johnbernhard

# AdwCleaner v3.003 - Report created 10/09/2013 at 19:43:44 # Updated 07/09/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 2 (32 bits) # Username : gebruiker - APPARTEMENT # Running from : C:\Documents and Settings\gebruiker\My Documents\Downloads\virus-malw-sw\adwcleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : winzipersvc ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon Folder Deleted : C:\Documents and Settings\All Users\Application Data\eSafe Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\WinZipper Folder Deleted : C:\Program Files\Desk 365 Folder Deleted : C:\Program Files\WinZipper Folder Deleted : C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\Desk365 Folder Deleted : C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\eIntaller Folder Deleted : C:\Documents and Settings\gebruiker\Application Data\DefaultTab Folder Deleted : C:\Documents and Settings\gebruiker\Application Data\DriverCure Folder Deleted : C:\Documents and Settings\gebruiker\Application Data\PerformerSoft Folder Deleted : C:\Documents and Settings\gebruiker\Application Data\utilitychest_49 Folder Deleted : C:\Documents and Settings\gebruiker\Application Data\WinZipper File Deleted : C:\Documents and Settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\sb1n8p7y.default\Extensions\addon@defaulttab.com.xpi File Deleted : C:\Documents and Settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\sb1n8p7y.default\\invalidprefs.js File Deleted : C:\Documents and Settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\sb1n8p7y.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} Key Deleted : HKCU\Software\BabSolution Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\V9 Key Deleted : HKLM\Software\Default Tab Key Deleted : HKLM\Software\delta-homesSoftware Key Deleted : HKLM\Software\Desksvc Key Deleted : HKLM\Software\eSafeSecControl Key Deleted : HKLM\Software\TENCENT Key Deleted : HKLM\Software\V9 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab ***** [ Browsers ] ***** -\\ Internet Explorer v6.0.2900.2180 -\\ Mozilla Firefox v [ File : C:\Documents and Settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\sb1n8p7y.default\prefs.js ] Line Deleted : user_pref("extensions.delta.admin", false); Line Deleted : user_pref("extensions.delta.aflt", "babsst"); Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Line Deleted : user_pref("extensions.delta.autoRvrt", "false"); Line Deleted : user_pref("extensions.delta.dfltLng", "nl"); Line Deleted : user_pref("extensions.delta.excTlbr", false); Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true); Line Deleted : user_pref("extensions.delta.id", "20b7b2bf00000000000000121796d45c"); Line Deleted : user_pref("extensions.delta.instlDay", "15940"); Line Deleted : user_pref("extensions.delta.instlRef", "sst"); Line Deleted : user_pref("extensions.delta.newTab", false); Line Deleted : user_pref("extensions.delta.prdct", "delta"); Line Deleted : user_pref("extensions.delta.prtnrId", "delta"); Line Deleted : user_pref("extensions.delta.rvrt", "false"); Line Deleted : user_pref("extensions.delta.smplGrp", "none"); Line Deleted : user_pref("extensions.delta.tlbrId", "base"); Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", ""); Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6"); Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.616:39:58"); Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6"); Line Deleted : user_pref("extensions.delta_i.babExt", ""); Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119498&tsp=4983"); Line Deleted : user_pref("extensions.delta_i.srcExt", "ss"); Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=undefined&n=77fce6a5&ptnrS=ZOxpi000YY"); Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.initialized", true); Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.contextKey", ""); Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.installDate", "2013062821"); Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerId", "ZOxpi000YY"); Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerSubId", ""); Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.success", false); Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.toolbarId", "undefined"); Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.defaultSearch", false); Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.homePageEnabled", false); Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.keywordEnabled", false); Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.tabEnabled", false); Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.searchHistory", "Laetitia Griffith||norton antivirus||norton||govome verijderen||govome verwijderen"); Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.weather.location", "10001"); Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "utilitychest@mindspark.com"); ************************* AdwCleaner[R0].txt - [25350 octets] - [27/08/2013 22:35:27] AdwCleaner[s0].txt - [7168 octets] - [10/09/2013 19:43:44] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7228 octets] ########## zoals gezegd, lijkt hardnekkig probleem. ligt toch ergens in de algemen browser instellingen? - - - Updated - - - naast explorer ook via firefox niet bereikbaar.

uitgevoerd, geen verbetering, google nog niet bereikbaar,

helaas niet. via Yahoo gezocht. daarna aantal hits. bij aanklikken, error [h=2]Cannot find server or DNS Error Internet Explorer[/h]

de hostfile is aangepast. inhoudelijk ziet deze er nu veel groter uit. gr

dank voor de reactie. - java is geupdated - serv pack 3 kan ik nog niet installeren, wel geprobeerd - google wordt nog geblocked - ik mis wel de eerste drie regels in de Hijack This logfile gr John

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Databaseversie: v2013.09.09.06 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 gebruiker :: APPARTEMENT [administrator] 9-9-2013 19:54:34 mbam-log-2013-09-09 (19-54-34).txt Scan type: Volledige scan (C:\|D:\|E:\|) Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 278701 Verstreken tijd: 42 minuut/minuten, 40 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 15 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\Software\BabSolution\Redir (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\qvo6Software (PUP.Optional.qvo6.A) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 2 HKCU\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.8.0 -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.8.0 -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 5 C:\Documents and Settings\gebruiker\Application Data\SwvUpdater (PUP.Software.Updater) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\gebruiker\Local Settings\Temp\installdt.tmp\XPI (PUP.Optional.DefaultTab.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\gebruiker\Local Settings\Temp\installdt.tmp\XPI\defaulttab (PUP.Optional.DefaultTab.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\gebruiker\Local Settings\Temp\installdt.tmp\XPI\defaulttab\locale (PUP.Optional.DefaultTab.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\gebruiker\Local Settings\Temp\installdt.tmp\XPI\defaulttab\locale\en-US (PUP.Optional.DefaultTab.A) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 18 C:\Documents and Settings\gebruiker\Application Data\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\gebruiker\Local Settings\Temp\14r3WKhW.exe.part (PUP.Optional.OneClickDownloader.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\gebruiker\Local Settings\Temp\xpo8qXtB.exe.part (PUP.Optional.Softonic) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\gebruiker\Local Settings\Temp\eeIYl2bk.exe.part (PUP.Optional.Installex) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\gebruiker\Local Settings\Temp\EHQsK6rQ.exe.part (PUP.Optional.Vid) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\gebruiker\Local Settings\Temp\amt_qvo6.exe (PUP.Optional.Elex) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\gebruiker\Local Settings\Temp\awh1E.tmp (PUP.Optional.Amonetize) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\gebruiker\Local Settings\Temp\6FdauVv3.exe.part (PUP.Optional.OneClickDownloader.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\gebruiker\Local Settings\Temp\tmp2013163352\setup__1117.exe (PUP.Optional.Amonetize) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\gebruiker\Local Settings\Temp\tmp2013163352\setup__2071.exe (PUP.Optional.Amonetize) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\gebruiker\Local Settings\Temp\eIntaller\0FF77E73548C4e6288B8777729014F99\Desk365.exe (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\gebruiker\Local Settings\Temp\B98EFA6A-BAB0-7891-A54E-BB52709D2542\BabMaint.exe (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\gebruiker\Local Settings\Temp\B98EFA6A-BAB0-7891-A54E-BB52709D2542\BUSolution.dll (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\gebruiker\Application Data\SwvUpdater\Updater.xml (PUP.Software.Updater) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\gebruiker\Application Data\SwvUpdater\status.cfg (PUP.Software.Updater) -> Succesvol in quarantaine geplaatst en verwijderd. C:\WINDOWS\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Mozilla Firefox\browser\searchplugins\qvo6.xml (PUP.Optional.qvo6.A) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\gebruiker\Local Settings\Temp\installdt.tmp\XPI\defaulttab\locale\en-US\defaulttab.properties (PUP.Optional.DefaultTab.A) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) HijackThis Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 20:56:30, on 9-9-2013 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WinZipper\winzipersvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe C:\WINDOWS\TEMP\BAB8F3.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\gebruiker\My Documents\Downloads\virus-malw-sw\hijack This\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: WinZiper service (winzipersvc) - Taiwan Shui Mu Chih Ching Technology Limited. - C:\Program Files\WinZipper\winzipersvc.exe -- End of file - 6054 bytes

Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 15:13:54, on 6-9-2013 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) FIREFOX: 23.0.1 (en-US) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WinZipper\winzipersvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Desk 365\desk365.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\TEMP\FCCD47.EXE C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\gebruiker\My Documents\Downloads\HijackThis.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Delta Homes R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Advanced Web Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Delta Homes O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Coupon-Matcher BHO - {F0B3FA34-C3B2-4B72-B8FE-A4148C2FA663} - C:\Program Files\CouponMatcher\1.1\Extension.dll O3 - Toolbar: Coupon-Matcher - {AC5183D8-28A9-4A36-850D-8C8846855EED} - C:\Program Files\CouponMatcher\1.1\Extension.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Desk 365] "C:\Program Files\Desk 365\desk365.exe" /autorun O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: WinZiper service (winzipersvc) - Taiwan Shui Mu Chih Ching Technology Limited. - C:\Program Files\WinZipper\winzipersvc.exe O23 - Service: Wsys Service (WsysSvc) - Unknown owner - C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe (file missing) -- End of file - 7935 bytes mvg John Bernhard

Hallo allen, Ik kan google search niet meer openen. zowel niet met Firefox als wel Exporer. daarnaast kan ik geen enkele site meer openen als er in de url google voorkomt. het is begonnen met sites zoals govome en qv06 die constant er voor komen. ik heb van Norton internet security geinstalleerd. gr John