratorrechten en klik op de knop [b:d701513ef7]Do a Scan only, R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - (no file) O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - (no file) O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)[/b:d701513ef7] [list:d701513ef7][*:d701513ef7] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen [*:d701513ef7] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:d701513ef7]Fix checked[/b:d701513ef7] [*:d701513ef7] Klik hierna HijackThis op uit.[/list:u:d701513ef7] Noot: de toolbar van Ashampoo is gerelateerd aan Conduit. Dat is trackingware, bedoeld om je in een later stadium gerichte reclame te doen toekomen! Na bovenstaande gedaan te hebben, doe je het volgende: [b:d701513ef7]Welk programma[/b:d701513ef7]: Malwarebytes MBAM [b:d701513ef7]Waarvoor/waarom[/b:d701513ef7]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:d701513ef7]Moeilijkheidsgraad[/b:d701513ef7]: geen. [b:d701513ef7]Download Malwarebytes MBAM via één van deze locaties[/b:d701513ef7]: [list:d701513ef7] [*:d701513ef7][url=http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?][b:d701513ef7]Download.com[/b:d701513ef7][/url] [*:d701513ef7][url=http://www.softpedia.com/result.php?sid=&pid=1-423&r=Z2V0L0FudGl2aXJ1cy9NYWx3YXJlYnl0ZXMtQW50aS1NYWx3YXJlLnNodG1s][b:d701513ef7]Softpedia.com[/b:d701513ef7][/url][*:d701513ef7][url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:d701513ef7]Majorgeeks.com[/b:d701513ef7][/url][/list:u:d701513ef7] [b:d701513ef7]Allereerst[/b:d701513ef7]:[list:d701513ef7][*:d701513ef7] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus. [*:d701513ef7] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:d701513ef7] [b:d701513ef7]Malwarebytes MBAM opstarten[/b:d701513ef7]: Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. [b:d701513ef7]Scannen[/b:d701513ef7]: [list:d701513ef7][*:d701513ef7] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'. [*:d701513ef7]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:d701513ef7]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:d701513ef7] [b:d701513ef7]Infecties gevonden[/b:d701513ef7]: [list:d701513ef7][*:d701513ef7]Klik nu eerst op OK om de melding weg te klikken [*:d701513ef7]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:d701513ef7]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:d701513ef7]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:d701513ef7]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:d701513ef7]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:d701513ef7] [b:d701513ef7]MBAM-Log[/b:d701513ef7]: [list:d701513ef7][*:d701513ef7] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:d701513ef7] [b:d701513ef7]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:d701513ef7] Als laatste gebruik jij onderstaande tool: [b:d701513ef7]Welk programma[/b:d701513ef7]: TFC. [b:d701513ef7]Waarvoor/waarom[/b:d701513ef7]:grondige reiniging van Windows. [b:d701513ef7]Moeilijkheidsgraad[/b:d701513ef7]: geen. [b:d701513ef7]Download [url=http://oldtimer.geekstogo.com/TFC.exe][color=Blue:d701513ef7]TFC naar je bureaublad (klick)[/color:d701513ef7] [/b:d701513ef7][/url] [b:d701513ef7]TFC opstarten[/b:d701513ef7]: Windows 2000 en Windows XP: start TFC.exe middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start TFC.exe middels rechtsklik op de snelkoppeling en dan kiezen voor "Als Administrator uitvoeren". [list:d701513ef7][*:d701513ef7] Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen! [*:d701513ef7] Vervolgens klik je op de knop [b:d701513ef7]Start[/b:d701513ef7] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is. [*:d701513ef7] Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt. [*:d701513ef7] Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op. [*:d701513ef7] Noot: TFC vertoont geen log![/list:u:d701513ef7] [color=blue:d701513ef7][b:d701513ef7]Samenvattend: hierna post je de inhoud van de volgende logs:[/b:d701513ef7][/color:d701513ef7] [list:d701513ef7][*:d701513ef7] een nieuw Hijackthis-log [*:d701513ef7] MBAM scanlog[/list:u:d701513ef7]

[anoniem]

Daar is ie weer: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 6503 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 4-5-2011 12:51:55 mbam-log-2011-05-04 (12-51-55).txt Scantype: Snelle scan Objecten gescand: 159993 Verstreken tijd: 5 minuut/minuten, 43 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:12:25, on 4-5-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19048) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Mouse Driver\StartAutorun.exe C:\Program Files\Toshiba TEMPRO\TemproTray.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe C:\Program Files\Mouse Driver\KMConfig.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Mouse Driver\KMProcess.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alawar.co.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Free YouTube Download - C:\Users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AVG Security Toolbar Service - AVAST Software - (no file) O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Common Toolkit Tools - Unknown owner - C:\Program Files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe (file missing) O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c9f67b409fb1c7) (gupdate1c9f67b409fb1c7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TomTomHOMEService - TomTom - C:\Users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 10809 bytes Heb trouwens geen Lavasoft AdAware kunnen vinden in Conf.scherm\progr. Welke malwareprogramma's raad jij aan om te gebruiken/verwijderen?

[anoniem]

Hoi Eline, met Avast 6 heb je de nummer 1 van gratis antivirussoftware in je Windows. Verder heb je SAS al, daar mag je de aktieive onderdelen van uitschakelen, want ook Avast heeft een prima aktieve spywarescanner! Nu heb je ook MBAM. Indien je nu wekelijks zowel MBAM als SAS eerst update en dan beiden na elkaar een snelle scan laat doen - met dat voldoende zijn! En doe nog het volgende: [b:e291781a8d][url=http://www.eset.com/onlinescan/]Doe de ESET online scan (Klik).[/url][/b:e291781a8d] [list:e291781a8d] [*:e291781a8d]Klik op de knop [b:e291781a8d]ESET Online Scanner[/b:e291781a8d] [*:e291781a8d]Zet een vinkje bij [b:e291781a8d]YES, I accept the Terms of Use[/b:e291781a8d] [*:e291781a8d]Klik op [b:e291781a8d]Start[/b:e291781a8d] [*:e291781a8d]Sta het ActiveX control toe om te installeren. [*:e291781a8d]Klik op [b:e291781a8d]"Advanced settings"[/b:e291781a8d] [*:e291781a8d]Zet een vinkje bij de volgende opties: [list:e291781a8d][*:e291781a8d][b:e291781a8d]Remove found threats[/b:e291781a8d] [*:e291781a8d][b:e291781a8d]Scan archives[/b:e291781a8d] [*:e291781a8d][b:e291781a8d]Scan for potentially unwanted applications[/b:e291781a8d] [*:e291781a8d][b:e291781a8d]Scan for potentially unsafe applications[/b:e291781a8d] [*:e291781a8d][b:e291781a8d]Enable Anti-Stealth technology [/b:e291781a8d][/list:u:e291781a8d] [*:e291781a8d]Klik op [b:e291781a8d]Start[/b:e291781a8d] [*:e291781a8d]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld. [*:e291781a8d]Je mag het venster sluiten wanneer de scan klaar is. [*:e291781a8d]Gebruik [b:e291781a8d]Kladblok[/b:e291781a8d] om het logje te openen. Dit logje vind je in de lokatie C:\Program Files\EsetOnlineScanner\[b:e291781a8d]log.txt[/b:e291781a8d] [*:e291781a8d]Kopieer en plak de inhoud van dit logje in je volgende bericht.[/list:u:e291781a8d] N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller! Tip: deze onlinescan kan je desnoods één keer per maand of per twee maanden als extra scan uitvoeren!

[anoniem]

Zo, dàt duurde lang! ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: Can not read file from internet.ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=1 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=bd78859cd2322544b96becdbc1bc2041 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-05-04 09:38:37 # local_time=2011-05-04 11:38:37 (+0100, West-Europa (zomertijd)) # country="Netherlands" # lang=1043 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 72364 72364 0 0 # compatibility_mode=5892 16776637 100 100 79444 142055784 0 0 # compatibility_mode=8192 67108863 100 0 11274 11274 0 0 # scanned=188161 # found=18 # cleaned=18 # scan_time=22061 C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C C:\Program Files\Uniblue\RegistryBooster\rb_track_install.exe Win32/RegistryBooster programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe Win32/SpeedUpMyPC programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C C:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C C:\Program Files\Uniblue\SpeedUpMyPC\sp_track_install.exe Win32/SpeedUpMyPC programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C C:\Users\Annelie\AppData\Local\VirtualStore\Program Files\Loaris\Trojan Remover\ltr.exe.Original een variant van Win32/1AntiVirus programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C C:\Users\Annelie\AppData\Roaming\OpenCandy\OpenCandy_CFF0AF8B013D4EFA8048DB6C344AD805\registrybooster11.exe een variant van Win32/RegistryBooster programma (verwijderd - in quarantaine geplaatst) 00000000000000000000000000000000 C C:\Users\Annelie\AppData\Roaming\OpenCandy\OpenCandy_CFF0AF8B013D4EFA8048DB6C344AD805\registrybooster11Wrapped.exe een variant van Win32/RegistryBooster programma (verwijderd - in quarantaine geplaatst) 00000000000000000000000000000000 C C:\Users\Annelie\AppData\Roaming\Uniblue\PowerSuite\_temp\ub.exe meerdere bedreigingen (verwijderd - in quarantaine geplaatst) 00000000000000000000000000000000 C C:\Users\Annelie\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe Win32/RegistryBooster programma (verwijderd - in quarantaine geplaatst) 00000000000000000000000000000000 C C:\Users\Annelie\Downloads\registrybooster.exe een variant van Win32/RegistryBooster programma (verwijderd - in quarantaine geplaatst) 00000000000000000000000000000000 C C:\Users\Annelie\Downloads\speedupmypc.exe Win32/SpeedUpMyPC programma (verwijderd - in quarantaine geplaatst) 00000000000000000000000000000000 C E:\bestanden sims 3\The Sims 3\The Sims 3 - Razor1911\The Sims 3 - Razor1911.iso waarschijnlijk een variant van Win32/Hupigon.CJKIBCX trojaans paard (verwijderd - in quarantaine geplaatst) 00000000000000000000000000000000 C

[anoniem]

Hoi Eline, even iets over registry tools. Het registry tool dat jouw register onder handen neemt en daardoor Windows sneller maakt {b]moet nog steeds uitgevonden worden[/b]! Het problem is altijd wel dat registertools het Windows register te veel opschonen, waardoor Windows beschadigd raakt. Niet gebruiken dus. Alle NTFS-versies van Windows laden enkel de benodigde DLL's uit het register! Post maar een nieuw HijackThis-log!

[anoniem]

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:05:16, on 5-5-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19048) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Mouse Driver\StartAutorun.exe C:\Program Files\Toshiba TEMPRO\TemproTray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Mouse Driver\KMConfig.exe C:\Program Files\Mouse Driver\KMProcess.exe C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alawar.co.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Free YouTube Download - C:\Users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AVG Security Toolbar Service - AVAST Software - (no file) O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Common Toolkit Tools - Unknown owner - C:\Program Files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe (file missing) O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c9f67b409fb1c7) (gupdate1c9f67b409fb1c7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TomTomHOMEService - TomTom - C:\Users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 10296 bytes

[anoniem]

Hoi Eline, dat ziet er goed hoor. Doe het volgende: een Uninstall-lijst posten: [list:791bb556e2][*:791bb556e2] start HijackThis, [*:791bb556e2] klik op de knop Open the Misc Tools section, [*:791bb556e2] klik op de knop Open Uninstall Manager, [*:791bb556e2] Klik op de knop Save.[/list:u:791bb556e2]

[anoniem]

Is dit de bedoeling?: 32 Bit HP CIO Components Installer Aangifte inkomstenbelasting 2008 Aangifte inkomstenbelasting 2009 Aangifte inkomstenbelasting 2010 Acrobat.com Adobe AIR Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9 Adobe Shockwave Player 11.5 Apple Application Support Apple Mobile Device Support avast! Free Antivirus Big Fish Games Client Bluesoleil2.6.0.8 Release 070517 Bluetooth Stack for Windows by Toshiba Bonjour Camera Assistant Software for Toshiba CCleaner Compatibiliteitspakket voor het 2007 Microsoft Office system Conduit Engine D3DX10 DVD MovieFactory for TOSHIBA Easy TuinEncyclopedie 1 Escape From Paradise 2 ESET Online Scanner v3 Free Studio version 4.9.3 Free YouTube Download 2.10 FULL-DISKfighter Google Desktop Google Update Helper HiJackThis Hotel Mahjong Deluxe Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Customer Participation Program 13.0 HP Imaging Device Functions 13.0 HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 HP Print Projects 1.0 HP Smart Web Printing 4.5 HP Solution Center 13.0 Huur- en zorgtoeslag 2009 ImgBurn Intel(R) Graphics Media Accelerator Driver Intel® Matrix Storage Manager Java(TM) 6 Update 24 Java(TM) 6 Update 7 Junk Mail filter update K-Lite Mega Codec Pack 4.1.6 KraiSoft Games Launcher Liong - The Lost Amulets Deluxe Little Shop - World Traveler Deluxe Mahjong Fortuna 2 Mahjongg Dimensions MahJongg Fortuna Malwarebytes' Anti-Malware MapSource Topo Nederland Mesh Runtime Messenger Companion Microsoft .NET Framework 3.5 Language Pack SP1 - nld Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile NLD Language Pack Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook Connector Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Professional Editie 2003 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Windows Media Video 9 VCM Microsoft Works Microsoft WSE 3.0 Runtime Mouse Driver MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyAshampoo Toolbar myphotobook 3.6 MyTomTom 3.0.2.251 NVIDIA PhysX OGA Notifier 2.0.0048.0 OpenAL PhotoViewer 2.4 Picasa 2 Puzzelhulp version 2.1 QuickTime RealPlayer Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Realtek WiFi Protected Setup Library Realtek WLAN driver Realtek WLAN Driver RealUpgrade 1.0 Recuva (remove only) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) Segoe UI Shangri La 2 Deluxe Shop for HP Supplies SUPERAntiSpyware Free Edition Synaptics Pointing Device Driver Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD Tango TomTom HOME 2.7.6.2056 TomTom HOME Visual Studio Merge Modules TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Hardware Setup Toshiba Online Product Information TOSHIBA Recovery Disc Creator TOSHIBA Supervisor Password Toshiba TEMPRO TOSHIBA Value Added Package TOSHIBA-handleidingen TRDCReminder TRORDCLauncher Trust R-series Mouse And Keyboard Uninstall 1.0.0.1 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Vacation Quest - The Hawaiian Islands Visual Studio C++ 9.0 Runtime VLC media player 1.1.4 Windows Live Communications Platform Windows Live Essentials Windows Live Essentials Windows Live Family Safety Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mail Windows Live Mesh Windows Live Mesh Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Messenger Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Common Windows Live Photo Gallery Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series Windows Media Encoder 9 Series Windows Media Player Firefox Plugin WinPcap 4.0.2 WinRAR WLZ - Deluxe Edition Word Mojo Gold Deluxe World Mosaics 3 Fairy Tales 1.00 Your Uninstaller! 2010 Zylom Games Player Plugin