Heren, ik (of eigenlijk Rudi) denk dat er schoonmaak nodig is

• 

  goudlokje

  07-08-2012 14:21

  Ik kreeg vandaag een zeer dubieus mailtje binnen. In mijn onschuld wilde ik hem doorsturen naar Rudi. Dat lukte overigens niet. Rudi heeft Mbam op mijn lappie losgelaten en daar kwamen 9 infecties uit, die hij verwijderd heeft. We hebben het hele stappenplan doorlopen en hierbij de gevraagde logjes ( die van die 9 heb ik overigens ook nog)

  Logfile of Trend Micro HijackThis v2.0.4

  Scan saved at 14:16:15, on 7-8-2012

  Platform: Windows Vista SP2 (WinNT 6.00.1906)

  MSIE: Internet Explorer v9.00 (9.00.8112.16447)

  Boot mode: Normal

  Running processes:

  C:\Windows\system32\Dwm.exe

  C:\Windows\Explorer.EXE

  C:\Windows\system32\taskeng.exe

  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

  C:\Program Files\HP\QuickPlay\QPService.exe

  C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

  C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

  C:\Windows\system32\igfxsrvc.exe

  C:\Program Files\DYMO\DYMO Label Software\DLSService.exe

  C:\Program Files\iTunes\iTunesHelper.exe

  C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

  C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

  C:\Windows\System32\igfxtray.exe

  C:\Windows\System32\hkcmd.exe

  C:\Windows\System32\igfxpers.exe

  C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

  C:\Program Files\IncrediMail\Bin\IncMail.exe

  C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe

  C:\Program Files\Windows Media Player\wmpnscfg.exe

  C:\Program Files\Logitech\SetPoint\SetPoint.exe

  C:\Windows\system32\RunDll32.exe

  C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SqlMangr.exe

  C:\Windows\System32\mobsync.exe

  C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

  C:\Program Files\IncrediMail\bin\IMApp.exe

  C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

  C:\Windows\system32\conime.exe

  C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

  C:\Program Files\Internet Explorer\iexplore.exe

  C:\Program Files\Internet Explorer\iexplore.exe

  C:\Program Files\Safari\Safari.exe

  C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

  C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE

  C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

  C:\Users\Renate\Downloads\HijackThis.exe

  C:\Windows\system32\DllHost.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3227982

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alawar.co.nl

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

  R3 - URLSearchHook: appbario8 Toolbar - {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files\appbario8\prxtbappb.dll

  O2 - BHO: appbario8 - {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files\appbario8\prxtbappb.dll

  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

  O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll

  O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

  O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL

  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

  O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll

  O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

  O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll

  O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

  O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

  O4 - HKLM\..\Run: “C:\Program Files\HP\QuickPlay\QPService.exe”

  O4 - HKLM\..\Run: “C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\LabelPrint” UpdateWithCreateOnce “Software\CyberLink\LabelPrint\2.5”

  O4 - HKLM\..\Run: “C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\DVD Suite” UpdateWithCreateOnce “Software\CyberLink\PowerStarter”

  O4 - HKLM\..\Run: “C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\YouCam” UpdateWithCreateOnce “Software\CyberLink\YouCam\2.0”

  O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

  O4 - HKLM\..\Run: “C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\Power2Go” UpdateWithCreateOnce “SOFTWARE\CyberLink\Power2Go\6.0”

  O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\PowerDirector” UpdateWithCreateOnce “SOFTWARE\CyberLink\PowerDirector\7.0”

  O4 - HKLM\..\Run: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

  O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

  O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

  O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

  O4 - HKLM\..\Run: “C:\Program Files\DYMO\DYMO Label Software\DLSService.exe”

  O4 - HKLM\..\Run: KHALMNPR.EXE

  O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”

  O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”

  O4 - HKLM\..\Run: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

  O4 - HKLM\..\Run: C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

  O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe

  O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe

  O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe

  O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray

  O4 - HKCU\..\Run: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

  O4 - HKCU\..\Run: C:\Program Files\IncrediMail\bin\IncMail.exe /c

  O4 - HKCU\..\Run: “C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe” /startup

  O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe

  O4 - Startup: Inktwaarschuwingen controleren - HP Deskjet 3050A J611 series.lnk = ?

  O4 - Startup: Service Manager.lnk = ?

  O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

  O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

  O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe

  O9 - Extra ‘Tools’ menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe

  O11 - Options group: Accelerated graphics

  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

  O20 - AppInit_DLLs: c:\progra~2\sideki~1\22513~1.159\{6f06c~1\sskmngr.dll

  O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

  O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

  O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

  O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

  O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares Ultra\chatServer.exe

  O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

  O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

  O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

  O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

  O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

  O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

  O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

  O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

  O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

  O23 - Service: MSSQLSERVER - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

  O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

  O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

  O23 - Service: Sidekick Manager - Unknown owner - C:\ProgramData\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\sskmngr.exe

  O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE

  O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

  –

  End of file - 11437 bytes

  Malwarebytes Anti-Malware 1.62.0.1300

  www.malwarebytes.org

  Databaseversie: v2012.08.07.04

  Windows Vista Service Pack 2 x86 NTFS

  Internet Explorer 9.0.8112.16421

  Renate :: PC_VAN_RENATE

  7-8-2012 13:53:53

  mbam-log-2012-08-07 (13-53-53).txt

  Scantype: Snelle scan

  Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

  Uitgeschakelde scanopties: P2P

  Objecten gescand: 221543

  Verstreken tijd: 18 minuut/minuten, 20 seconde(n)

  Geheugenprocessen gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Geheugenmodulen gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Registersleutels gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Registerwaarden gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Registerdata gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Mappen gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Bestanden gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  (einde)

  Hartelijk dank bij voorbaat

  Rapporteren
• 

  goudlokje

  07-08-2012 15:21

  Ik kom overigens mijn hotmail niet meer in in. Er komt telkens een popup met" Gebruikersaccountbeheer, uw toestemming is nodig………….ssvagent.exe Oracle America, inc.

  Ik geef : doorgaan, maar dat schiet niet op. popup blijft komen

  Rapporteren
• 

  Jos H

  07-08-2012 15:26

  Zet dan het logje van Mbam waarin de verwijderingen instaan hier neer.

  Mogelijk kan dat aanwijzingen geven.

  Rapporteren
• 

  goudlokje

  07-08-2012 15:31

  Malwarebytes Anti-Malware 1.62.0.1300

  www.malwarebytes.org

  Databaseversie: v2012.08.07.03

  Windows Vista Service Pack 2 x86 NTFS

  Internet Explorer 9.0.8112.16421

  Renate :: PC_VAN_RENATE

  7-8-2012 12:28:20

  mbam-log-2012-08-07 (12-28-20).txt

  Scantype: Snelle scan

  Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

  Uitgeschakelde scanopties: P2P

  Objecten gescand: 221082

  Verstreken tijd: 11 minuut/minuten, 52 seconde(n)

  Geheugenprocessen gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Geheugenmodulen gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Registersleutels gedetecteerd: 15

  HKCR\CrossriderApp0005060.BHO (PUP.CrossFire.Gen) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCR\CrossriderApp0005060.BHO.1 (PUP.CrossFire.Gen) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCR\CrossriderApp0005060.FBApi (PUP.CrossFire.Gen) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCR\CrossriderApp0005060.FBApi.1 (PUP.CrossFire.Gen) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCR\CrossriderApp0005060.Sandbox (PUP.CrossFire.Gen) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCR\CrossriderApp0005060.Sandbox.1 (PUP.CrossFire.Gen) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCU\Software\Cr_Installer\5060 (Adware.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160} (PUP.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCR\CLSID\{11111111-1111-1111-1111-110011501160} (PUP.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCR\TypeLib\{44444444-4444-4444-4444-440044504460} (PUP.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCR\Interface\{55555555-5555-5555-5555-550055505560} (PUP.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160} (PUP.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160} (PUP.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160} (PUP.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.

  Registerwaarden gedetecteerd: 1

  HKCU\Software\InstalledBrowserExtensions\215 Apps|5060 (PUP.CrossFire.SA) -> Data: Savings Sidekick -> Succesvol in quarantaine geplaatst en verwijderd.

  Registerdata gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Mappen gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Bestanden gedetecteerd: 1

  C:\Program Files\Savings Sidekick\Savings Sidekick.dll (PUP.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.

  (einde)

  Rapporteren
• 

  fazantje

  07-08-2012 18:50

  Hoi Goudlokje,

  Hoe krijg je het weer voor elkaar:S

  Verwijder vanuit: Start - deze computer (C) - configuratiescherm - programma's en onderdelen, indien aanwezig, de volgende zaken:

  Conduit

  appbario8

  Doe het volgende:

  Download combofix.exe hier.

  Schakel jou virus scanner nu uit.

  Dit doe je rechts onderin jou taakbalk

  ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.

  Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.

  Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de “contents of the ComboFix package has been compromised”.

  Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.

  Krijg je deze melding dan meld je dit.

  Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).

  Wees geduldig en denk niet van de scanner is op tilt.

  Post de inhoud van dit bestandje samen met een nieuw HijackThis logje.

  Succes,

  Huib;)

  

  Rapporteren
• 

  goudlokje

  07-08-2012 19:55

  Wist ik het maar !

  ComboFix 12-08-07.03 - Renate 07-08-2012 19:05:39.5.2 - x86

  Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.3002.1284

  Gestart vanuit: c:\users\Renate\Downloads\ComboFix-1.exe

  AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

  FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

  SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

  SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

  .

  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

  .

  .

  c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2 .lnk

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\chrome.manifest

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\chrome\content\background.html

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\chrome\content\browser.xul

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\chrome\content\crossrider.js

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\chrome\content\crossriderapi.js

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\chrome\content\dialog.js

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\chrome\content\lib\faye-browser-min.js

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\chrome\content\manage-apps-style.css

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\chrome\content\manage-apps.html

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\chrome\content\messaging.js

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\chrome\content\options.js

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\chrome\content\options.xul

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\chrome\content\push.html

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\chrome\content\search_dialog.xul

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\chrome\content\update.html

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\defaults\preferences\prefs.js

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\install.rdf

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\locale\en-US\translations.dtd

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\skin\button1.png

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\skin\button2.png

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\skin\button3.png

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\skin\button4.png

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\skin\button5.png

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\skin\crossrider_statusbar.png

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\skin\icon128.png

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\skin\icon16.png

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\skin\icon24.png

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\skin\icon48.png

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\skin\panelarrow-up.png

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\skin\popup.css

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\skin\popup.html

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\skin\popup_binding.xml

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\skin\skin.css

  c:\users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\017eu938.default\extensions\crossriderapp5060@crossrider.com\skin\update.css

  .

  .

  (((((((((((((((((((( Bestanden Gemaakt van 2012-07-07 to 2012-08-07 ))))))))))))))))))))))))))))))

  .

  .

  2012-08-07 17:36 . 2012-08-07 17:36 ——– d—–w- c:\users\Public\AppData\Local\temp

  2012-08-07 17:36 . 2012-08-07 17:36 ——– d—–w- c:\users\Default\AppData\Local\temp

  2012-08-07 17:36 . 2012-08-07 17:36 ——– d—–w- c:\users\Administrator\AppData\Local\temp

  2012-08-07 14:14 . 2012-08-07 14:14 ——– d—–w- c:\windows\system32\drivers\NSS

  2012-08-07 14:14 . 2012-08-07 14:14 ——– d—–w- c:\program files\Norton Security Scan

  2012-08-07 14:14 . 2012-08-07 14:14 ——– d—–w- c:\windows\Sidekick Manager

  2012-08-07 14:14 . 2012-08-07 14:14 ——– d—–w- c:\windows\searchplugins

  2012-08-07 10:46 . 2012-08-07 10:46 ——– d—–w- c:\windows\system32\Extensions

  2012-08-03 13:59 . 2012-08-03 13:59 9827016 —-a-w- c:\windows\system32\FlashPlayerInstaller.exe

  2012-07-27 11:32 . 2012-07-27 11:32 ——– d—–w- c:\programdata\VirtualizedApplications

  2012-07-27 08:59 . 2012-07-27 08:59 ——– dc—-r- C:\MSOCache

  2012-07-27 08:54 . 2012-07-27 08:54 ——– d—–w- c:\users\Renate\Sidekick Manager

  2012-07-27 08:54 . 2012-07-27 08:54 ——– d—–w- c:\users\Renate\searchplugins

  2012-07-27 08:53 . 2012-07-27 08:53 ——– d—–w- c:\programdata\IBUpdaterService

  2012-07-27 08:53 . 2012-07-27 08:47 666272 —-a-w- c:\program files\Uninstall Information\ib_uninst_514\uninstall.exe

  2012-07-27 08:52 . 2012-07-27 08:52 ——– d—–w- c:\program files\Conduit

  2012-07-27 08:52 . 2012-07-27 08:47 666272 —-a-w- c:\program files\Uninstall Information\ib_uninst_540\uninstall.exe

  2012-07-27 08:52 . 2012-07-27 08:47 666272 —-a-w- c:\program files\Uninstall Information\ib_uninst_555\uninstall.exe

  2012-07-27 08:51 . 2012-07-27 08:51 ——– d—–w- c:\windows\system32\Sidekick Manager

  2012-07-27 08:51 . 2012-07-27 08:51 ——– d—–w- c:\windows\system32\searchplugins

  2012-07-27 08:51 . 2012-07-27 08:51 ——– d—–w- c:\programdata\Sidekick Manager

  2012-07-27 08:50 . 2012-07-27 08:50 ——– d—–w- c:\users\Renate\AppData\Local\Savings Sidekick

  2012-07-27 08:50 . 2012-08-07 10:41 ——– d—–w- c:\program files\Savings Sidekick

  2012-07-27 08:50 . 2012-07-27 08:50 ——– d—–w- c:\users\Renate\AppData\Local\SoftGrid Client

  2012-07-27 08:50 . 2012-08-07 11:06 ——– d—–w- c:\users\Renate\AppData\Roaming\SoftGrid Client

  2012-07-27 08:48 . 2012-07-27 08:48 ——– d—–w- c:\program files\Microsoft Application Virtualization Client

  2012-07-27 08:47 . 2012-08-07 11:13 ——– d—–w- c:\users\Renate\AppData\Roaming\TP

  2012-07-19 12:22 . 2012-07-19 12:22 ——– d—–w- c:\users\Administrator\AppData\Local\Apple

  2012-07-13 09:59 . 2012-07-13 09:59 ——– d—–w- c:\users\Administrator\AppData\Roaming\OpenOffice.org

  2012-07-12 10:38 . 2012-07-12 10:38 ——– d—–w- c:\users\Administrator\AppData\Local\Adobe

  2012-07-12 01:09 . 2012-06-13 13:40 2047488 —-a-w- c:\windows\system32\win32k.sys

  2012-07-11 20:48 . 2012-06-05 16:47 708608 —-a-w- c:\program files\Common Files\System\ado\msado15.dll

  2012-07-11 20:48 . 2012-06-05 16:47 1401856 —-a-w- c:\windows\system32\msxml6.dll

  2012-07-11 20:48 . 2012-06-05 16:47 1248768 —-a-w- c:\windows\system32\msxml3.dll

  2012-07-11 20:48 . 2012-06-04 15:26 440704 —-a-w- c:\windows\system32\drivers\ksecdd.sys

  2012-07-11 20:48 . 2012-06-02 00:04 278528 —-a-w- c:\windows\system32\schannel.dll

  2012-07-11 20:48 . 2012-06-02 00:03 204288 —-a-w- c:\windows\system32\ncrypt.dll

  .

  .

  .

  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

  .

  2012-08-03 13:59 . 2012-04-28 12:27 426184 —-a-w- c:\windows\system32\FlashPlayerApp.exe

  2012-08-03 13:59 . 2011-08-17 14:02 70344 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

  2012-07-03 11:46 . 2010-10-30 10:25 22344 —-a-w- c:\windows\system32\drivers\mbam.sys

  2012-06-02 22:19 . 2012-06-21 05:30 53784 —-a-w- c:\windows\system32\wuauclt.exe

  2012-06-02 22:19 . 2012-06-21 05:30 45080 —-a-w- c:\windows\system32\wups2.dll

  2012-06-02 22:19 . 2012-06-21 05:29 35864 —-a-w- c:\windows\system32\wups.dll

  2012-06-02 22:19 . 2012-06-21 05:29 577048 —-a-w- c:\windows\system32\wuapi.dll

  2012-06-02 22:19 . 2012-06-21 05:30 1933848 —-a-w- c:\windows\system32\wuaueng.dll

  2012-06-02 22:12 . 2012-06-21 05:30 2422272 —-a-w- c:\windows\system32\wucltux.dll

  2012-06-02 22:12 . 2012-06-21 05:29 88576 —-a-w- c:\windows\system32\wudriver.dll

  2012-06-02 13:19 . 2012-06-21 05:29 171904 —-a-w- c:\windows\system32\wuwebv.dll

  2012-06-02 13:12 . 2012-06-21 05:29 33792 —-a-w- c:\windows\system32\wuapp.exe

  .

  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

  .

  .

  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  REGEDIT4

  .

  “LightScribe Control Panel”=“c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe”

  “IncrediMail”=“c:\program files\IncrediMail\bin\IncMail.exe”

  “DymoQuickPrint”=“c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe”

  “WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe”

  .

  “SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”

  “QPService”=“c:\program files\HP\QuickPlay\QPService.exe”

  “UpdateLBPShortCut”=“c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe”

  “UpdatePSTShortCut”=“c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe”

  “UCam_Menu”=“c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe”

  “QlbCtrl.exe”=“c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe”

  “UpdateP2GoShortCut”=“c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe”

  “UpdatePDIRShortCut”=“c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe”

  “HP Health Check Scheduler”=“c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe”

  “hpWirelessAssistant”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe”

  “Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

  “Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

  “DLSService”=“c:\program files\DYMO\DYMO Label Software\DLSService.exe”

  “Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE”

  “APSDaemon”=“c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe”

  “iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe”

  “CanonMyPrinter”=“c:\program files\Canon\MyPrinter\BJMyPrt.exe”

  “CanonSolutionMenuEx”=“c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE”

  “Malwarebytes' Anti-Malware”=“c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe”

  .

  c:\users\Renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

  Inktwaarschuwingen controleren - HP Deskjet 3050A J611 series.lnk - c:\windows\system32\RunDll32.exe

  Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\SqlMangr.exe

  .

  c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

  Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe

  Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

  .

  “EnableUIADesktopToggle”= 0 (0x0)

  .

  “AppInit_DLLs”=c:\progra~2\SIDEKI~1\22513~1.159\{6F06C~1\sskmngr.dll

  “LoadAppInit_DLLs”=1 (0x1)

  .

  @=“Driver”

  .

  path=

  backup=c:\windows\pss\OpenOffice.org 3.2 .lnk.Startup

  backupExtension=.Startup

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence

  .

  2012-01-03 07:37 843712 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

  .

  2012-01-03 21:51 37296 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

  .

  2008-05-20 13:09 2830848 —-a-w- c:\program files\Ares Ultra\Ares Ultra.exe

  .

  2008-05-20 13:09 2830848 —-a-w- c:\program files\Ares Ultra\Ares Ultra.exe

  .

  2011-10-09 17:06 421736 —-a-w- c:\program files\iTunes\iTunesHelper.exe

  .

  2011-10-24 13:28 421888 —-a-w- c:\program files\QuickTime\QTTask.exe

  .

  2012-01-17 09:07 252296 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

  .

  R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

  S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

  .

  .

  — Andere Services/Drivers In Geheugen —

  .

  *NewlyCreated* - MBAMPROTECTOR

  .

  LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

  LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

  .

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

  ezSharedSvc

  .

  2008-06-09 09:14 451872 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

  .

  Inhoud van de ‘Gedeelde Taken’ map

  .

  2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job

  - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

  .

  2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

  - c:\program files\Google\Update\GoogleUpdate.exe

  .

  2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

  - c:\program files\Google\Update\GoogleUpdate.exe

  .

  2012-08-07 c:\windows\Tasks\HP Photo Creations Messager.job

  - c:\programdata\HP Photo Creations\MessageCheck.exe

  .

  2012-08-07 c:\windows\Tasks\HPCeeScheduleForRenate.job

  - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe

  .

  2012-08-07 c:\windows\Tasks\Norton Security Scan for Renate.job

  - c:\progra~1\NORTON~4\Engine\372~1.5\Nss.exe

  .

  .

  ——- Bijkomende Scan ——-

  .

  uStart Page = hxxp://www.google.nl/

  mStart Page = hxxp://alawar.co.nl

  mLocal Page =

  uInternet Settings,ProxyOverride = *.local

  IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

  TCP: DhcpNameServer = 212.54.35.25 212.54.40.25

  .

  - - - - ORPHANS VERWIJDERD - - - -

  .

  URLSearchHooks-{0cc09160-108c-4759-bab1-5c12c216e005} - (no file)

  Toolbar-10 - (no file)

  WebBrowser-{0CC09160-108C-4759-BAB1-5C12C216E005} - (no file)

  AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe

  .

  .

  .

  **************************************************************************

  .

  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

  Rootkit scan 2012-08-07 19:39

  Windows 6.0.6002 Service Pack 2 NTFS

  .

  scannen van verborgen processen …

  .

  scannen van verborgen autostart items …

  .

  scannen van verborgen bestanden …

  .

  .

  c:\users\Renate\AppData\Local\Temp\catchme.dll 53248 bytes executable

  .

  Scan succesvol afgerond

  verborgen bestanden: 1

  .

  **************************************************************************

  .

  “ImagePath”=“\”c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\“ /s \”NIS\“ /m \”c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\“ /prefetch:1”

  .

  ——————— VERGRENDELDE REGISTER SLEUTELS ———————

  .

  @Denied: (A) (Users)

  @Denied: (A) (Everyone)

  @Allowed: (B 1 2 3 4 5) (S-1-5-20)

  “BlindDial”=dword:00000000

  .

  Voltooingstijd: 2012-08-07 19:50:53

  ComboFix-quarantined-files.txt 2012-08-07 17:50

  ComboFix2.txt 2011-09-22 20:13

  .

  Pre-Run: 117.399.003.136 bytes beschikbaar

  Post-Run: 117.526.077.440 bytes beschikbaar

  .

  - - End Of File - - A032F391990767EE236EF8ADD573C2D6

  HT volgt zo !!

  Rapporteren
• 

  goudlokje

  07-08-2012 20:00

  Logfile of Trend Micro HijackThis v2.0.4

  Scan saved at 19:58:31, on 7-8-2012

  Platform: Windows Vista SP2 (WinNT 6.00.1906)

  MSIE: Internet Explorer v9.00 (9.00.8112.16447)

  Boot mode: Normal

  Running processes:

  C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

  C:\Windows\system32\Dwm.exe

  C:\Windows\system32\taskeng.exe

  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

  C:\Program Files\HP\QuickPlay\QPService.exe

  C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

  C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

  C:\Windows\system32\igfxsrvc.exe

  C:\Program Files\DYMO\DYMO Label Software\DLSService.exe

  C:\Program Files\iTunes\iTunesHelper.exe

  C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

  C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

  C:\Windows\System32\igfxtray.exe

  C:\Windows\System32\hkcmd.exe

  C:\Windows\System32\igfxpers.exe

  C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

  C:\Program Files\IncrediMail\Bin\IncMail.exe

  C:\Program Files\Windows Media Player\wmpnscfg.exe

  C:\Program Files\Logitech\SetPoint\SetPoint.exe

  C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SqlMangr.exe

  C:\Windows\System32\mobsync.exe

  C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

  C:\Program Files\IncrediMail\bin\IMApp.exe

  C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

  C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

  C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE

  C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

  C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

  C:\Program Files\Windows Media Player\wmplayer.exe

  C:\ProgramData\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\sskmngr.exe

  C:\Windows\system32\conime.exe

  C:\Windows\explorer.exe

  C:\Program Files\Safari\Safari.exe

  C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

  C:\Users\Renate\Downloads\HijackThis-1.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alawar.co.nl

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

  O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll

  O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

  O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL

  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

  O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll

  O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

  O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll

  O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

  O4 - HKLM\..\Run: “C:\Program Files\HP\QuickPlay\QPService.exe”

  O4 - HKLM\..\Run: “C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\LabelPrint” UpdateWithCreateOnce “Software\CyberLink\LabelPrint\2.5”

  O4 - HKLM\..\Run: “C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\DVD Suite” UpdateWithCreateOnce “Software\CyberLink\PowerStarter”

  O4 - HKLM\..\Run: “C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\YouCam” UpdateWithCreateOnce “Software\CyberLink\YouCam\2.0”

  O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

  O4 - HKLM\..\Run: “C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\Power2Go” UpdateWithCreateOnce “SOFTWARE\CyberLink\Power2Go\6.0”

  O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\PowerDirector” UpdateWithCreateOnce “SOFTWARE\CyberLink\PowerDirector\7.0”

  O4 - HKLM\..\Run: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

  O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

  O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

  O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

  O4 - HKLM\..\Run: “C:\Program Files\DYMO\DYMO Label Software\DLSService.exe”

  O4 - HKLM\..\Run: KHALMNPR.EXE

  O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”

  O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”

  O4 - HKLM\..\Run: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

  O4 - HKLM\..\Run: C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

  O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray

  O4 - HKCU\..\Run: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

  O4 - HKCU\..\Run: C:\Program Files\IncrediMail\bin\IncMail.exe /c

  O4 - HKCU\..\Run: “C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe” /startup

  O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe

  O4 - Startup: Inktwaarschuwingen controleren - HP Deskjet 3050A J611 series.lnk = ?

  O4 - Startup: Service Manager.lnk = ?

  O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

  O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

  O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe

  O9 - Extra ‘Tools’ menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe

  O11 - Options group: Accelerated graphics

  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

  O20 - AppInit_DLLs: c:\PROGRA~2\SIDEKI~1\22513~1.159\{6F06C~1\sskmngr.dll

  O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

  O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

  O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

  O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

  O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares Ultra\chatServer.exe

  O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

  O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

  O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

  O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

  O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

  O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

  O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

  O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

  O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

  O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

  O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

  O23 - Service: Sidekick Manager - Unknown owner - C:\ProgramData\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\sskmngr.exe

  O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

  –

  End of file - 10787 bytes

  Rapporteren
• 

  goudlokje

  07-08-2012 20:09

  Hotmail doet het weer goed en IE ook ( die had ik nog niet gemeld)

  Rapporteren
• 

  fazantje

  07-08-2012 20:10

  Hoi Renate,

  Ik ben net bezig om de zaak na te kijken.

  Moment.

  Groetjes Huib;)

  

  Rapporteren
• 

  fazantje

  07-08-2012 20:26

  Hoi Renate,

  Download OTC exe hier, om combo weer helemaal te verwijderen.

  Plaats het bestand op je bureaublad.

  Zorg dat er een internetverbinding is.

  Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.

  Lukt dat niet , dan dubbelklikken op het icoon.

  Klik nu op de knop "CleanUp!"

  Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.

  OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.

  verwijder ook je oude herstelpunten. Als jij het niet weet, weet Rudi het wel;)

  Nu gaan we nog even schoonmaken;

  Voer punt 5 en 6 uit van ons schoonmaakplan.

  Laat even weten hoe het is gegaan.

  Groetjes Huib;)

  

  Rapporteren

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.