antivirus.startpagina.nl

laptop leidt eigen leven

  • Anonymous avatar

    cowboyhenk

    Jos,

    is dit het enige vreemde dat je aan de log kunt ontdekken?

    Erik

  • Anonymous avatar

    Jos H

    Weet ik niet.

    Ik zag gelijkenis met de vorige link.

    Ik ben geen ervaren loglezer , dus geduld totdat de vrijwilligers (loglezers hier) de logjes hebben gezien.

  • Anonymous avatar

    cowboyhenk

    Beste mensen,

    is er iemand die zo vriendelijk zou willen zijn om even naar mijn logje te kijken?

    Alvast bedankt,

    Erik

  • Anonymous avatar

    fazantje

    Hoi Erik,

    Ik zie zo geen bijzonderheden in jou logjes;)

    Start HijackThis en klik Do a Systemscan only en zet een vinkje voor:

    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    Sluit nu alle vensters, behalve HijackThis en klik op Fix checked.

    Start je computer opnieuw op en doe het volgende:

    Download Combofix naar je Bureaublad:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Bezoek volgende pagina met de instructies voor het downloaden en gebruiken van Combofix:

    http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op Combofix.exe om het te starten.

    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.

    Klik op OK in het “NirCmd” venstertje.

    Klik na afloop terug op Ja om het scannen op malware te starten.

    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

    Post het logje van ComboFix samen met een nieuw HijackThis logje.

    Succes,

    Huib:)

  • Anonymous avatar

    cowboyhenk

    Huib,

    bedankt voor je hulp en je reactie, hier de logjes;

    Combofix

    ComboFix 10-01-13.0C - Erik 14-01-2010 18:46:43.1.2 - x86

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2037.1217

    Gestart vanuit: c:\users\Erik\Desktop\ComboFix.exe

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\$recycle.bin\S-1-5-21-1450043198-1123934232-1546109239-500

    c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

    c:\$recycle.bin\S-1-5-21-2554430035-1738532877-1760767831-500

    c:\program files\QUAD Utilities

    c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll

    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-12-14 to 2010-01-14 ))))))))))))))))))))))))))))))

    .

    2010-01-14 17:54 . 2010-01-14 17:55 ——– d—–w- c:\users\Erik\AppData\Local\temp

    2010-01-14 17:54 . 2010-01-14 17:54 ——– d—–w- c:\users\Default\AppData\Local\temp

    2010-01-13 05:51 . 2009-10-19 13:38 156672 —-a-w- c:\windows\system32\t2embed.dll

    2010-01-13 05:51 . 2009-10-19 13:35 72704 —-a-w- c:\windows\system32\fontsub.dll

    2010-01-10 16:11 . 2010-01-10 16:11 ——– d—–w- c:\users\Erik\AppData\Local\Mozilla

    2010-01-10 15:38 . 2010-01-10 15:38 388096 —-a-r- c:\users\Erik\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

    2010-01-10 15:38 . 2010-01-10 15:38 ——– d—–w- c:\program files\TrendMicro

    2010-01-10 10:51 . 2010-01-10 10:51 52224 —-a-w- c:\users\Erik\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

    2010-01-10 10:33 . 2010-01-10 10:33 ——– d—–w- c:\program files\Microsoft Silverlight

    2010-01-09 13:36 . 2010-01-09 13:36 ——– d—–w- c:\users\Erik\AppData\Local\MigWiz

    2010-01-09 09:47 . 2010-01-10 08:57 ——– d—–w- c:\program files\Windows Live Safety Center

    2010-01-09 09:44 . 2010-01-09 09:44 ——– d—–w- c:\program files\Panda Security

    2010-01-09 09:04 . 2010-01-09 09:04 ——– d—–w- c:\program files\Synaptics

    2010-01-09 09:01 . 2010-01-09 09:01 ——– d—–w- c:\windows\system32\x64

    2009-12-28 07:20 . 2009-12-28 07:20 20299200 —-a-w- c:\users\Erik\AppData\Roaming\TomTom\HOME\Profiles\g9qzwgsv.default\Updates\v2_7_3_1894_win.exe

    2009-12-23 21:29 . 2009-12-23 21:29 970504 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

    .

    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-01-14 17:34 . 2009-05-13 15:45 ——– d—–w- c:\program files\SPAMfighter

    2010-01-14 14:41 . 2007-12-04 17:58 ——– d—–w- c:\programdata\Microsoft Help

    2010-01-14 14:40 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail

    2010-01-14 14:34 . 2007-11-27 22:15 ——– d—–w- c:\programdata\Google Updater

    2010-01-10 18:41 . 2007-11-27 22:15 ——– d—–w- c:\program files\Google

    2010-01-10 18:09 . 2007-11-29 08:37 ——– d—–w- c:\program files\OLYMPUS

    2010-01-10 18:08 . 2008-10-22 19:14 ——– d—–w- c:\programdata\Installations

    2010-01-10 18:08 . 2008-10-22 19:19 ——– d—–w- c:\program files\Nokia

    2010-01-10 17:13 . 2008-07-06 12:45 1356 —-a-w- c:\users\Erik\AppData\Local\d3d9caps.dat

    2010-01-10 11:15 . 2008-01-26 17:56 ——– d—–w- c:\users\Erik\AppData\Roaming\Azureus

    2010-01-10 10:51 . 2009-04-26 09:45 117760 —-a-w- c:\users\Erik\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

    2010-01-10 10:50 . 2009-03-01 07:52 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware

    2010-01-10 10:50 . 2009-04-26 09:45 5115823 —-a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

    2010-01-09 13:57 . 2008-02-29 15:37 ——– d—–w- c:\program files\SUPERAntiSpyware

    2010-01-09 13:48 . 2009-05-16 14:28 ——– d—–w- c:\program files\Glary Utilities

    2010-01-07 15:07 . 2009-03-01 07:52 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2010-01-07 15:07 . 2009-03-01 07:52 19160 —-a-w- c:\windows\system32\drivers\mbam.sys

    2010-01-03 08:33 . 2008-02-03 19:40 ——– d—–w- c:\users\Erik\AppData\Roaming\VSO

    2009-12-30 12:57 . 2006-11-02 16:11 670308 —-a-w- c:\windows\system32\perfh013.dat

    2009-12-30 12:57 . 2006-11-02 16:11 127900 —-a-w- c:\windows\system32\perfc013.dat

    2009-12-25 10:08 . 2008-02-03 07:56 ——– d—–w- c:\users\Erik\AppData\Roaming\Skype

    2009-12-25 10:02 . 2008-02-03 07:59 ——– d—–w- c:\users\Erik\AppData\Roaming\skypePM

    2009-12-25 07:25 . 2008-07-12 06:16 ——– d—–w- c:\programdata\avg8

    2009-12-07 10:37 . 2009-09-28 10:55 3695616 —-a-w- c:\programdata\Lavasoft\Ad-Aware\update\AutoLaunch.exe

    2009-11-18 06:30 . 2009-11-18 06:30 ——– d—–w- c:\program files\Windows Portable Devices

    2009-11-18 06:30 . 2006-11-02 10:25 665600 —-a-w- c:\windows\inf\drvindex.dat

    2009-11-18 06:30 . 2009-11-18 06:30 0 —ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

    2009-11-18 06:29 . 2009-11-18 06:29 0 —ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

    2009-11-15 20:11 . 2009-04-26 07:04 ——– d—–w- c:\program files\Common Files\Adobe

    2009-11-14 09:44 . 2009-11-14 09:44 79144 —-a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

    2009-11-09 12:31 . 2009-12-10 06:20 24064 —-a-w- c:\windows\system32\nshhttp.dll

    2009-11-09 12:30 . 2009-12-10 06:20 30720 —-a-w- c:\windows\system32\httpapi.dll

    2009-11-09 10:36 . 2009-12-10 06:20 411648 —-a-w- c:\windows\system32\drivers\http.sys

    2009-11-02 19:42 . 2009-10-03 08:31 195456 ——w- c:\windows\system32\MpSigStub.exe

    2009-11-02 10:37 . 2009-08-21 16:56 2353992 —-a-w- c:\programdata\Lavasoft\Ad-Aware\update\Ad-Aware.exe

    2009-10-29 09:17 . 2009-11-26 06:09 2048 —-a-w- c:\windows\system32\tzres.dll

    2009-10-27 14:11 . 2009-12-09 13:26 834048 —-a-w- c:\windows\system32\wininet.dll

    2009-10-27 13:16 . 2009-12-09 13:26 78336 —-a-w- c:\windows\system32\ieencode.dll

    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    REGEDIT4

    2009-06-14 14:07 1004800 —-a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

    “{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll”

    “{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll”

    “TOSCDSPD”=“c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe”

    “Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”

    “ehTray.exe”=“c:\windows\ehome\ehTray.exe”

    “swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”

    “SPAMfighter Agent”=“c:\program files\SPAMfighter\SFAgent.exe”

    “AVG8_TRAY”=“c:\progra~1\AVG\AVG8\avgtray.exe”

    c:\users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE

    OneNote-inhoudsopgave.onetoc2

    “EnableUIADesktopToggle”= 0 (0x0)

    2009-09-19 13:40 548352 —-a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    “AppInit_DLLs”=c:\windows\System32\avgrsstx.dll

    @=“Service”

    @=“Service”

    2007-01-17 12:46 534648 —-a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

    2009-09-28 10:55 520024 —-a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

    2009-09-04 11:08 935288 —-a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    2009-10-03 03:08 35696 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    2006-09-11 14:21 180224 —-a-w- c:\program files\Apoint2K\Apoint.exe

    2009-08-13 13:51 177440 —-a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    2009-07-10 11:59 195072 —-a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

    2008-10-25 09:44 31072 —-a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    2008-02-11 19:13 166424 —-a-w- c:\windows\System32\hkcmd.exe

    2006-12-07 15:49 55416 —-a-w- c:\program files\TOSHIBA\TBS\HSON.exe

    2006-11-01 07:06 413696 —-a-w- c:\program files\TOSHIBA\Utilities\HWSetup.exe

    2008-02-11 19:13 141848 —-a-w- c:\windows\System32\igfxtray.exe

    2009-10-28 19:21 141600 —-a-w- c:\program files\iTunes\iTunesHelper.exe

    2006-11-06 16:14 34352 —-a-w- c:\program files\TOSHIBA\Utilities\KeNotify.exe

    2008-06-06 15:08 198184 —-a-w- c:\program files\KPN\bin\sprtcmd.exe

    2007-01-13 08:40 7766016 —-a-w- c:\windows\System32\nvcpl.dll

    2007-01-13 08:40 81920 —-a-w- c:\windows\System32\nvmctray.dll

    2007-01-13 08:40 90191 —-a-w- c:\windows\System32\nvsvc.dll

    2008-02-11 19:13 133656 —-a-w- c:\windows\System32\igfxpers.exe

    2009-09-04 23:54 417792 —-a-w- c:\program files\QuickTime\QTTask.exe

    2007-01-18 13:46 4349952 —-a-w- c:\windows\RtHDVCpl.exe

    2007-02-06 13:21 509496 —-a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe

    2009-04-26 09:15 148888 —-a-w- c:\program files\Java\jre6\bin\jusched.exe

    2010-01-09 13:57 2002160 —-a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    2006-03-22 20:42 438272 —-a-w- c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe

    2007-11-27 22:16 68856 —-a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    2009-08-19 15:37 247144 —-a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    2009-02-09 10:32 579488 —-a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

    2007-02-19 14:00 571024 —-a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe

    2008-11-06 00:57 103824 —-a-w- c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe

    2006-12-19 22:16 411768 —-a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe

    2008-01-19 07:38 1008184 —-a-w- c:\program files\Windows Defender\MSASCui.exe

    “QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” -atboottime

    “DisableMonitoring”=dword:00000001

    “DisableMonitoring”=dword:00000001

    “DisableMonitoring”=dword:00000001

    “VistaSp2”=hex(b):40,c6,91,f0,ec,22,ca,01

    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys

    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys

    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS

    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe

    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe

    R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe

    R2 sprtsvc_KPN;SupportSoft Sprocket Service (KPN);c:\program files\KPN\bin\sprtsvc.exe

    R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe

    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe

    S3 APL531;OVT Scanner;c:\windows\System32\drivers\ov550i.sys

    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS

    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    .

    Inhoud van de ‘Gedeelde Taken’ map

    2009-12-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job

    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

    2010-01-14 c:\windows\Tasks\GlaryInitialize.job

    - c:\program files\Glary Utilities\initialize.exe

    2010-01-14 c:\windows\Tasks\Google Software Updater.job

    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe

    2010-01-14 c:\windows\Tasks\User_Feed_Synchronization-{596FC4C5-A357-4D6B-9EC9-7DBDB14AD210}.job

    - c:\windows\system32\msfeedssync.exe

    .

    .

    ——- Bijkomende Scan ——-

    .

    uStart Page = hxxp://www.telegraaf.nl/

    uInternet Settings,ProxyOverride = *.local

    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?NL

    FF - ProfilePath - c:\users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\p6pus9hz.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.telegraaf.nl/|http://www.google.nl/firefox?client=firefox-a&rls=org.mozilla:nl:official

    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    .

    - - - - ORPHANS VERWIJDERD - - - -

    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

    MSConfigStartUp-IncrediMail - c:\program files\IncrediMail\bin\IncMail.exe

    MSConfigStartUp-NDSTray - NDSTray.exe

    MSConfigStartUp-OM2_Monitor - c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

    MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

    AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-01-14 18:55

    Windows 6.0.6002 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????I?Rh???8???`????????????

    scannen van verborgen bestanden …

    Scan succesvol afgerond

    verborgen bestanden: 0

    **************************************************************************

    .

    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    “BlindDial”=dword:00000000

    “MSCurrentCountry”=dword:0000007b

    .

    Voltooingstijd: 2010-01-14 18:57:35

    ComboFix-quarantined-files.txt 2010-01-14 17:57

    Pre-Run: 33.988.448.256 bytes beschikbaar

    Post-Run: 33.957.085.184 bytes beschikbaar

    - - End Of File - - A314B1FB1B294EB9BEFA26E8C74795C8

    Hijackthis

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)

    Scan saved at 19:07:26, on 14-1-2010

    Platform: Windows Vista SP2 (WinNT 6.00.1906)

    MSIE: Internet Explorer v7.00 (7.00.6002.18005)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskeng.exe

    C:\Program Files\SPAMfighter\SFAgent.exe

    C:\Program Files\AVG\AVG8\avgtray.exe

    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Windows\ehome\ehtray.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    C:\Program Files\Internet Explorer\ieuser.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe

    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

    O4 - HKLM\..\Run: “C:\Program Files\SPAMfighter\SFAgent.exe” update delay 60

    O4 - HKLM\..\Run: C:\PROGRA~1\AVG\AVG8\avgtray.exe

    O4 - HKCU\..\Run: C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

    O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”

    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    O4 - Startup: OneNote-inhoudsopgave.onetoc2

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?NL (file missing)

    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/nl-nl/wlscctrl2.cab

    O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://download.sp.f-secure.com/hc/hetnet/PCHC_customization_HetNet/fscax.cab

    O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/2663/defaults/activex/ips/IPSUploader4.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

    O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe

    O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe

    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    End of file - 7736 bytes

  • Anonymous avatar

    fazantje

    Hoi Erik,

    Hoe is het met jou probleem:S

    Ik ben geen ervaren loglezer meer, maar zo te zien heeft combo al goed werk verricht;)

    Wat nu ff op een reactie van een ervaren loglezer over combofix.

    Succes,

    Huib:)

  • Anonymous avatar

    fazantje

    Wie o wie wil ff het combo logje nakijken en e.v.t. verder advies geven.

    alvast bedankt namens Erik.

    Huib:)

  • Anonymous avatar

    Teaser

    Combo log ziert er goed uit.

    Ga even naar start > uitvoeren en type daar combofix /uninstall en klik op oke

    Sluit even alle vensters.

    Open alleen HJT en klik op “do a system scan only”

    Vink nu de volgende regels aan en klik op “fix checked”

    O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - (file missing)

    Plaats nogmaals een HJT log

    @ Huib succes verder :P

  • Anonymous avatar

    cowboyhenk

    Hé Teaser,

    bedankt voor het nakijken.

    Ik heb Combofix proberen te verwijderen maar dat doet ie niet.

    Evenals voorgestelde Ebaylink, krijg ik met Fix it ook niet verwijderd.

    Kan het kwaad als ik het laat zitten?

    Erik

  • Anonymous avatar

    fazantje

    Teaser bedankt voor combo controle(tu)

    Hoi Erik,

    Heb je de tekst over getypt om combofix te verwijderen:S

    Probeer het dan nogmaals:

    Ga naar Start - Uitvoeren en kopïeer het volgende er in:

    Combofix /Uninstall

    Klik daarna op OK.

    Dit zal combofix deïnstalleren

    Plaats daarna even een nieuw HijackThis logje, en vertel ff hoe het met jou probleem is.

    Succes,

    Huib:)