PC Dochter

corrievisser

06-09-2011 08:26

Goedemorgen,
Hier ben ik alweer met een probleem,
Mijn dochter heeft een virus op haar pc. Deze kunnen we niet verwijderen.
Ook kon ze niet op internet, in veilige modum lukte het wel maar konden we hetstappen programma niet uitvoeren, na systeem herstel lukte het weer om op internet te komen, ze kon het programma weer openen.
We hebben het stappen plan zoveel mogelijk gedaan.
Hier volgen de logjes
ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:23:14, on 6-9-2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Froukje\Desktop\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hyves.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://plasmoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: TBSB00081 - {32B279E3-5023-4CD8-A295-70C79EDBB294} - C:\Program Files\HyvesToolbar\Hyves Toolbar\tbcore3.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Hyves Toolbar - {AB8DC1E0-22BE-4181-B77E-02C495E031F8} - C:\Program Files\HyvesToolbar\Hyves Toolbar\tbcore3.dll (file missing)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: C:\Windows\VMSnap23.exe
O4 - HKLM\..\Run: C:\Windows\Domino.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: C:\Program Files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\TrayServer.exe
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: “C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe” /autorun
O4 - HKLM\..\Run: C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: C:\Windows\Domino.exe
O4 - HKLM\..\Run: Skytel.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKLM\..\Run: “C:\Program Files\AVG\AVG2012\avgtray.exe”
O4 - HKLM\..\Run: “C:\Program Files\AVG Secure Search\vprot.exe”
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: c:\recinfo\recinfo.exe
O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: “C:\Program Files\Electronic Arts\EADM\Core.exe” -silent
O4 - HKCU\..\Run: “C:\Program Files\uTorrent\uTorrent.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 - Startup: OpenOffice.org 2.4 .lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to AMV Convert Tool… - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Free YouTube Download - C:\Users\Froukje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Froukje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
O23 - Service: WTService - Unknown owner - C:\Windows\system32\atwtusb.exe
–
End of file - 10954 bytes
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Databaseversie: 7658
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
5-9-2011 21:49:42
mbam-log-2011-09-05 (21-49-42).txt
Scantype: Snelle scan
Objecten gescand: 164948
Verstreken tijd: 4 minuut/minuten, 45 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 48
Registerwaarden geïnfecteerd: 1
Registerdata geïnfecteerd: 1
Mappen geïnfecteerd: 10
Bestanden geïnfecteerd: 18
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ZangoAX.ClientDetector (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ZangoAX.ClientDetector.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ZangoAX.UserProfiles (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ZangoAX.UserProfiles.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Value: Zango@Zango.com -> Quarantined and deleted successfully.
Registerdata geïnfecteerd:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (“regedit.exe” “%1”) Good: (regedit.exe “%1”) -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\Users\Froukje\AppData\Roaming\weatherdpa (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Froukje\AppData\Roaming\weatherdpa\Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Froukje\AppData\Roaming\weatherdpa\Weather\weatherdpa (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Froukje\AppData\Roaming\weatherdpa\Weather\weatherdpa\weather_xml (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Froukje\AppData\Roaming\Zango (Adware.Zango) -> Delete on reboot.
c:\programdata\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
c:\program files\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Bin\2.5.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
c:\Users\Froukje\AppData\Local\Temp\POS26F6.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Froukje\AppData\Local\Temp\POSB963.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Froukje\AppData\Local\Temp\POS82B9.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Froukje\AppData\Local\Temp\POS3A50.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Froukje\AppData\Local\Temp\POSD7EA.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Froukje\AppData\Local\Temp\POS7D2F.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Froukje\AppData\Local\Temp\POS143D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Froukje\AppData\Local\Temp\POS20E9.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Froukje\AppData\Local\Temp\POS709F.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Froukje\AppData\Local\Temp\POS8D02.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Froukje\AppData\Local\Temp\POSD29D.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Froukje\AppData\Local\Temp\POSF6E0.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Froukje\AppData\Roaming\weatherdpa\Weather\weatherstartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\zangosaabout.mht (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\zangosaau.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\zangosaeula.mht (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\zangosa_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully.
Zouden jullie hier naar willen kijken
Dit wel weer in de veilige modum geplaatst, want ondertussen lukt het niet meer om op ibnternet te komen.
Vr, gr Corrie
Ben

06-09-2011 14:47

Hallo corrie,
*Met welke virusscanner werk je AVG of AVAST Verwijder er 1 van, 2 virusscanners werken elkaar tegen.
*Verwijder daarna alle toolbars;
Hyves
Ask
Google
*Start pc opnieuw op.
*Schakel nu eers jou virusscanner uit, dit doe je door rechts onderin de taakbalk met de rechtermuisknop te klikken op de scanner.
Dan krijg je iets in de vorm van uitschakelen te zien en doe dat!
*Download combofix HIER
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,
want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Het kan enige tijd duren voordat het logje van combofix komt, dus denk niet van hij is op tilt.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis logje.
En vertel er bij hoe het staat met je problemen.
Suc6 Ben
http://2.bp.blogspot.com/_NAn8-ZItaHE/Scq3w6FaicI/AAAAAAAACVY/QqPkGy7EU7U/s320/school69.gif
corrievisser

06-09-2011 15:57

Hallo Ben,
avast wil niet verwijderd worden en ook de hyves toolbar wil er niet uit.
Hier de logjes:
ComboFix 11-09-06.03 - Froukje 06-09-2011 15:26:37.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3327.2057
Gestart vanuit: c:\users\Froukje\Downloads\ComboFix.exe
AV: avast! antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Froukje\2gwi.jpg
c:\users\Froukje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4 .lnk
c:\windows\system32\mfc100deu.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-08-06 to 2011-09-06 ))))))))))))))))))))))))))))))
.
.
2011-09-06 13:34 . 2011-09-06 13:37 ——– d—–w- c:\users\Froukje\AppData\Local\temp
2011-09-06 13:34 . 2011-09-06 13:34 ——– d—–w- c:\users\Default\AppData\Local\temp
2011-09-05 19:58 . 2011-09-05 19:58 388096 —-a-r- c:\users\Froukje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-05 19:42 . 2011-09-05 19:42 ——– d—–w- c:\users\Froukje\AppData\Roaming\Malwarebytes
2011-09-05 19:42 . 2011-07-06 17:52 41272 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-05 19:42 . 2011-09-05 19:42 ——– d—–w- c:\programdata\Malwarebytes
2011-09-05 19:42 . 2011-09-05 19:51 ——– d—–w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-09-05 19:42 . 2011-09-05 19:42 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2011-09-05 19:42 . 2011-07-06 17:52 22712 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-09-05 18:51 . 2011-09-05 18:51 ——– d—–w- C:\$AVG
2011-09-05 18:32 . 2011-09-05 18:32 ——– d—–w- c:\users\Froukje\AppData\Roaming\AVG2012
2011-09-05 18:31 . 2011-09-05 18:31 ——– d—–w- c:\program files\HYVESTOOLBAR
2011-09-05 18:30 . 2011-09-05 18:30 ——– d—–w- c:\program files\Common Files\AVG Secure Search
2011-09-05 18:30 . 2011-09-05 18:31 ——– d—–w- c:\program files\AVG Secure Search
2011-09-05 18:29 . 2011-09-06 13:20 ——– d—–w- c:\windows\system32\drivers\AVG
2011-09-05 18:29 . 2011-09-05 18:56 ——– d—–w- c:\programdata\AVG2012
2011-09-05 18:27 . 2011-09-05 18:27 ——– d—–w- c:\program files\AVG
2011-09-05 18:23 . 2011-08-12 02:44 7152464 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FFADDF3-227B-49E3-AFFE-343A56D47C4A}\mpengine.dll
2011-09-05 17:34 . 2011-09-05 17:34 ——– d–h–w- c:\programdata\Common Files
2011-09-05 17:28 . 2011-09-06 13:20 ——– d—–w- c:\programdata\MFAData
2011-09-05 15:45 . 2011-09-05 15:45 ——– d—–w- c:\programdata\WindowsSearch
2011-08-29 15:23 . 2011-08-29 20:39 ——– d—–w- c:\users\Froukje\AppData\Roaming\MyHeritage
2011-08-29 15:23 . 2011-08-29 15:27 ——– d—–w- c:\programdata\MyHeritage
2011-08-29 15:23 . 2011-08-29 15:23 ——– d—–w- c:\users\Froukje\AppData\Roaming\The Complete Genealogy Reporter - FTB
2011-08-29 15:23 . 2003-07-06 11:07 372736 —-a-w- c:\windows\system32\ijl15.dll
2011-08-29 15:23 . 2002-03-06 22:19 454656 —-a-w- c:\windows\system32\PaintX.dll
2011-08-29 15:23 . 2000-05-22 14:58 608448 —-a-w- c:\windows\system32\comctl32.ocx
2011-08-29 15:23 . 2000-03-13 21:00 118784 —-a-w- c:\windows\system32\MSSTDFMT.DLL
2011-08-29 15:23 . 1998-06-23 22:00 137000 —-a-w- c:\windows\system32\msmapi32.ocx
2011-08-29 15:23 . 2011-08-29 15:23 ——– d—–w- c:\program files\MyHeritage
2011-08-24 23:01 . 2011-08-25 00:22 ——– d—–w- c:\users\Froukje\AppData\Local\Adobe
2011-08-23 18:18 . 2011-07-11 13:25 2048 —-a-w- c:\windows\system32\tzres.dll
2011-08-23 16:09 . 2011-08-23 16:09 389136 —-a-w- c:\windows\system32\FTBSaver.scr
2011-08-22 19:21 . 2011-09-05 18:57 ——– d-sh–w- c:\users\Froukje\AppData\Roaming\144CF83A
2011-08-22 19:21 . 2011-08-22 19:36 ——– d-sh–w- c:\users\Froukje\AppData\Roaming\6CB8E08F
2011-08-14 11:00 . 2011-08-14 11:00 0 —ha-w- c:\users\Froukje\AppData\Local\BIT222F.tmp
2011-08-11 00:28 . 2011-07-22 02:44 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2011-08-11 00:28 . 2011-07-22 03:00 141104 —-a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-08-11 00:28 . 2011-07-22 02:46 194048 —-a-w- c:\program files\Internet Explorer\IEShims.dll
2011-08-11 00:27 . 2011-07-22 02:54 1797632 —-a-w- c:\windows\system32\jscript9.dll
2011-08-11 00:27 . 2011-07-22 02:48 1126912 —-a-w- c:\windows\system32\wininet.dll
2011-08-10 01:31 . 2011-06-17 16:03 375808 —-a-w- c:\windows\system32\winsrv.dll
2011-08-10 01:31 . 2011-07-06 15:31 214016 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 01:31 . 2011-06-06 10:59 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 01:31 . 2011-06-20 08:54 3602832 —-a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 01:31 . 2011-06-20 08:54 3550096 —-a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 01:30 . 2011-06-17 20:13 905104 —-a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-08 04:08 . 2011-08-08 04:08 40016 —-a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-28 11:37 . 2011-05-18 11:36 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-02 15:06 . 2011-08-02 15:06 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-10 23:14 . 2011-07-10 23:14 295248 —-a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-10 23:14 . 2011-07-10 23:14 24272 —-a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-10 23:14 . 2011-07-10 23:14 16720 —-a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-10 23:14 . 2011-07-10 23:14 23120 —-a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-10 23:13 . 2011-07-10 23:13 134736 —-a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-10 23:13 . 2011-07-10 23:13 229840 —-a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-10 23:13 . 2011-07-10 23:13 32464 —-a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-01 17:09 . 2011-06-25 18:00 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
2011-09-05 18:30 1451336 —-a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
2010-09-28 21:44 1400712 —-a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
“{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll”
“{95B7759C-8C7F-4BF1-B163-73684A933233}”= “c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll”
.
.
.
“{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll”
.
.
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“recinfo”=“c:\recinfo\recinfo.exe”
“MsnMsgr”=“c:\program files\Windows Live\Messenger\MsnMsgr.Exe”
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“uTorrent”=“c:\program files\uTorrent\uTorrent.exe”
.
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“RtHDVCpl”=“RtHDVCpl.exe”
“NeroFilterCheck”=“c:\program files\Common Files\Nero\Lib\NeroCheck.exe”
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe”
“BigDogPath323VMSnap”=“c:\windows\VMSnap23.exe”
“BigDogPath323Domino”=“c:\windows\Domino.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe”
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe”
“hpqSRMon”=“c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe”
“ZSSnp211”=“c:\windows\ZSSnp211.exe”
“Domino”=“c:\windows\Domino.exe”
“Skytel”=“Skytel.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“Family Tree Builder Update”=“c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe”
“AVG_TRAY”=“c:\program files\AVG\AVG2012\avgtray.exe”
“vProt”=“c:\program files\AVG Secure Search\vprot.exe”
“Malwarebytes' Anti-Malware”=“c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe”
“Malwarebytes' Anti-Malware (reboot)”=“c:\program files\Malwarebytes' Anti-Malware\mbam.exe”
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
.
“EnableUIADesktopToggle”= 0 (0x0)
.
“mixer1”=wdmaud.drv
.
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys
R3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys
R3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\Drivers\ZS211.sys
R3 ZSMC326;TD74 USB2.0 PC Camera(VC0323);c:\windows\system32\Drivers\usbvm323.sys
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys
S1 aswSP;avast! Self Protection;
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
S2 WTService;WTService;c:\windows\system32\atwtusb.exe
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys
.
.
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de ‘Gedeelde Taken’ map
.
2011-09-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2011-09-01 c:\windows\Tasks\Norton Security Scan for Froukje.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://plasmoo.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Convert Tool… - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Froukje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Froukje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
TCP: DhcpNameServer = 172.19.3.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Froukje\AppData\Roaming\Mozilla\Firefox\Profiles\4tymzvov.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd2a15101-9c90-4b2b-9ae5-565a23661155%7D&mid=9ac325eac9fc47d1a279d168c3e8b9c7-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=8.0.0.34&lang=nl&pr=fr&d=2011-09-05%2020%3A30%3A52&sap=ku&q=
.
- - - - ORPHANS VERWIJDERD - - - -
.
BHO-{32B279E3-5023-4CD8-A295-70C79EDBB294} - c:\program files\HyvesToolbar\Hyves Toolbar\tbcore3.dll
Toolbar-{AB8DC1E0-22BE-4181-B77E-02C495E031F8} - c:\program files\HyvesToolbar\Hyves Toolbar\tbcore3.dll
WebBrowser-{AB8DC1E0-22BE-4181-B77E-02C495E031F8} - c:\program files\HyvesToolbar\Hyves Toolbar\tbcore3.dll
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-NPCTray - c:\program files\Norman\npc\bin\npc_tray.exe
HKLM-Run-TrayServer - c:\program files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\TrayServer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-06 15:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen … ComboFix 11-09-06.03 - Froukje 06-09-2011 15:26:37.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3327.2057
Gestart vanuit: c:\users\Froukje\Downloads\ComboFix.exe
AV: avast! antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Froukje\2gwi.jpg
c:\users\Froukje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4 .lnk
c:\windows\system32\mfc100deu.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-08-06 to 2011-09-06 ))))))))))))))))))))))))))))))
.
.
2011-09-06 13:34 . 2011-09-06 13:37 ——– d—–w- c:\users\Froukje\AppData\Local\temp
2011-09-06 13:34 . 2011-09-06 13:34 ——– d—–w- c:\users\Default\AppData\Local\temp
2011-09-05 19:58 . 2011-09-05 19:58 388096 —-a-r- c:\users\Froukje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-05 19:42 . 2011-09-05 19:42 ——– d—–w- c:\users\Froukje\AppData\Roaming\Malwarebytes
2011-09-05 19:42 . 2011-07-06 17:52 41272 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-05 19:42 . 2011-09-05 19:42 ——– d—–w- c:\programdata\Malwarebytes
2011-09-05 19:42 . 2011-09-05 19:51 ——– d—–w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-09-05 19:42 . 2011-09-05 19:42 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2011-09-05 19:42 . 2011-07-06 17:52 22712 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-09-05 18:51 . 2011-09-05 18:51 ——– d—–w- C:\$AVG
2011-09-05 18:32 . 2011-09-05 18:32 ——– d—–w- c:\users\Froukje\AppData\Roaming\AVG2012
2011-09-05 18:31 . 2011-09-05 18:31 ——– d—–w- c:\program files\HYVESTOOLBAR
2011-09-05 18:30 . 2011-09-05 18:30 ——– d—–w- c:\program files\Common Files\AVG Secure Search
2011-09-05 18:30 . 2011-09-05 18:31 ——– d—–w- c:\program files\AVG Secure Search
2011-09-05 18:29 . 2011-09-06 13:20 ——– d—–w- c:\windows\system32\drivers\AVG
2011-09-05 18:29 . 2011-09-05 18:56 ——– d—–w- c:\programdata\AVG2012
2011-09-05 18:27 . 2011-09-05 18:27 ——– d—–w- c:\program files\AVG
2011-09-05 18:23 . 2011-08-12 02:44 7152464 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FFADDF3-227B-49E3-AFFE-343A56D47C4A}\mpengine.dll
2011-09-05 17:34 . 2011-09-05 17:34 ——– d–h–w- c:\programdata\Common Files
2011-09-05 17:28 . 2011-09-06 13:20 ——– d—–w- c:\programdata\MFAData
2011-09-05 15:45 . 2011-09-05 15:45 ——– d—–w- c:\programdata\WindowsSearch
2011-08-29 15:23 . 2011-08-29 20:39 ——– d—–w- c:\users\Froukje\AppData\Roaming\MyHeritage
2011-08-29 15:23 . 2011-08-29 15:27 ——– d—–w- c:\programdata\MyHeritage
2011-08-29 15:23 . 2011-08-29 15:23 ——– d—–w- c:\users\Froukje\AppData\Roaming\The Complete Genealogy Reporter - FTB
2011-08-29 15:23 . 2003-07-06 11:07 372736 —-a-w- c:\windows\system32\ijl15.dll
2011-08-29 15:23 . 2002-03-06 22:19 454656 —-a-w- c:\windows\system32\PaintX.dll
2011-08-29 15:23 . 2000-05-22 14:58 608448 —-a-w- c:\windows\system32\comctl32.ocx
2011-08-29 15:23 . 2000-03-13 21:00 118784 —-a-w- c:\windows\system32\MSSTDFMT.DLL
2011-08-29 15:23 . 1998-06-23 22:00 137000 —-a-w- c:\windows\system32\msmapi32.ocx
2011-08-29 15:23 . 2011-08-29 15:23 ——– d—–w- c:\program files\MyHeritage
2011-08-24 23:01 . 2011-08-25 00:22 ——– d—–w- c:\users\Froukje\AppData\Local\Adobe
2011-08-23 18:18 . 2011-07-11 13:25 2048 —-a-w- c:\windows\system32\tzres.dll
2011-08-23 16:09 . 2011-08-23 16:09 389136 —-a-w- c:\windows\system32\FTBSaver.scr
2011-08-22 19:21 . 2011-09-05 18:57 ——– d-sh–w- c:\users\Froukje\AppData\Roaming\144CF83A
2011-08-22 19:21 . 2011-08-22 19:36 ——– d-sh–w- c:\users\Froukje\AppData\Roaming\6CB8E08F
2011-08-14 11:00 . 2011-08-14 11:00 0 —ha-w- c:\users\Froukje\AppData\Local\BIT222F.tmp
2011-08-11 00:28 . 2011-07-22 02:44 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2011-08-11 00:28 . 2011-07-22 03:00 141104 —-a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-08-11 00:28 . 2011-07-22 02:46 194048 —-a-w- c:\program files\Internet Explorer\IEShims.dll
2011-08-11 00:27 . 2011-07-22 02:54 1797632 —-a-w- c:\windows\system32\jscript9.dll
2011-08-11 00:27 . 2011-07-22 02:48 1126912 —-a-w- c:\windows\system32\wininet.dll
2011-08-10 01:31 . 2011-06-17 16:03 375808 —-a-w- c:\windows\system32\winsrv.dll
2011-08-10 01:31 . 2011-07-06 15:31 214016 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 01:31 . 2011-06-06 10:59 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 01:31 . 2011-06-20 08:54 3602832 —-a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 01:31 . 2011-06-20 08:54 3550096 —-a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 01:30 . 2011-06-17 20:13 905104 —-a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-08 04:08 . 2011-08-08 04:08 40016 —-a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-28 11:37 . 2011-05-18 11:36 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-02 15:06 . 2011-08-02 15:06 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-10 23:14 . 2011-07-10 23:14 295248 —-a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-10 23:14 . 2011-07-10 23:14 24272 —-a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-10 23:14 . 2011-07-10 23:14 16720 —-a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-10 23:14 . 2011-07-10 23:14 23120 —-a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-10 23:13 . 2011-07-10 23:13 134736 —-a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-10 23:13 . 2011-07-10 23:13 229840 —-a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-10 23:13 . 2011-07-10 23:13 32464 —-a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-01 17:09 . 2011-06-25 18:00 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
2011-09-05 18:30 1451336 —-a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
2010-09-28 21:44 1400712 —-a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
“{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll”
“{95B7759C-8C7F-4BF1-B163-73684A933233}”= “c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll”
.
.
.
“{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll”
.
.
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“recinfo”=“c:\recinfo\recinfo.exe”
“MsnMsgr”=“c:\program files\Windows Live\Messenger\MsnMsgr.Exe”
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“uTorrent”=“c:\program files\uTorrent\uTorrent.exe”
.
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“RtHDVCpl”=“RtHDVCpl.exe”
“NeroFilterCheck”=“c:\program files\Common Files\Nero\Lib\NeroCheck.exe”
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe”
“BigDogPath323VMSnap”=“c:\windows\VMSnap23.exe”
“BigDogPath323Domino”=“c:\windows\Domino.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe”
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe”
“hpqSRMon”=“c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe”
“ZSSnp211”=“c:\windows\ZSSnp211.exe”
“Domino”=“c:\windows\Domino.exe”
“Skytel”=“Skytel.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“Family Tree Builder Update”=“c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe”
“AVG_TRAY”=“c:\program files\AVG\AVG2012\avgtray.exe”
“vProt”=“c:\program files\AVG Secure Search\vprot.exe”
“Malwarebytes' Anti-Malware”=“c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe”
“Malwarebytes' Anti-Malware (reboot)”=“c:\program files\Malwarebytes' Anti-Malware\mbam.exe”
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
.
“EnableUIADesktopToggle”= 0 (0x0)
.
“mixer1”=wdmaud.drv
.
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys
R3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys
R3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\Drivers\ZS211.sys
R3 ZSMC326;TD74 USB2.0 PC Camera(VC0323);c:\windows\system32\Drivers\usbvm323.sys
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys
S1 aswSP;avast! Self Protection;
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
S2 WTService;WTService;c:\windows\system32\atwtusb.exe
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys
.
.
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de ‘Gedeelde Taken’ map
.
2011-09-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2011-09-01 c:\windows\Tasks\Norton Security Scan for Froukje.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://plasmoo.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Convert Tool… - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Froukje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Froukje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
TCP: DhcpNameServer = 172.19.3.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Froukje\AppData\Roaming\Mozilla\Firefox\Profiles\4tymzvov.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd2a15101-9c90-4b2b-9ae5-565a23661155%7D&mid=9ac325eac9fc47d1a279d168c3e8b9c7-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=8.0.0.34&lang=nl&pr=fr&d=2011-09-05%2020%3A30%3A52&sap=ku&q=
.
- - - - ORPHANS VERWIJDERD - - - -
.
BHO-{32B279E3-5023-4CD8-A295-70C79EDBB294} - c:\program files\HyvesToolbar\Hyves Toolbar\tbcore3.dll
Toolbar-{AB8DC1E0-22BE-4181-B77E-02C495E031F8} - c:\program files\HyvesToolbar\Hyves Toolbar\tbcore3.dll
WebBrowser-{AB8DC1E0-22BE-4181-B77E-02C495E031F8} - c:\program files\HyvesToolbar\Hyves Toolbar\tbcore3.dll
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-NPCTray - c:\program files\Norman\npc\bin\npc_tray.exe
HKLM-Run-TrayServer - c:\program files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\TrayServer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-06 15:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
.
c:\users\Froukje\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan succesvol afgerond
verborgen bestanden: 1
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“datasecu”=hex:d8,62,4d,2c,2e,62,c5,b3,45,d2,71,22,d1,4d,3c,0b,73,c4,72,29,f9,
ae,69,20,a7,9c,39,87,2a,63,a2,72,92,f6,56,6d,bb,1f,86,79,5b,ea,b2,67,d9,b9,\
“rkeysecu”=hex:72,87,c0,5a,ab,87,f8,4c,47,9e,31,60,0e,82,21,05
.
Voltooingstijd: 2011-09-06 15:39:45
ComboFix-quarantined-files.txt 2011-09-06 13:39
.
Pre-Run: 55.749.615.616 bytes beschikbaar
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
.
c:\users\Froukje\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan succesvol afgerond
verborgen bestanden: 1
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“datasecu”=hex:d8,62,4d,2c,2e,62,c5,b3,45,d2,71,22,d1,4d,3c,0b,73,c4,72,29,f9,
ae,69,20,a7,9c,39,87,2a,63,a2,72,92,f6,56,6d,bb,1f,86,79,5b,ea,b2,67,d9,b9,\
“rkeysecu”=hex:72,87,c0,5a,ab,87,f8,4c,47,9e,31,60,0e,82,21,05
.
Voltooingstijd: 2011-09-06 15:39:45
ComboFix-quarantined-files.txt 2011-09-06 13:39
.
Pre-Run: 55.749.615.616 bytes beschikbaar
Post-Run: 55.808.008.192 bytes beschikbaar
.
- - End Of File - - E9B6127C2A09A9B14F9F27CC984053C4
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:50:47, on 6-9-2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\VMSnap23.exe
C:\Windows\Domino.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ZSSnp211.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\Froukje\Desktop\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://plasmoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: C:\Windows\VMSnap23.exe
O4 - HKLM\..\Run: C:\Windows\Domino.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: C:\Windows\Domino.exe
O4 - HKLM\..\Run: Skytel.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKLM\..\Run: “C:\Program Files\AVG\AVG2012\avgtray.exe”
O4 - HKLM\..\Run: “C:\Program Files\AVG Secure Search\vprot.exe”
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: c:\recinfo\recinfo.exe
O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: “C:\Program Files\uTorrent\uTorrent.exe”
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to AMV Convert Tool… - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Free YouTube Download - C:\Users\Froukje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Froukje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
O23 - Service: WTService - Unknown owner - C:\Windows\system32\atwtusb.exe
–
End of file - 10000 bytes
groetCorrie
Ben

06-09-2011 16:39

Hallo corrie.
Schakel Avast eerst uit (rechts onderin taakbalk)
Gebruik dan Avast verwijdertool HIER
Download en installeer http://www.filehippo.com/download_ccleaner
Na installatie het programma standaard laten draaien.
Eerst de Cleaner en daarna het register.
Bij het installeren van de nieuwste Ccleaner wordt nu ook Google Chrome (helaas) mee geinstalleerd.
Je moet tijdens het installeren een vinkje weg halen, zodat Google Chrome niet geinstalleerd word.
Plaats daarna een nieuw HijackThis logje en vertel hoe het met je problemen staat.
Ben
http://2.bp.blogspot.com/_NAn8-ZItaHE/Scq3w6FaicI/AAAAAAAACVY/QqPkGy7EU7U/s320/school69.gif
corrievisser

06-09-2011 16:56

Hallo,
Het Lukt niet om avast te verwijderen,moet ik nu wel de volgende stap uitvoeren?
gr, Corrie
Ben

06-09-2011 18:24

Hallo Corrie,
Start HJT opnieuw en kies voor uitvoeren als administrator (Rechter muisknop en dan uitvoeren als admin)en vink onderstaande regel aan,
O4 - HKCU\..\Run: c:\recinfo\recinfo.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -
Sluit alle open vensters(behalve HijackThis), klik daarna op Fix checked.
*Heb je alle administrator rechten ?(zo nee probeer deze stappen)
*Voer verwijdertool als administrator uit (Rechter muisknop en dan uitvoeren als admin)
* Lukt dat niet doe dit; http://www.websonic.nl/pctips/windowsvista/vista_administratoraccounterughalen.php
Log in als administrator>start.configuratiescherm>programma's.een programma verwijderen>daar Avast verwijderen.
*En als dit gebeurd is ccleaner draaien.
*Lukt dit niet zeg dan waar het vast loopt.
*Na dit plaats dan een nieuw HijackThis logje en vertel hoe het met je problemen staat.
Ben
http://2.bp.blogspot.com/_NAn8-ZItaHE/Scq3w6FaicI/AAAAAAAACVY/QqPkGy7EU7U/s320/school69.gif
Ben
corrievisser

06-09-2011 19:15

Hallo,
Bij verwijderen avast
Ik krijg deze melding: The avast! self protection module is enabled for this reason, the operation cannot be completed
en bij programma verwijderen deze melding: a setiface error has occurred:536870929 try to rieinstall or contact support.
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - wil er ook niet uit.
Ben

06-09-2011 20:01

Hallo corrie,
Probeer het in veilige modus,
http://translate.googleusercontent.com/translate_c?hl=nl&prev=/search%3Fq%3Da%2Bsetiface%2Berror%2Bhas%2Boccurred:536870929%2Btry%2Bto%2Breinstall%2Bor%2Bcontact%2Bsupport%26hl%3Dnl%26biw%3D1658%26bih%3D890%26prmd%3Divnsfd&rurl=translate.google.nl&sl=en&u=http://www.avast.com/uninstall-utility&usg=ALkJrhihsPAjVRvpvZp0hdUySXvHq586-Q
Ben
http://2.bp.blogspot.com/_NAn8-ZItaHE/Scq3w6FaicI/AAAAAAAACVY/QqPkGy7EU7U/s320/school69.gif
corrievisser

06-09-2011 20:16

HALLO Ben,
Dit in al geprobeerd, maar helaas ook toen lukte het niet.
GR cORRIE
fazantje

06-09-2011 20:29

Hoi Corrie,
Probeer de volgende eens: Avast verwijdertool
Als dit nog niet lukt, dan avast eens opnieuw installeren en daarna via de eigen un-instal weer verwijderen.
Doe verder het volgende:
Klik op HijackThis - klik op Main menu - klik op open the misc tool section - klik op open uninstal manager - klik op save list.
Sla nu op en plaats deze lijst hier, samen met een nieuw HijackThis logje.
Succes,
Huib;)

PC Dochter

corrievisser

Ben

corrievisser

Ben

corrievisser

Ben

corrievisser

Ben

corrievisser

fazantje