MarijeV

Gelukt, hartelijk dank voor je hulp!

De PC lijkt weer sneller te werken; ook geen last meer gehad van het virus. Hier de logjes: ComboFix 12-08-22.01 - Marije Visser 22-08-2012 13:00:59.5.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1022.626 [GMT 2:00] Gestart vanuit: c:\documents and settings\Marije Visser\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Marije Visser\Bureaublad\CFScript.txt AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\avgfwdx.dll c:\windows\Tasks\At1.job c:\windows\Tasks\At2.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))) . . 2012-08-21 22:30 . 2012-08-22 10:55 -------- d--h--r- c:\documents and settings\Marije Visser\Onlangs geopend 2012-08-21 21:30 . 2012-08-21 21:30 -------- d-----w- c:\documents and settings\Marije Visser\Application Data\AVG2012 2012-08-21 21:29 . 2012-08-21 21:29 -------- d-----w- c:\documents and settings\Marije Visser\Local Settings\Application Data\AVG Secure Search 2012-08-21 21:28 . 2012-08-21 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search 2012-08-21 21:28 . 2012-08-21 21:28 -------- d-----w- c:\documents and settings\Marije Visser\Application Data\AVG Secure Search 2012-08-21 21:28 . 2012-08-21 21:28 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-08-21 21:28 . 2012-08-21 21:28 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-08-21 21:28 . 2012-08-21 21:28 -------- d-----w- c:\program files\AVG Secure Search 2012-08-21 21:27 . 2012-08-21 21:27 -------- d-----w- C:\$AVG 2012-08-21 11:41 . 2012-08-21 11:41 -------- d-----w- c:\documents and settings\Marije Visser\Application Data\Malwarebytes 2012-08-21 11:39 . 2012-08-21 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-08-21 11:26 . 2012-08-21 11:26 -------- d-----w- c:\windows\system32\wbem\Repository 2012-08-19 14:17 . 2012-08-21 11:11 -------- d-s---w- c:\documents and settings\Administrator 2012-08-19 14:05 . 2012-08-19 14:07 -------- d-----w- c:\documents and settings\Marije Visser\Local Settings\Application Data\jZip 2012-08-19 14:01 . 2012-08-21 11:11 -------- d-----w- c:\program files\jZip 2012-08-10 12:10 . 2012-08-21 11:17 -------- d-----w- c:\program files\IrfanView 2012-08-05 13:15 . 2012-08-21 11:18 -------- d-----w- c:\documents and settings\Marije Visser\Application Data\Dropbox . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-06 13:58 . 2004-09-14 08:38 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05 . 2004-09-14 08:48 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 18:23 . 2004-09-14 08:38 1866240 ----a-w- c:\windows\system32\win32k.sys 2012-07-02 17:38 . 2004-09-14 08:38 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:38 . 2004-09-14 08:38 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-07-02 17:38 . 2004-09-14 08:38 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05 . 2004-09-14 08:38 385024 ----a-w- c:\windows\system32\html.iec 2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-05 15:49 . 2010-11-08 18:00 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:49 . 2004-09-14 08:38 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2004-09-14 08:38 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2007-07-24 11:53 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2004-09-14 08:50 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2004-09-14 08:50 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2004-09-14 08:50 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2005-05-26 02:16 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2005-03-28 13:46 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2004-09-14 08:50 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2004-09-14 08:38 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2007-07-24 11:52 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2007-07-24 11:53 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2004-09-14 08:50 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2007-07-24 11:53 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2004-09-14 08:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2007-07-24 11:53 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2007-01-22 21:52 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2007-01-22 21:52 214256 ----a-w- c:\windows\system32\muweb.dll 2012-05-31 13:22 . 2004-09-14 08:38 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-07-14 00:15 . 2012-08-21 21:17 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-08-21 21:28 2045024 ----a-w- c:\program files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-08-21 2045024] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816] "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-12-12 366400] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-04-27 257088] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-21 1162848] "ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-21 1020512] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^Marije Visser^Menu Start^Programma's^Opstarten^Mediacontrole Cyber-shot Viewer.lnk] backup=c:\windows\pss\Mediacontrole Cyber-shot Viewer.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31-1-2012 4:46 31952] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22-2-2012 5:25 235216] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19-3-2012 5:17 301248] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [21-8-2012 23:28 27496] R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [13-6-2012 3:48 2321560] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288] R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [21-8-2012 23:28 927840] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12-1-2012 19:52 30944] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4-7-2012 17:25 5160568] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12-1-2012 19:52 30944] S3 hpoius07;USB to IEEE-1284.4 Translation Driver;c:\windows\system32\drivers\hpoius07.sys [29-5-2011 22:59 17904] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [21-8-2012 23:17 113120] . Inhoud van de 'Gedeelde Taken' map . 2012-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42] . 2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3556090332-2749007488-3232405264-1007Core.job - c:\documents and settings\Marije Visser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-23 07:26] . 2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3556090332-2749007488-3232405264-1007UA.job - c:\documents and settings\Marije Visser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-23 07:26] . 2012-08-19 c:\windows\Tasks\hpwebreg_CN1152G59805J9.job - c:\program files\HP\HP Photosmart Plus B210 series\Bin\hpwebreg.exe [2010-11-16 19:16] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nu.nl/ uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/ uInternet Settings,ProxyServer = proxy:8080 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.254 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll FF - ProfilePath - c:\documents and settings\Marije Visser\Application Data\Mozilla\Firefox\Profiles\b4p2zcyj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={1D0A2AA0-0B02-4008-A632-27C7C73F82E1}&mid=5ecfa57a27de47d6b46cd158570d62d4-98d03d90634908044cf7ba9f0c248a8a4b1c145d〈=nl&ds=AVG&pr=pr&d=2012-08-21 23:28&v=12.2.0.5&sap=ku&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-08-22 13:09 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1184) c:\windows\system32\igfxdev.dll . Voltooingstijd: 2012-08-22 13:11:46 ComboFix-quarantined-files.txt 2012-08-22 11:11 ComboFix2.txt 2012-08-21 21:10 ComboFix3.txt 2012-08-21 20:56 ComboFix4.txt 2012-08-21 20:32 ComboFix5.txt 2012-08-22 10:59 . Pre-Run: 129.347.256.320 bytes beschikbaar Post-Run: 129.358.831.616 bytes beschikbaar . - - End Of File - - 16762D8D9D5A4C85A1C5B43909A073C1 ADW LOG # AdwCleaner v1.801 - Logfile created 08/22/2012 at 13:22:34 # Updated 14/08/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Marije Visser - CC828845-B # Boot Mode : Normal # Running from : C:\Documents and Settings\Marije Visser\Mijn documenten\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\Marije Visser\Local Settings\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\Marije Visser\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search Folder Deleted : C:\Program Files\AVG Secure Search Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml ***** [Registry] ***** Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKLM\SOFTWARE\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={1D0A2AA0-0B02-4008-A632-27C7C73F82E1}&mid=5ecfa57a27de47d6b46cd158570d62d4-98d03d90634908044cf7ba9f0c248a8a4b1c145d〈=nl&ds=AVG&pr=pr&d=2012-08-21 23:28:46&v=12.2.0.5&sap=nt --> hxxp://www.google.com -\\ Mozilla Firefox v14.0.1 (nl) Profile name : default File : C:\Documents and Settings\Marije Visser\Application Data\Mozilla\Firefox\Profiles\b4p2zcyj.default\prefs.js Deleted : user_pref("gm-notifier.ui.counter.showInbox", true); Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid={1D0A2AA0-0B02-4008-A632-27C7C73F82E1}&[...] Profile name : default File : C:\Documents and Settings\Gast\Application Data\Mozilla\Firefox\Profiles\awvtqk7l.default\prefs.js Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search"); -\\ Google Chrome v21.0.1180.83 File : C:\Documents and Settings\Marije Visser\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [5527 octets] - [22/08/2012 13:22:34] ########## EOF - C:\AdwCleaner[s1].txt - [5655 octets] ##########

Het lukte niet op Recovery Console te installeren; het mislukt, terwijl ik AVG op temporary disabled heb staan. Log: ComboFix 12-08-21.02 - Marije Visser 21-08-2012 23:02:07.4.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1022.722 [GMT 2:00] Gestart vanuit: c:\documents and settings\Marije Visser\Bureaublad\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\settings.reg . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))) . . 2012-08-21 11:41 . 2012-08-21 11:41 -------- d-----w- c:\documents and settings\Marije Visser\Application Data\Malwarebytes 2012-08-21 11:39 . 2012-08-21 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-08-21 11:26 . 2012-08-21 11:26 -------- d-----w- c:\windows\system32\wbem\Repository 2012-08-21 11:11 . 2012-08-21 20:56 -------- d--h--r- c:\documents and settings\Marije Visser\Onlangs geopend 2012-08-19 14:17 . 2012-08-21 11:11 -------- d-s---w- c:\documents and settings\Administrator 2012-08-19 14:05 . 2012-08-19 14:07 -------- d-----w- c:\documents and settings\Marije Visser\Local Settings\Application Data\jZip 2012-08-19 14:01 . 2012-08-21 11:11 -------- d-----w- c:\program files\jZip 2012-08-10 12:10 . 2012-08-21 11:17 -------- d-----w- c:\program files\IrfanView 2012-08-05 13:15 . 2012-08-21 11:18 -------- d-----w- c:\documents and settings\Marije Visser\Application Data\Dropbox . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-02 12:05 . 2004-09-14 08:38 385024 ----a-w- c:\windows\system32\html.iec 2012-06-02 13:19 . 2007-07-24 11:53 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2004-09-14 08:50 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2004-09-14 08:50 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2004-09-14 08:50 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2005-05-26 02:16 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2005-03-28 13:46 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2004-09-14 08:50 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2004-09-14 08:38 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2007-07-24 11:52 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2007-07-24 11:53 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2004-09-14 08:50 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2007-07-24 11:53 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2004-09-14 08:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2007-07-24 11:53 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2007-01-22 21:52 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2007-01-22 21:52 214256 ----a-w- c:\windows\system32\muweb.dll 2012-05-31 13:22 . 2004-09-14 08:38 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-06-17 12:29 . 2011-05-13 20:43 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-08-21_19.58.12 ))))))))))))))))))))))))))))))))))))))))) . + 2012-08-21 20:59 . 2012-08-21 20:59 16384 c:\windows\Temp\Perflib_Perfdata_1d4.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816] "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-12-12 366400] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-04-27 257088] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKLM\~\startupfolder\C:^Documents and Settings^Marije Visser^Menu Start^Programma's^Opstarten^Mediacontrole Cyber-shot Viewer.lnk] backup=c:\windows\pss\Mediacontrole Cyber-shot Viewer.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . S3 hpoius07;USB to IEEE-1284.4 Translation Driver;c:\windows\system32\drivers\hpoius07.sys [29-5-2011 22:59 17904] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [28-4-2012 11:44 113120] . Inhoud van de 'Gedeelde Taken' map . 2012-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42] . 2012-08-16 c:\windows\Tasks\At1.job - c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-11-16 19:12] . 2012-08-21 c:\windows\Tasks\At2.job - c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-11-16 19:12] . 2012-08-21 c:\windows\Tasks\At3.job - c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-11-16 19:12] . 2012-08-21 c:\windows\Tasks\At4.job - c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-11-16 19:12] . 2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3556090332-2749007488-3232405264-1007Core.job - c:\documents and settings\Marije Visser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-23 07:26] . 2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3556090332-2749007488-3232405264-1007UA.job - c:\documents and settings\Marije Visser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-23 07:26] . 2012-08-19 c:\windows\Tasks\hpwebreg_CN1152G59805J9.job - c:\program files\HP\HP Photosmart Plus B210 series\Bin\hpwebreg.exe [2010-11-16 19:16] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nu.nl/ uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/ uInternet Settings,ProxyServer = proxy:8080 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.254 FF - ProfilePath - c:\documents and settings\Marije Visser\Application Data\Mozilla\Firefox\Profiles\b4p2zcyj.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4de058a0-db53-4119-aa74-91adc108a2ad%7D&mid=5ecfa57a27de47d6b46cd158570d62d4-98d03d90634908044cf7ba9f0c248a8a4b1c145d&ds=AVG&v=10.2.0.3〈=nl&pr=fr&d=2012-02-11%2023%3A52%3A53&sap=ku&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-21 23:08 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2012-08-21 23:10:28 ComboFix-quarantined-files.txt 2012-08-21 21:10 ComboFix2.txt 2012-08-21 20:56 ComboFix3.txt 2012-08-21 20:32 ComboFix4.txt 2012-08-21 20:01 . Pre-Run: 129.979.330.560 bytes beschikbaar Post-Run: 129.965.162.496 bytes beschikbaar . - - End Of File - - 9A1008FA8E2F4125E620F0E05B14FDF3

Hier alvast het logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:09:13, on 21-8-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\AVG\AVG2012\avgnsx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Marije Visser\Mijn documenten\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell UK Official Site | Dell UK R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Dell UK Official Site | Dell UK R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marije Visser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - https://myworld.insinger.com/portal/fonts/tdserver.cab O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://myworld.insinger.com/portal/scriptX/smsx.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- End of file - 9693 bytes

Ook mijn moeder heeft helaas het politievirus op haar PC gekregen afgelopen weekend. Na systeemherstel verschijnt de 'politie' melding nu niet meer, maar de PC is wel trager dus schakel ik toch graag jullie hulp in. Wat moet ik doen? Eerst een HijackThis log maken en plaatsen? Alvast dank!