Ga naar inhoud

Veerle81

Lid
  • Items

    67
  • Registratiedatum

  • Laatst bezocht

Alles dat geplaatst werd door Veerle81

  1. Momenteel werken we gewoon met internet explorer. En het is sinds een aantal weken dat we niet meer op Hotmail geraken. Op die pc staat Windows XP
  2. Hallo, We kunnen via deze computer niet meer op hotmail geraken. Wanneer we het webadres intikken komen we terecht op een volledig wit blad. Vanonder staat dan "error on page". Op onze laptop hebben we geen problemen. Zou het kunnen dat dit komt omdat onze jongste zoon nogal hardhandig met het toetsenbord omgaat en dus een bepaalde toetsencombinatie heeft ingedrukt? Groetjes Veerle
  3. Super, véél beter! Dikke merci! Nog één klein vraagje, we zouden in de toekomst graag een nieuwe laptop kopen. Is er ergens op deze site te vinden waar je allemaal op moet letten? Bedankt!
  4. # AdwCleaner v2.011 - Logfile created 12/07/2012 at 09:46:51 # Updated 02/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Dell - XP01 # Boot Mode : Normal # Running from : C:\Documents and Settings\Dell\My Documents\Downloads\adwcleaner(1).exe # Option [Delete] ***** [services] ***** Stopped & Deleted : WebOptimizer ***** [Files / Folders] ***** Deleted on reboot : C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel Deleted on reboot : C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Deleted on reboot : C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd File Deleted : C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\9vazlijc.default\searchplugins\MyStart Search.xml File Deleted : C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\9vazlijc.default\searchplugins\Web Search.xml File Deleted : C:\Documents and Settings\Dell\Desktop\Check for Updates.lnk File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\user.js Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Media Finder Folder Deleted : C:\Documents and Settings\Dell\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Dell\Application Data\BabylonToolbar Folder Deleted : C:\Documents and Settings\Dell\Application Data\incredibar.com Folder Deleted : C:\Documents and Settings\Dell\Application Data\Media Finder Folder Deleted : C:\Documents and Settings\Dell\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com Folder Deleted : C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\9vazlijc.default\extensions\plugin@yontoo.com Folder Deleted : C:\Documents and Settings\Dell\Application Data\OpenCandy Folder Deleted : C:\Documents and Settings\Dell\Start Menu\Programs\FilesFrog Update Checker Folder Deleted : C:\Program Files\BabylonToolbar Folder Deleted : C:\Program Files\FilesFrog Update Checker Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com Folder Deleted : C:\Program Files\Perion Folder Deleted : C:\Program Files\Web Assistant Folder Deleted : C:\Program Files\Yontoo Folder Deleted : C:\WINDOWS\system32\WNLT ***** [Registry] ***** Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\incredibar.com Key Deleted : HKCU\Software\MediaFinder Key Deleted : HKCU\Software\Microsoft\Babylon Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Somoto Key Deleted : HKCU\Software\Web Assistant Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\BabylonToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\b Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1 Key Deleted : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler Key Deleted : HKLM\SOFTWARE\Classes\I Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Key Deleted : HKLM\SOFTWARE\Classes\MF Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\Software\incredibar.com Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker Key Deleted : HKLM\Software\Web Assistant Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (nl) Profile name : default File : C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\9vazlijc.default\prefs.js C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\9vazlijc.default\user.js ... Deleted ! Deleted : user_pref("browser.babylon.HPOnNewTab", "isearch.claro-search.com"); Deleted : user_pref("browser.search.defaultenginename", "Claro Search"); Deleted : user_pref("browser.search.order.1", "Claro Search"); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true); Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://isearch.claro-search.com/?affID=114169&tt[...] Deleted : user_pref("extensions.claro.admin", false); Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1347889247400"); Deleted : user_pref("extensions.incredibar.admin", false); Deleted : user_pref("extensions.incredibar.aflt", "orgnl"); Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent"); Deleted : user_pref("extensions.incredibar.cntry", "BE"); Deleted : user_pref("extensions.incredibar.dfltLng", "EN"); Deleted : user_pref("extensions.incredibar.dfltSrch", false); Deleted : user_pref("extensions.incredibar.dfltlng", "EN"); Deleted : user_pref("extensions.incredibar.dfltsrch", "false"); Deleted : user_pref("extensions.incredibar.did", "10658"); Deleted : user_pref("extensions.incredibar.envrmnt", "production"); Deleted : user_pref("extensions.incredibar.excTlbr", false); Deleted : user_pref("extensions.incredibar.hdrMd5", "C8EE9955F83863C6C93005C6B47B7152"); Deleted : user_pref("extensions.incredibar.hmpg", false); Deleted : user_pref("extensions.incredibar.hrdid", "acdb185d0000000000000016761efc97"); Deleted : user_pref("extensions.incredibar.id", "acdb185d0000000000000016761efc97"); Deleted : user_pref("extensions.incredibar.installerproductid", "26"); Deleted : user_pref("extensions.incredibar.instlDay", "15552"); Deleted : user_pref("extensions.incredibar.instlRef", ""); Deleted : user_pref("extensions.incredibar.instlday", "15552"); Deleted : user_pref("extensions.incredibar.instlref", ""); Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false); Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false"); Deleted : user_pref("extensions.incredibar.keywordurl", ""); Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1420:51:47"); Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0"); Deleted : user_pref("extensions.incredibar.newTab", false); Deleted : user_pref("extensions.incredibar.newtab", "false"); Deleted : user_pref("extensions.incredibar.newtaburl", ""); Deleted : user_pref("extensions.incredibar.noFFXTlbr", false); Deleted : user_pref("extensions.incredibar.ppd", ""); Deleted : user_pref("extensions.incredibar.prdct", "incredibar"); Deleted : user_pref("extensions.incredibar.productid", "26"); Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar"); Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar"); Deleted : user_pref("extensions.incredibar.sg", "none"); Deleted : user_pref("extensions.incredibar.smplGrp", "none"); Deleted : user_pref("extensions.incredibar.smplgrp", "none"); Deleted : user_pref("extensions.incredibar.srch", ""); Deleted : user_pref("extensions.incredibar.srchprvdr", ""); Deleted : user_pref("extensions.incredibar.tlbrId", "base"); Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyJDqEG4q&loc=IB_T[...] Deleted : user_pref("extensions.incredibar.tlbrid", "base"); Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyJDqEG4q&loc=IB_T[...] Deleted : user_pref("extensions.incredibar.upn2", "6OyJDqEG4q"); Deleted : user_pref("extensions.incredibar.upn2n", "92261851587098490"); Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14"); Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1420:51:47"); Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14"); Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1420:51:47"); Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.y[...] Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.sear[...] Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...] -\\ Google Chrome v23.0.1271.95 File : C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Deleted [l.8] : homepage = "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=BE&userid=4603dff3-f264-4842-8[...] Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=BE&user[...] Deleted [l.381] : homepage = "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=BE&userid=4603dff3-f264-4842-80cb[...] Deleted [l.538] : urls_to_restore_on_startup = [ "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=BE&userid=[...] ************************* AdwCleaner[R1].txt - [18299 octets] - [07/12/2012 09:46:30] AdwCleaner[s1].txt - [7165 octets] - [29/07/2012 18:49:21] AdwCleaner[s2].txt - [18082 octets] - [07/12/2012 09:46:51] ########## EOF - C:\AdwCleaner[s2].txt - [18143 octets] ##########
  5. Op facebook nog steeds heel wat ongewenste reclame. Of is dat nu weer iets nieuws dat ze doen? Ik herinner mij dat jullie eens iets gepost hebben over een testje dat je kon doen om te kijken of je virusscanner naar behoren werkt. Waar kan ik dat precies vinden? Groetjes en bedankt
  6. ComboFix 12-12-04.01 - Dell 04/12/2012 21:28:48.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.637 [GMT 1:00] Running from: c:\documents and settings\Dell\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Dell\My Documents\CFScript.txt AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((( Files Created from 2012-11-04 to 2012-12-04 ))))))))))))))))))))))))))))))) . . 2012-12-04 19:55 . 2012-12-04 19:55 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{046D4044-9916-455C-800B-578C902354D1}\MpKslf0e824c6.sys 2012-12-03 16:59 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{046D4044-9916-455C-800B-578C902354D1}\mpengine.dll 2012-12-02 17:41 . 2012-12-02 17:41 -------- d-----w- c:\program files\directx 2012-12-02 16:37 . 2012-12-02 16:38 -------- d-----w- c:\program files\Soldier of Fortune II - Double Helix 2012-12-02 12:59 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-08 19:00 . 2012-11-08 19:24 -------- d-----w- C:\divx 2012-11-06 20:07 . 2012-11-07 16:11 -------- d-----w- c:\documents and settings\Dell\Application Data\Apple Computer 2012-11-06 20:04 . 2012-11-06 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2012-11-06 20:03 . 2012-11-06 20:03 -------- d-----w- c:\program files\Common Files\Apple 2012-11-06 20:02 . 2012-11-06 20:02 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Apple 2012-11-06 20:02 . 2012-11-06 20:02 -------- d-----w- c:\program files\Apple Software Update 2012-11-06 20:02 . 2012-11-06 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2012-11-06 20:02 . 2012-11-06 20:02 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Apple Computer 2012-11-06 19:47 . 2012-11-06 19:47 -------- d-----w- c:\documents and settings\Dell\Application Data\DDMSettings 2012-11-06 19:42 . 2012-11-08 18:59 -------- d-----w- c:\documents and settings\Dell\Application Data\DivX 2012-11-06 19:39 . 2012-11-06 19:41 -------- d-----w- c:\program files\Common Files\DivX Shared 2012-11-06 19:34 . 2012-11-06 19:42 -------- d-----w- c:\program files\DivX 2012-11-06 19:28 . 2012-11-06 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-22 08:37 . 2008-04-13 23:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-16 17:54 . 2012-10-16 17:54 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-10-16 17:54 . 2012-10-16 17:54 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-10-16 17:54 . 2010-07-02 14:01 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-02 18:04 . 2008-04-14 03:42 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-13 13:26 . 2012-09-15 06:31 1006448 ----a-w- c:\windows\system32\dmwu.exe 2012-09-13 13:24 . 2012-09-15 06:31 28160 ----a-w- c:\windows\system32\ImHttpComm.dll 2012-09-07 15:04 . 2012-10-11 13:27 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-28 18:10 . 2012-10-28 18:07 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SDP"="c:\program files\FilesFrog Update Checker\update_checker.exe" [2012-10-03 201808] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] . c:\documents and settings\Guest\Start Menu\Programs\Startup\ Internet.lnk - [N/A] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 08:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify] 2012-08-21 06:54 5576408 ----a-w- c:\documents and settings\Dell\Application Data\Spotify\spotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2012-08-21 06:53 1193176 ----a-w- c:\documents and settings\Dell\Application Data\Spotify\Data\SpotifyWebHelper.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\ExpressFiles\\expressdl.exe"= "c:\\Program Files\\ExpressFiles\\ExpressFiles.exe"= "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"= "c:\\Documents and Settings\\Dell\\Application Data\\Spotify\\spotify.exe"= "c:\\WINDOWS\\system32\\dmwu.exe"= "c:\\WINDOWS\\system32\\ARFC\\wrtc.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 MpKslf0e824c6;MpKslf0e824c6;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{046D4044-9916-455C-800B-578C902354D1}\MpKslf0e824c6.sys [4/12/2012 20:55 29904] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14/05/2009 16:07 759048] R2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [15/09/2012 7:31 1006448] S2 Freemake Improver;Freemake Improver;c:\documents and settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [22/09/2012 13:11 100864] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [17/06/2011 18:33 237008] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSLF0E824C6 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2012-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2012-12-04 c:\windows\Tasks\Express FilesUpdate.job - c:\program files\ExpressFiles\EFUpdater.exe [2012-07-31 19:12] . 2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1417001333-1005Core.job - c:\documents and settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-19 11:32] . 2012-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1417001333-1005UA.job - c:\documents and settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-19 11:32] . 2012-12-04 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Free YouTube Download - c:\documents and settings\Dell\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm TCP: DhcpNameServer = 195.130.130.5 195.130.131.5 FF - ProfilePath - c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\9vazlijc.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.be/ FF - ExtSQL: 2012-10-16 19:54; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: 2012-11-06 20:42; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: extensions.claro.admin - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-12-04 21:34 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2464) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-12-04 21:37:08 ComboFix-quarantined-files.txt 2012-12-04 20:37 ComboFix2.txt 2012-12-04 20:07 ComboFix3.txt 2012-12-02 13:55 . Pre-Run: 24.575.135.744 bytes free Post-Run: 24.560.001.024 bytes free . - - End Of File - - 0AF03CA544F34570623866448E4E625F
  7. Hier het gevraagde logje ComboFix 12-12-01.02 - Dell 02/12/2012 14:44:14.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.188 [GMT 1:00] Running from: c:\documents and settings\Dell\My Documents\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Incredibar.com c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe c:\program files\Incredibar.com\incredibar\1.5.11.14\inCRedibartlbr.dll c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 ))))))))))))))))))))))))))))))) . . 2012-12-02 13:31 . 2012-12-02 13:31 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54173A30-80F4-4A42-8608-B2EA337B5E99}\MpKsl6c47a38a.sys 2012-12-02 12:59 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54173A30-80F4-4A42-8608-B2EA337B5E99}\mpengine.dll 2012-11-30 19:22 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-08 19:00 . 2012-11-08 19:24 -------- d-----w- C:\divx 2012-11-06 20:07 . 2012-11-07 16:11 -------- d-----w- c:\documents and settings\Dell\Application Data\Apple Computer 2012-11-06 20:04 . 2012-11-06 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2012-11-06 20:03 . 2012-11-06 20:03 -------- d-----w- c:\program files\Common Files\Apple 2012-11-06 20:02 . 2012-11-06 20:02 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Apple 2012-11-06 20:02 . 2012-11-06 20:02 -------- d-----w- c:\program files\Apple Software Update 2012-11-06 20:02 . 2012-11-06 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2012-11-06 20:02 . 2012-11-06 20:02 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Apple Computer 2012-11-06 19:47 . 2012-11-06 19:47 -------- d-----w- c:\documents and settings\Dell\Application Data\DDMSettings 2012-11-06 19:42 . 2012-11-08 18:59 -------- d-----w- c:\documents and settings\Dell\Application Data\DivX 2012-11-06 19:39 . 2012-11-06 19:41 -------- d-----w- c:\program files\Common Files\DivX Shared 2012-11-06 19:34 . 2012-11-06 19:42 -------- d-----w- c:\program files\DivX 2012-11-06 19:28 . 2012-11-06 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2012-11-03 20:10 . 2012-11-03 20:10 -------- d-----w- c:\documents and settings\Dell\Application Data\Roxio . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-22 08:37 . 2008-04-13 23:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-16 17:54 . 2012-10-16 17:54 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-10-16 17:54 . 2012-10-16 17:54 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-10-16 17:54 . 2010-07-02 14:01 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-02 18:04 . 2008-04-14 03:42 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-13 13:26 . 2012-09-15 06:31 1006448 ----a-w- c:\windows\system32\dmwu.exe 2012-09-13 13:24 . 2012-09-15 06:31 28160 ----a-w- c:\windows\system32\ImHttpComm.dll 2012-09-07 15:04 . 2012-10-11 13:27 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-28 18:10 . 2012-10-28 18:07 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SDP"="c:\program files\FilesFrog Update Checker\update_checker.exe" [2012-10-03 201808] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] . c:\documents and settings\Guest\Start Menu\Programs\Startup\ Internet.lnk - [N/A] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 08:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify] 2012-08-21 06:54 5576408 ----a-w- c:\documents and settings\Dell\Application Data\Spotify\spotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2012-08-21 06:53 1193176 ----a-w- c:\documents and settings\Dell\Application Data\Spotify\Data\SpotifyWebHelper.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\ExpressFiles\\expressdl.exe"= "c:\\Program Files\\ExpressFiles\\ExpressFiles.exe"= "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"= "c:\\Documents and Settings\\Dell\\Application Data\\Spotify\\spotify.exe"= "c:\\WINDOWS\\system32\\dmwu.exe"= "c:\\WINDOWS\\system32\\ARFC\\wrtc.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 MpKsl6c47a38a;MpKsl6c47a38a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54173A30-80F4-4A42-8608-B2EA337B5E99}\MpKsl6c47a38a.sys [2/12/2012 14:31 29904] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14/05/2009 16:07 759048] R2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [15/09/2012 7:31 1006448] S2 Freemake Improver;Freemake Improver;c:\documents and settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [22/09/2012 13:11 100864] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [17/06/2011 18:33 237008] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL6C47A38A . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2012-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2012-12-02 c:\windows\Tasks\Express FilesUpdate.job - c:\program files\ExpressFiles\EFUpdater.exe [2012-07-31 19:12] . 2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1417001333-1005Core.job - c:\documents and settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-19 11:32] . 2012-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1417001333-1005UA.job - c:\documents and settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-19 11:32] . 2012-12-02 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Free YouTube Download - c:\documents and settings\Dell\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm TCP: DhcpNameServer = 195.130.130.5 195.130.131.5 FF - ProfilePath - c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\9vazlijc.default\ FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxp://google.be/ FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=BE&userid=4603dff3-f264-4842-80cb-da4c58e9d79d&affid=111585&searchtype=ds&babsrc=lnkry&q= FF - ExtSQL: 2012-10-16 19:54; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: 2012-11-06 20:42; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF - user.js: extentions.y2layers.installId - c348c3e2-1102-49d2-a7af-da41c6bc5a13 FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyJDqEG4q&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - acdb185d0000000000000016761efc97 FF - user.js: extensions.incredibar_i.instlDay - 15552 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1420:51 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OyJDqEG4q FF - user.js: extensions.incredibar_i.upn2n - 92261851587098490 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10658 FF - user.js: extensions.incredibar_i.ppd - FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=3112_1 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q= FF - user.js: extensions.BabylonToolbar.id - acdb185d0000000000000016761efc97 FF - user.js: extensions.BabylonToolbar.instlDay - 15552 FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1 FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.121:04 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extensions.claro.id - acdb185d0000000000000016761efc97 FF - user.js: extensions.claro.instlDay - 15552 FF - user.js: extensions.claro.vrsn - 1.6.4.1 FF - user.js: extensions.claro.vrsni - 1.6.4.1 FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.121:12 FF - user.js: extensions.claro.prtnrId - claro FF - user.js: extensions.claro.prdct - claro FF - user.js: extensions.claro.aflt - babsst FF - user.js: extensions.claro_i.smplGrp - none FF - user.js: extensions.claro.tlbrId - iclaro FF - user.js: extensions.claro.instlRef - sst FF - user.js: extensions.claro.dfltLng - en FF - user.js: extensions.claro.excTlbr - false FF - user.js: extensions.claro.admin - false . - - - - ORPHANS REMOVED - - - - . AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-12-02 14:53 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2012-12-02 14:55:49 ComboFix-quarantined-files.txt 2012-12-02 13:55 . Pre-Run: 24.900.747.264 bytes free Post-Run: 25.682.010.112 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - FC0F15B35865CBF55A0ABEDD557A11D2
  8. Zouden jullie nog eens dit Hijackthis logje kunnen controleren aub? De ongewenste reclame swingt hier weer de pan uit! Dikke merci! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:46:00, on 1/12/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\WINDOWS\system32\hkcmd.exe C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE C:\Program Files\FilesFrog Update Checker\update_checker.exe C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dmwu.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Dell\My Documents\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [EPSON SX420W Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU "C:\WINDOWS\TEMP\E_SDD.tmp" /EF "HKCU" O4 - HKCU\..\Run: [sDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe /auto O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Dell\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342698343578 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Freemake Improver - Freemake - C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: WebOptimizer - Unknown owner - C:\WINDOWS\system32\dmwu.exe -- End of file - 7202 bytes
  9. Mijn man heeft het ondertussen weg gekregen met de c cleaner. Maar misschien toch niet slecht ook dat logje eens door te zenden. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:48:05, on 6/11/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE C:\Program Files\FilesFrog Update Checker\update_checker.exe C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dmwu.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Documents and Settings\Dell\My Documents\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //mailurl:mailto:?body=https%3A%2F%2Fwww.koopgoedkoop.nl%2Fextendedcategory%2Fcategory%2Fview%2Fid%2F337&subject=Salontafel O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [EPSON SX420W Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU "C:\WINDOWS\TEMP\E_SDD.tmp" /EF "HKCU" O4 - HKCU\..\Run: [sDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe /auto O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Dell\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342698343578 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Freemake Improver - Freemake - C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: WebOptimizer - Unknown owner - C:\WINDOWS\system32\dmwu.exe -- End of file - 6974 bytes
  10. Hallo, Sinds vandaag hebben we reclame van "page rage ad" links op onze facebookpagina, maar ook tussen de statussen van andere mensen. Het gaat telkens over sites die we onlangs bezocht hebben. Ik vind dit super vervelend want dat staat daar maar te flikkeren. Hoe krijg ik dit weg en hoe komt dit op mijn pc? Groetjes Veerle81
  11. Dat heb ik nu gedaan, er stond inderdaad iets bij van MyStart / Incredibar. Ik heb het afgevinkt en uitgeschakeld maar het is er nog steeds Heel vreemd eigenlijk, als we onze internet aansteken komt het terecht op Google, maar alle andere nieuwe tabbladen op Mystart
  12. Voorlopig is het nog niet weg. Hier de logjes... Malwarebytes Anti-Malware 1.65.0.1400 Malwarebytes : Free anti-malware download Databaseversie: v2012.10.11.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Dell :: XP01 [administrator] 11/10/2012 15:30:37 mbam-log-2012-10-11 (15-30-37).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 265649 Verstreken tijd: 21 minuut/minuten, 55 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 1 HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd. Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:36:50, on 11/10/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dmwu.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Dell\My Documents\Downloads\HijackThis.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //mailurl:mailto:monique.vancoppenolle@ocmw.ichtegem.be O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [EPSON SX420W Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU "C:\WINDOWS\TEMP\E_SDD.tmp" /EF "HKCU" O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Dell\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342698343578 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Freemake Improver - Freemake - C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: WebOptimizer - Unknown owner - C:\WINDOWS\system32\dmwu.exe -- End of file - 6718 bytes
  13. Hallo, Telkens als we een nieuw tabblad willen openen, komt die terecht op mystart incredibar ipv Google. Hoe krijgen we dit weg? Ik heb alvast een HiJackThislogje toegevoegd... Groetjes Veerle Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:34:51, on 9/10/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Web Assistant\ExtensionUpdaterService.exe C:\WINDOWS\system32\dmwu.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Documents and Settings\Dell\My Documents\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=BE&userid=4603dff3-f264-4842-80cb-da4c58e9d79d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=BE&userid=4603dff3-f264-4842-80cb-da4c58e9d79d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=BE&userid=4603dff3-f264-4842-80cb-da4c58e9d79d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=BE&userid=4603dff3-f264-4842-80cb-da4c58e9d79d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //mailurl:mailto:monique.vancoppenolle@ocmw.ichtegem.be O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\DOCUME~1\Dell\APPLIC~1\MEDIAF~1\EXTENS~1\GENCRA~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file) O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Media Finder] "C:\Program Files\Media Finder\Media Finder.exe" /opentotray O4 - HKCU\..\Run: [EPSON SX420W Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU "C:\WINDOWS\TEMP\E_SDD.tmp" /EF "HKCU" O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe -update plugin O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Dell\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342698343578 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Freemake Improver - Freemake - C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe O23 - Service: WebOptimizer - Unknown owner - C:\WINDOWS\system32\dmwu.exe -- End of file - 9300 bytes
  14. En alweer geweldig goed door jullie geholpen. Bedankt!
  15. Mag ik terwijl eens vragen hoe je die msn messenger uitschakeld zodat die niet steeds opengaat als je de pc aansteekt? We gebruiken dat eigenlijk niet # AdwCleaner v1.703 - Logfile created 07/29/2012 at 19:49:21 # Updated 20/07/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Dell - XP01 # Running from : C:\Documents and Settings\Dell\My Documents\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\Dell\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\9vazlijc.default\extensions\ffxtlbr@babylon.com Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\BabylonToolbar Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=112542&tt=3012_2&babsrc=NT_ss&mntrId=acdb185d0000000000000016761efc97 --> hxxp://www.google.com -\\ Mozilla Firefox v14.0.1 (nl) Profile name : default File : C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\9vazlijc.default\prefs.js C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\9vazlijc.default\user.js ... Deleted ! Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112542&tt=3012_2&babsrc=NT_ss&mntr[...] Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)"); Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)"); Deleted : user_pref("extensions.BabylonToolbar.admin", false); Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=112542&tt=3012_2"); Deleted : user_pref("extensions.BabylonToolbar.babext", "babExt"); Deleted : user_pref("extensions.BabylonToolbar.babtrack", "babTrack"); Deleted : user_pref("extensions.BabylonToolbar.bbdpng", 29); Deleted : user_pref("extensions.BabylonToolbar.cntry", "BE"); Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Deleted : user_pref("extensions.BabylonToolbar.dfltlng", "en"); Deleted : user_pref("extensions.BabylonToolbar.dfltsrch", "false"); Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production"); Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false); Deleted : user_pref("extensions.BabylonToolbar.firstrun", false); Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "46F822F83994A14BDA9AD2B73B2639F8"); Deleted : user_pref("extensions.BabylonToolbar.hmpg", false); Deleted : user_pref("extensions.BabylonToolbar.hrdid", "acdb185d0000000000000016761efc97"); Deleted : user_pref("extensions.BabylonToolbar.id", "acdb185d0000000000000016761efc97"); Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15548"); Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar.instlday", "15548"); Deleted : user_pref("extensions.BabylonToolbar.instlref", "sst"); Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false"); Deleted : user_pref("extensions.BabylonToolbar.keywordurl", ""); Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.29.122:41:30"); Deleted : user_pref("extensions.BabylonToolbar.lastdp", 29); Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.0"); Deleted : user_pref("extensions.BabylonToolbar.newTab", true); Deleted : user_pref("extensions.BabylonToolbar.newtab", true); Deleted : user_pref("extensions.BabylonToolbar.newtaburl", ""); Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar.prtnrid", "babylon"); Deleted : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1"); Deleted : user_pref("extensions.BabylonToolbar.sg", "none"); Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar.smplgrp", "none"); Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar.srcext", "ss"); Deleted : user_pref("extensions.BabylonToolbar.srch", ""); Deleted : user_pref("extensions.BabylonToolbar.srchprvdr", ""); Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q="); Deleted : user_pref("extensions.BabylonToolbar.tlbrid", "base"); Deleted : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://www.google.com/search?babsrc=TB_ggl&q="); Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1"); Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.29.122:41:30"); Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1"); Deleted : user_pref("extensions.BabylonToolbar.vrsnts", "1.5.29.122:41:30"); Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112542&tt=3012_2"); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true); Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112542&tt=3012_[...] Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.122:41:30"); Deleted : user_pref("extensions.enabledAddons", "ffxtlbr@babylon.com:1.5.0,{972ce4c6-7e08-4474-a285-3208198ce6[...] Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=acdb185d0000000000000016761[...] -\\ Google Chrome v20.0.1132.57 File : C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Deleted : "homepage": "hxxp://search.babylon.com/?affID=112542&tt=3012_2&babsrc=HP_ss&mntrId=acdb185d000000[...] Deleted : "session": {"restore_on_startup": 4, "urls_to_restore_on_startup": [ "hxxp://search.babylon.com/?[...] ************************* AdwCleaner[s1].txt - [7036 octets] - [29/07/2012 19:49:21] ########## EOF - C:\AdwCleaner[s1].txt - [7164 octets] ##########
  16. Bij deze... Merci!!! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:16:00, on 29/07/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Dell\My Documents\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: (no name) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Dell\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342698343578 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 5706 bytes
  17. Mijn man heeft het al weggekregen Zend ik toch nog best eens een logje door? Groetjes
  18. Hallo, We hebben een nieuwe (tweedehandse) computer gekocht via het werk van mijn vader. Nu staat daar zo'n ongewenste zoekbalk vanboven die ik er liever niet op had. Kunnen jullie helpen om die eraf te smijten? Ik weet niet of dit bericht op de goede plaats in het forum staat? Merci!
  19. Puf! Dat was niet gemakkelijk om op te lossen zeg! Heel erg bedankt voor jullie hulp!!!!!!!!!
  20. Geen afzonderlijke profielen. Vreemd hé? Maar het is wel gelukt door firefox opnieuw te downloaden! Hoera! Al versta ik niet hoe dit nu allemaal is gekomen, hoe kwam ik aan die malware en hoe komt het dat mijn virusscanner die niet heeft opgepikt?
  21. We gebruiken allebei firefox. Maar heb het nu eens geprobeerd met explorer en daar gaat het wel?!?
  22. Heel raar maar bij de buren lukt het wel. Ik heb nochtans een goed beveiligde facebook (dacht ik) met een ingewikkeld paswoord
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.