WheeledWarrior

Gebruikte tools opgeruimd. Alles draait weer netjes.

Na het uitvoeren van AdwCleaner is dit het logfile: # AdwCleaner v2.114 - Verslag gemaakt op 16/03/2013 om 10:33:50 # Geactualiseerd op 05/03/2013 door Xplode # Besturingssysteem : Windows Vista Home Premium Service Pack 2 (32 bits) # Gebruiker : Joost - PC_VAN_JOOST # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\Joost\Desktop\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\Conduit Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} ***** [browsers] ***** -\\ Internet Explorer v8.0.6001.19400 [OK] Het register bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[s1].txt - [1261 octets] - [16/03/2013 10:33:50] ########## EOF - C:\AdwCleaner[s1].txt - [1321 octets] ##########

Voor zover ik kan zien enkel nog een directory 'Disk Antivirus' in de programmalijst onder het Startmenu. Geen pop-ups meer en icoon op bureablad/programmabalk is verdwenen.

Dank kape, inmiddels is het toch gelukt met de nieuwe Java, ik draaide in veilige modus en het werkte eerst niet. Inmiddels is oude Java verwijderd en nieuwe geinstalleerd. Stap ccCleaner kan ik nu overslaan denk ik?

Bij het trachten verwijderen van de Oude Java software geeft hij melding 'kan geen toegang krijgen tot de windows installer service'. Mogelijk gevolg van eerdere systeemcrashes? Kan ik nu de nieuwe Java wel installeren of gaat dit niet?

Dankjewel Smeenk! Dit is het logje: Zoek.exe Version 4.0.0.2 Updated 14-March-2013 Tool run by Joost on do 14-03-2013 at 20:09:55,53. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Safe Mode NETWORK Internet Access Detected ==== Deleting Files \ Folders ====================== "C:\Users\Joost\AppData\Local\Temp\4a8771fd448e2dfd.exe" not found "C:\ProgramData\14CB5A805DC420F8000014CB45BC2808" deleted ==== HijackThis Entries ====================== R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKLM\..\Run: [sBRegRebootCleaner] "C:\Program Files\Ad-Aware Antivirus\SBRC.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - https://kantoor.boom.nl/CSHELL/extender.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

Welke options zal ik aanvinken? Of moet ik er juist geen aanvinken deze keer?

Zoek.exe gedraaid, dit is het logje: Zoek.exe Version 4.0.0.2 Updated 01-March-2013 Tool run by Joost on do 14-03-2013 at 17:19:17,78. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Safe Mode MINIMAL No Internet Access Detected ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\Joost\Desktop\zoek.exe C:\Windows\system32\wbem\wmiprvse.exe ==== Possible Rootkit Infection ====================== C:\Users\Joost\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L C:\Users\Joost\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U C:\Users\Joost\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ ==== Creating Sample_14-03-2013_1721.zip ====================== Copied file C:\Users\Joost\FCleaner_tcm7-83068.exe to sample sample\FCleaner_tcm7-83068.exe renamed to D09EA01B4E345DF70E103A1A6E9EC838 C:\Users\Public\Desktop\sample_14-03-2013_1721.zip created successfully ==== Reset Hosts File ====================== # Copyright © 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ::1 localhost ==== FireFox Fix ====================== ==== Deleting Files \ Folders ====================== "C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888" not found "C:\END" deleted "C:\Users\Joost\FCleaner_tcm7-83068.exe" deleted "C:\Users\Joost\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@" deleted "C:\$RECYCLE.BIN\S-1-5-21-2485572980-404986265-3530035989-1000\$ff24043d55f85ce9a20a8337d9b4b888\@" deleted "C:\$RECYCLE.BIN\S-1-5-21-2485572980-404986265-3530035989-1000\$ff24043d55f85ce9a20a8337d9b4b888\U\00000001.@" deleted "C:\$RECYCLE.BIN\S-1-5-21-2485572980-404986265-3530035989-1000\$ff24043d55f85ce9a20a8337d9b4b888\U\80000000.@" deleted "C:\$RECYCLE.BIN\S-1-5-21-2485572980-404986265-3530035989-1000\$ff24043d55f85ce9a20a8337d9b4b888\U\800000cb.@" deleted "C:\Users\Joost\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}" deleted "C:\$RECYCLE.BIN\S-1-5-21-2485572980-404986265-3530035989-1000\$ff24043d55f85ce9a20a8337d9b4b888" deleted "C:\Users\Joost\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L" deleted "C:\Users\Joost\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U" deleted "C:\$RECYCLE.BIN\S-1-5-21-2485572980-404986265-3530035989-1000\$ff24043d55f85ce9a20a8337d9b4b888\L" deleted "C:\$RECYCLE.BIN\S-1-5-21-2485572980-404986265-3530035989-1000\$ff24043d55f85ce9a20a8337d9b4b888\U" deleted "C:\ProgramData\boost_interprocess" deleted ==== Registry Search Results for "$ff24043d55f85ce9a20a8337d9b4b888" ====================== No instances of string "$ff24043d55f85ce9a20a8337d9b4b888" found. ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-03-14 14:17:39 B68770B9ED42428A11DE53796EC46BB0 710504 ----a-w- C:\Windows\is-HKR65.exe 2013-03-14 14:17:39 1AAEEBED79940A3591061B241A4F70EF 12513 ----a-w- C:\Windows\is-HKR65.msg 2013-03-14 14:17:39 14DADCC580758287CA7D5620A28182E6 379 ----a-w- C:\Windows\is-HKR65.lst ====== C:\Users\Joost\AppData\Local\Temp ==== 2013-03-13 17:14:51 9B303C23333FD96285FC8AFB5274BBB1 270 ----a-w- C:\Users\Joost\AppData\Local\Temp\4a8771fd448e2dfd.exe ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== 2013-03-14 15:49:16 0DB7527DB188C7D967A37BB51BBF3963 40776 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys 2013-02-18 20:00:15 687AF6BB383885FF6A64071B189A7F3E 242240 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2013-02-13 21:40:11 74E2D020C47BB2B2FCCBA29A518A7EB4 905576 ----a-w- C:\Windows\System32\drivers\tcpip.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-03-01 17:56:55 -------- d-----w- C:\Program Files\DOSBox-0.74 2013-02-18 20:29:58 -------- d-----w- C:\Program Files\Common Files\Control Panels 2013-02-18 20:27:56 -------- d-----w- C:\Program Files\Bonjour 2013-02-18 20:17:20 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared 2013-02-18 20:00:06 -------- d-----w- C:\Program Files\DAEMON Tools Lite 2013-02-16 10:53:46 -------- d-----w- C:\Program Files\Vuze ======= C: ===== ====== C:\Users\Joost\AppData\Roaming ====== 2013-03-01 17:57:16 -------- d-----w- C:\users\Joost\AppData\Local\DOSBox 2013-02-18 20:00:09 -------- d-----w- C:\users\Joost\AppData\Roaming\DAEMON Tools Lite 2013-02-16 10:53:48 -------- d-----w- C:\users\Joost\AppData\Roaming\Azureus ====== C:\Users\Joost ====== 2013-03-13 17:16:00 -------- d-----w- C:\ProgramData\14CB5A805DC420F8000014CB45BC2808 2013-02-18 19:58:12 -------- d-----w- C:\ProgramData\DAEMON Tools Lite 2013-02-18 19:41:44 -------- d-----w- C:\Users\Public\CyberLink 2013-02-16 10:54:22 -------- d-----w- C:\Users\Joost\.swt ====== C: exe-files == 2013-03-13 17:14:51 9B303C23333FD96285FC8AFB5274BBB1 270 ----a-w- C:\Users\Joost\AppData\Local\temp\4a8771fd448e2dfd.exe === C: other files == 2013-03-14 16:21:17 1BBD75664657F11173E24AD513F8E6CE 1747001 ----a-w- C:\Users\Public\Desktop\sample_14-03-2013_1721.zip 2013-03-14 15:49:16 0DB7527DB188C7D967A37BB51BBF3963 40776 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys 2013-03-13 17:09:37 F2D85BD2370172C5CA73A17F2173D294 1489 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313170245-l[1].zip 2013-03-13 17:09:37 012D8F70C5A85CA3D6F3E7FA48F9DA88 1118 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313170245-m[1].zip 2013-03-13 16:57:28 EEF78CBC8A44B7F07B9818D95BE2293B 787 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313163157-l[1].zip 2013-03-13 16:57:28 06865F44709510A61987877E1910D420 3619 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313163157-m[1].zip 2013-03-13 16:57:28 03B63EF00F36F6C7855AB545FE46E566 1235 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313160108-m[1].zip 2013-03-13 16:57:26 FF83415FE778B06ECDF092DA6D9C4EF9 2233 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313160108-l[1].zip 2013-03-13 16:57:26 E59A7E13128099F6AD5FF1450D8223C2 473 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313153021-l[1].zip 2013-03-13 16:57:26 B73B33500FC7EAE9DF9CF212448357AA 275 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313153021-m[1].zip 2013-03-13 16:57:25 E1DC85F0ADDD40D0EC5E0E07FFF8D70C 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313142844-m[1].zip 2013-03-13 16:57:25 B39FB195564F3D5FB85EE96B73B68A8A 497 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313135756-m[1].zip 2013-03-13 16:57:25 A7B30EEC40947BF53450743E3B3C9B49 5450 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313145933-m[1].zip 2013-03-13 16:57:25 9E3833D6472BED9691C82748E2B81B69 709 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313142844-l[1].zip 2013-03-13 16:57:25 970E62D3BF25C0BE8C752F6EC5E01284 1166 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313135756-l[1].zip 2013-03-13 16:57:25 682516DA628B891B99059D9138C2BAA2 481 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313132706-m[1].zip 2013-03-13 16:57:25 51A136F7F2C4F4761F65061C227ED9C5 220 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313145933-l[1].zip 2013-03-13 16:57:25 4E068F5097AC8F10FA96968BB69AF031 1037 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313132706-l[1].zip 2013-03-13 16:57:24 EB744F0F9465FBD2D2EB7A772FD562B3 349 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313112356-m[1].zip 2013-03-13 16:57:24 CA8E50BC586A9C24B302DC635A44953D 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313115443-m[1].zip 2013-03-13 16:57:24 BBCE4DE733459C3F77227334ED21D23C 224 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313115443-l[1].zip 2013-03-13 16:57:24 B088758CDB7EEB581ED3218CCBBF49D1 500 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313122532-l[1].zip 2013-03-13 16:57:24 87D26C52366C18550C56E68AB9C8565B 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313125619-m[1].zip 2013-03-13 16:57:24 7C2203E9A56F0C4D56A7C51F403EEEDD 476 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313122532-m[1].zip 2013-03-13 16:57:24 6F837B2C2049C9672F7520B48D492EDF 768 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313112356-l[1].zip 2013-03-13 16:57:24 5E779B6F0F45EB1B7075A705283ED1DA 657 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313125619-l[1].zip 2013-03-13 16:57:23 E7AC3E18C770FB6E0465211EABE74021 238 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313102220-m[1].zip 2013-03-13 16:57:23 E17E0F15880FC5907179F172BD00535B 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313105308-m[1].zip 2013-03-13 16:57:23 C75F23CCF8E91E445578E60866833D68 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313095132-l[1].zip 2013-03-13 16:57:23 98C12E6D7C86913546BF47EFE71D45C0 866 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313105308-l[1].zip 2013-03-13 16:57:23 5534DF727A986E77ADA25EDBD8AFE615 972 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313095132-m[1].zip 2013-03-13 16:57:23 1ED07A4A481308BBF0CEED4532552591 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313092043-m[1].zip 2013-03-13 16:57:23 1C36E40927EF17A76878F8900FBA9766 1222 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313102220-l[1].zip 2013-03-13 16:57:22 C5F74FC5E53A0AB4712B3088E5BD8232 2171 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313081906-m[1].zip 2013-03-13 16:57:22 C0AC62DCE9143D6BBD94A0E964FBAAE1 216 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313084955-l[1].zip 2013-03-13 16:57:22 93A80705822F8DB883D75E4ECD04A148 277 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313084955-m[1].zip 2013-03-13 16:57:22 590105DA862C24FF9A114C620C2A9BF7 845 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313071730-m[1].zip 2013-03-13 16:57:22 3B0B283CC50F79547FCA91A92E17337E 994 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313074817-l[1].zip 2013-03-13 16:57:22 28C8C73C919FBB3CF335D98112DC7ABF 380 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313074817-m[1].zip 2013-03-13 16:57:22 22D18915B989B3943D57446C22EA6719 993 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313081906-l[1].zip 2013-03-13 16:57:22 0664E54B5BC71A8C8BAC73DAA42C440B 897 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313092043-l[1].zip 2013-03-13 16:57:21 EEC925F7B85821E2E05DF58D51A9123B 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313064454-m[1].zip 2013-03-13 16:57:21 D20E3D6A43FA087DBB31A5F8F339C87E 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313054318-m[1].zip 2013-03-13 16:57:21 BCB0FF028C1608CD053E92B76A98819D 917 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313061405-l[1].zip 2013-03-13 16:57:21 7B82B826AAFBAFF6AE5C5F00BB5EB557 287 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313061405-m[1].zip 2013-03-13 16:57:21 768C04BE09B5BABC230E39A08AAE1D46 563 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313064454-l[1].zip 2013-03-13 16:57:21 4C64D99FA8250AC274F463B482204ECB 1033 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313071730-l[1].zip 2013-03-13 16:57:21 0A5E58CD0A0AF3FE2B7CD09FD1F52E70 228 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313054318-l[1].zip 2013-03-13 16:57:20 CD1CB55B77621BF5EF4DDDEE635462CE 257 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313041054-m[1].zip 2013-03-13 16:57:20 ACC2ED24E4E3E3FDC20B30EE19A5FC7E 432 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313044142-m[1].zip 2013-03-13 16:57:20 9C869D8CB30B969CDDD5FD87CA4BB3BC 737 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313034000-m[1].zip 2013-03-13 16:57:20 6E0C203829503E42BF23B59955A0DE94 1070 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313041054-l[1].zip 2013-03-13 16:57:20 618A5C1AB0CC2C4859E6E0992B87B08C 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313051231-m[1].zip 2013-03-13 16:57:20 596863F5C7B31E5FBE1FDC27A928FE5C 1550 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313034000-l[1].zip 2013-03-13 16:57:20 3475ADAEB94757D528DC3660ABC53FC7 1613 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313044142-l[1].zip 2013-03-13 16:57:20 22057FC305A3D7BE50456663CD99BBC6 767 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313051231-l[1].zip 2013-03-13 16:57:19 E186AFAB62C31B020B4FF7421B589A54 309 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313023821-l[1].zip 2013-03-13 16:57:19 952003F343265C91ABDF5D2BCBBCB1B1 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313023821-m[1].zip 2013-03-13 16:57:19 5D83804467E339F3F23A211AED63EDFA 3584 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313020733-m[1].zip 2013-03-13 16:57:19 4E58A186F37502ABE450CC6499FCCAEC 2167 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313030911-m[1].zip 2013-03-13 16:57:19 3158C44ABA40F0E1D89A754D941C4F0C 473 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313030911-l[1].zip 2013-03-13 16:57:19 1EB396A410CEC8589C2A0969840BD565 679 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313020733-l[1].zip 2013-03-13 16:57:18 F3F6B363699315E77CADB2D5D9ED0862 1911 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313010546-m[1].zip 2013-03-13 16:57:18 D05096D8579D01983C2DB9BCED3BEA55 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313013641-m[1].zip 2013-03-13 16:57:18 C0DAD5CE5FD14D11F0B687DF27E19A3A 2166 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313000408-m[1].zip 2013-03-13 16:57:18 9802686FFE07B28C64CACFB115B2844C 264 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313003457-m[1].zip 2013-03-13 16:57:18 7902C2E0F81B9166B57AA66AD548C30F 1896 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313003457-l[1].zip 2013-03-13 16:57:18 6D0D565B47A9ADECAE8FC36CF654BA3E 2778 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313013641-l[1].zip 2013-03-13 16:57:18 36353C4F17E1E721E07AAB75CA010077 1065 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313010546-l[1].zip 2013-03-13 16:57:17 DD7CD998482FC43D13262E10385924F5 3155 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130312233320-l[1].zip 2013-03-13 16:57:17 BCEA7D998ACA06474DD8361BFDB4AB46 272 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130312230232-m[1].zip 2013-03-13 16:57:17 79CA234C3D5FB94352BD82218B158A9E 998 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130312233320-m[1].zip 2013-03-13 16:57:17 3122AA8722F5D6A302F90BC91E911ED1 1661 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313000408-l[1].zip 2013-03-13 16:57:16 F034B3DBA7DEF0EA37D73E48C7ADEFB4 1797 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130312223145-m[1].zip 2013-03-13 16:57:16 B94FEF16CDC033B516EE89D0A2F232F2 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130312230232-l[1].zip 2013-03-13 16:57:08 AB13EAA30F8EBC2DBFB312BAD8577013 3514 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130312223145-l[1].zip 2013-03-13 16:56:43 012D8F70C5A85CA3D6F3E7FA48F9DA88 1118 ----a-w- C:\Users\Joost\AppData\Local\adaware\data\temp.zip 2013-03-12 22:09:06 DF24089554CB69DFA3F2BDDC79CA4C04 1013 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\HIW7TEYQ\130312220055-m[1].zip 2013-03-12 22:09:06 92B6A27C05BC3819AE5F71EF7558D720 293 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\HGLVEDPX\130312220055-l[1].zip 2013-03-12 21:44:25 70DEC0CFE1FEC4B7D73E3E218FCE86EC 430 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\G3VVJCNL\130312213000-m[1].zip 2013-03-12 21:44:25 226D3E7EA4BE8CA295C2A55ABA5D4C71 1526 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\B9HBHQ5O\130312213000-l[1].zip 2013-03-12 20:34:05 88FC0F45A0184007510A223EBBB24EA3 3021 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\B9HBHQ5O\130312202800-l[1].zip 2013-03-12 20:34:05 58175122715291EAB832639353332645 17176 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\HIW7TEYQ\130312202800-m[1].zip 2013-03-12 19:40:12 F90887B5FC6847FAE4C996E438B93CC0 1846 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\HGLVEDPX\130312192626-l[1].zip 2013-03-12 19:40:12 D7B207A163769A9C4411BD26A09D423A 6730 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\HIW7TEYQ\130312182453-m[1].zip 2013-03-12 19:40:12 7F9BE994FD22727ABD8D0F2EC0048B2A 4122 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\G3VVJCNL\130312192626-m[1].zip 2013-03-12 19:40:11 ADD3F274FF2B2E2DC4A631A26C08C5A5 1596 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\HGLVEDPX\130312162157-l[1].zip 2013-03-12 19:40:11 8C64BD8E37CF955D3C5CDD074783F56D 2960 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\HGLVEDPX\130312172326-l[1].zip 2013-03-12 19:40:11 353990FC485A969C28489188B56F5696 5521 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\HIW7TEYQ\130312162157-m[1].zip 2013-03-12 19:40:11 1C1739F5A195C46F3154031942B569A3 956 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\B9HBHQ5O\130312182453-l[1].zip 2013-03-12 19:40:11 0091340007F13D6B752F9E6816DC3B96 2491 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\G3VVJCNL\130312172326-m[1].zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2485572980-404986265-3530035989-1000\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript" "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" "ConnectionCenter"="C:\Program Files\Citrix\ICA Client\concentr.exe /startup" "Ad-Aware Browsing Protection"="C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" "SBRegRebootCleaner"="C:\Program Files\Ad-Aware Antivirus\SBRC.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware (cleanup)"="rundll32.exe C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll,ProcessCleanupScript" "Malwarebytes Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent" "InnoSetupRegFile.0000000001"="C:\Windows\is-HKR65.exe /REG /REGSVRMODE" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun" ==== Startup Folders ====================== 2011-05-10 13:15:35 1972 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job --a------ C:\PROGRA1\AD-AWA1\AdAwareLauncher.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04-10-2009 20:10] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04-10-2009 20:10] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6CE87B1C-AE5D-4B37-BF39-7031264C1BAC}" {054868BB-0020-4F15-B478-E9463401FAD2} Yahoo//nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" {6CE87B1C-AE5D-4B37-BF39-7031264C1BAC} AOL Zoeken Url="{searchTerms} - AOL Search resultaten" {83EF0119-82F1-402B-8960-89647F78448A} Kelkoo Url="http://nl.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913935" ==== Reset Google Chrome ====================== Nothing found to reset ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2485572980-404986265-3530035989-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully HKEY_USERS\S-1-5-21-2485572980-404986265-3530035989-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully HKEY_CLASSES_ROOT\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2485572980-404986265-3530035989-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully ==== shortcuts on Users Desktops ====================== C:\Users\Joost\Desktop\InDesign.lnk - C:\Program Files\Adobe\Adobe InDesign CS3\InDesign.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk - C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Users\Public\Desktop\DOSBox 0.74.lnk - C:\Program Files\DOSBox-0.74\DOSBox.exe -userconf C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Public\Desktop\Vuze.lnk - C:\Program Files\Vuze\Azureus.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk - C:\Program Files\Adobe\Adobe Bridge CS3\Bridge.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk - C:\Program Files\Adobe\Adobe Utilities\ExtendScript Toolkit 2\ExtendScript Toolkit 2.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS3.lnk - C:\Program Files\Adobe\Adobe InDesign CS3\InDesign.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk - C:\Program Files\Adobe\Adobe Stock Photos CS3\Adobe Stock Photos CS3.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk - C:\Program Files\Vuze\Azureus.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Ad-Aware Antivirus.lnk - C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Uninstall Ad-Aware Antivirus.lnk - C:\Windows\System32\msiexec.exe /x {fc8208f2-b1c1-4253-9e89-d518e983b7bb} /qf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DTGadget.lnk - C:\Program Files\DAEMON Tools Lite\DT.gadget C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk - C:\Program Files\DAEMON Tools Lite\SPTDinst-x86.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\DOSBox 0.74 Manual.lnk - C:\Program Files\DOSBox-0.74\Documentation\README.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\DOSBox 0.74.lnk - C:\Program Files\DOSBox-0.74\DOSBox.exe -userconf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Extras\DOSBox 0.74 (noconsole).lnk - C:\Program Files\DOSBox-0.74\DOSBox.exe -noconsole -userconf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Extras\Screenshots & Recordings.lnk - C:\Program Files\DOSBox-0.74\DOSBox.exe -opencaptures explorer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Extras\Uninstall.lnk - C:\Program Files\DOSBox-0.74\uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Extras\Video\Install movie codec.lnk - C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 128 C:\Program Files\DOSBox-0.74\Video Codec\zmbv.inf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Extras\Video\Video instructions.lnk - C:\Program Files\DOSBox-0.74\Video Codec\Video Instructions.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Options\DOSBox 0.74 Options.lnk - C:\Program Files\DOSBox-0.74\DOSBox.exe -editconf notepad.exe -editconf "C:\Windows\system32\notepad.exe" -editconf "C:\Windows\notepad.exe" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Options\Reset KeyMapper.lnk - C:\Program Files\DOSBox-0.74\DOSBox.exe -erasemapper C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Options\Reset Options.lnk - C:\Program Files\DOSBox-0.74\DOSBox.exe -eraseconf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm ==== shortcuts in Quick Launch ====================== C:\Users\Joost\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk - C:\Program Files\Vuze\Azureus.exe ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully After Reboot ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Joost\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

MBAM geupdate en gedraaid, echter bij het verwijderen van de besmette bestanden (11 stuks) loopt deze vast, waardoor deze geen log opslaat. Wel een nieuw Hijackthis logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:40:51, on 14-3-2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19400) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Users\Joost\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKLM\..\Run: [sBRegRebootCleaner] "C:\Program Files\Ad-Aware Antivirus\SBRC.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [innoSetupRegFile.0000000001] "C:\Windows\is-HKR65.exe" /REG /REGSVRMODE O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - https://kantoor.boom.nl/CSHELL/extender.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- End of file - 7824 bytes

Hallo allemaal, Sinds gisteravond heb ik een rogue anti-virus programma op mijn laptop: Disk Antivirus Professional. Ik krijg nu telkens pop-ups met valse virusmeldingen en diverse programma's werken niet (goed) meer. Onderstaand Hijackthis-logje. Hopelijk kan iemand mij verder helpen. Dank! ------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:10:23, on 14-3-2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19400) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Users\Joost\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKLM\..\Run: [sBRegRebootCleaner] "C:\Program Files\Ad-Aware Antivirus\SBRC.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\RunOnce: [14CB5A805DC420F8000014CB45BC2808] C:\ProgramData\14CB5A805DC420F8000014CB45BC2808\14CB5A805DC420F8000014CB45BC2808.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-NL\local\search.html O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - https://kantoor.boom.nl/CSHELL/extender.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- End of file - 8097 bytes

Hij start weer normaal op, met zo te zien geen gekke bestanden meer in de opstartprocedure!

Hallo, Mijn Windows Vista loopt sinds vanmiddag elke keer direct vast na het opstarten. Als ik een icoontje aanklik op het bureaublad loopt 'toepassing Windows' vast. Ik heb opgestart in veilige modus en een scan met MBAM gedaan en daarna HijackThis. Hopelijk weet iemand hoe ik dit kan oplossen. Hieronder de logjes: Groet, Joost MBAM: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Databaseversie: v2012.06.26.08 Windows Vista Service Pack 2 x86 NTFS (Veilige modus) Internet Explorer 8.0.6001.19298 Joost :: PC_VAN_JOOST [administrator] 11-9-2012 17:26:53 mbam-log-2012-09-11 (17-26-53).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 222554 Verstreken tijd: 9 minuut/minuten, 34 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) HijackTHis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:37:18, on 11-9-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19298) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Users\Joost\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ukyhiwyhw] C:\Users\Joost\AppData\Roaming\Irsiiv\qeany.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-NL\local\search.html O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - https://kantoor.boom.nl/CSHELL/extender.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- End of file - 7556 bytes

Na een scan met AdAware lijkt de boel inmiddels opgelost. Ik heb nog wel even een nieuw logje gemaakt voor de zekerheid: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:31:43, on 27-6-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19272) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\AD-AWA~1\AdAware.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe c:\program files\aol\aol toolbar 5.0\AolTbServer.exe C:\Users\Joost\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-NL\local\search.html O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - https://kantoor.boom.nl/CSHELL/extender.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- End of file - 8177 bytes

Hallo, Na Hijackthis en MBAM de volgende logjes: MBAM: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Databaseversie: v2012.06.26.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19272 Joost :: PC_VAN_JOOST [administrator] 27-6-2012 19:18:12 mbam-log-2012-06-27 (19-18-12).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 220397 Verstreken tijd: 7 minuut/minuten, 17 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Hijackthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:26:46, on 27-6-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19272) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe c:\program files\aol\aol toolbar 5.0\AolTbServer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Joost\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Xoriohxu] C:\Users\Joost\AppData\Roaming\Fiipw\evsu.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - https://kantoor.boom.nl/CSHELL/extender.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- End of file - 7760 bytes

Hallo, Na problemen met online bankieren maar eens het systeem gescand en daarin kom ik (weer) vreemde zaken tegen. Diverse spyware reeds verwijderd maar enkele blijven hardnekkig aanwezig. Hieronder een Hijackthis logje dat ik zojuist heb gemaakt. Hopelijk kan iemand mij verder helpen. Groet, Joost ------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:11:13, on 26-6-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19272) Boot mode: Normal Running processes: C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe c:\program files\aol\aol toolbar 5.0\AolTbServer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Joost\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Xoriohxu] C:\Users\Joost\AppData\Roaming\Fiipw\evsu.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-NL\local\search.html O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing) O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - https://kantoor.boom.nl/CSHELL/extender.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- End of file - 8023 bytes

ComboFix is verwijderd. Zo te zien ook geen gekkigheden meer in de opstartprocedure. Op C: staat nu wel opeens een map 32788R22FWJFW maar dat zal met de uninstall van ComboFix te maken hebben?

Kan ik de opdracht Combofix /uninstall gewoon typen in het venster 'uitvoeren'?

ComboFix gedraaid, onderstaand log. Ik zie zowel op C: als D: de directory $Recycle.bin verschijnen, hoort dat bij het opschoonproces? ComboFix 12-04-26.01 - Joost 26-04-2012 20:19:44.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3038.2314 [GMT 2:00] Gestart vanuit: c:\users\Joost\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Joost\AppData\Local\assembly\tmp c:\users\Joost\AppData\Local\Windows Server c:\users\Joost\AppData\Local\Windows Server\flags.ini c:\users\Joost\AppData\Local\Windows Server\server.dat c:\users\Joost\AppData\Local\Windows Server\uses32.dat . . . (((((((((((((((((((( Bestanden Gemaakt van 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))) . . 2012-04-26 18:29 . 2012-04-26 18:34 -------- d-----w- c:\users\Joost\AppData\Local\temp 2012-04-26 18:29 . 2012-04-26 18:29 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-04-26 18:29 . 2012-04-26 18:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-24 13:54 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1B80B67-3E9B-43C9-8846-03EEEEA7741A}\mpengine.dll 2012-04-23 15:48 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-23 15:48 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll 2012-04-23 15:48 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-23 15:48 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-23 15:48 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-23 15:48 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-18 16:03 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-17 23:24 . 2012-04-17 23:26 -------- d-----w- c:\windows\system32\MpEngineStore . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-23 08:18 . 2009-12-01 22:25 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-14 15:45 . 2012-03-14 10:58 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-02-14 15:45 . 2012-03-14 10:58 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-02-13 14:12 . 2012-03-14 10:58 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-02-13 13:47 . 2012-03-14 10:58 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-02-13 13:44 . 2012-03-14 10:58 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-02-02 15:16 . 2012-03-14 10:58 2044416 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "MRT"="c:\windows\system32\MRT.exe" [2012-04-16 55154568] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe [2008-06-27 77824] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs wnrjwhko ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 19:10] . 2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 19:10] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = <local> IE: &AOL-werkbalk Zoeken - c:\programdata\AOL\ieToolbar\resources\nl-NL\local\search.html IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 213.46.228.196 62.179.104.196 . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-PokerStars.net - c:\program files\PokerStars.NET\PokerStarsUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-04-26 20:33 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(1376) c:\windows\system32\btncopy.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\Hpservice.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe c:\program files\SMINST\BLService.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe . ************************************************************************** . Voltooingstijd: 2012-04-26 20:42:04 - machine werd herstart ComboFix-quarantined-files.txt 2012-04-26 18:41 ComboFix2.txt 2011-05-09 14:17 ComboFix3.txt 2010-08-20 13:24 . Pre-Run: 214.721.638.400 bytes beschikbaar Post-Run: 215.416.369.152 bytes beschikbaar . - - End Of File - - 322018C18A37C0817BCF2D862C0C2FEE

Heb na tips op ander forum eerst de tijdelijke internetfiles verwijderd + de cookies. Daarna deze scanner gedraaid: Microsoft Safety Scanner - Gratis online hulpprogramma voor optimale prestaties en beveiliging (volledige scan), vervolgens Download Malwarebytes' Anti-Malware for free - Fileforum gedownload en gedraaid (volledige scan). Zover was ik gekomen en dat leverde bovenstaande MBAM-log en HijackThis log op (zie vorige post). Directory Kokahox staat nog steeds op pc, maar niet meer in opstartproces.

Geen probleem! Ik had inmiddels vraag ook op n ander forum neergelegd maar loop daar nu even 'vast'. Wel heb ik reeds Live Scanner en MBAM over de pc gehaald en het nodige spul opgeruimd. Daarna heb ik de volgende logjes overgehouden: MBAM: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Databaseversie: v2012.04.18.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19190 Joost :: PC_VAN_JOOST [administrator] 18-4-2012 18:06:18 mbam-log-2012-04-18 (18-06-18).txt Scantype: Volledige scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 419864 Verstreken tijd: 1 uur/uren, 18 minuut/minuten, 37 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 2 HKCU\SOFTWARE\5GUTNY6MFK (Trojan.FakeAlert.SA) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\Software\R8388QA8U8 (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{8E33F7B6-6141-159D-90A6-52E1ACEC1927} (Trojan.ZbotR.Gen) -> Data: C:\Users\Joost\AppData\Roaming\Kokahox\reibpuu.exe -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 2 C:\zrpt.xml (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job (Trojan.FraudPack) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Hijack: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:33:52, on 18-4-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19190) Boot mode: Normal Running processes: C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe c:\program files\aol\aol toolbar 5.0\AolTbServer.exe C:\Windows\system32\wuauclt.exe C:\Users\Joost\Desktop\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-NL\local\search.html O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing) O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - https://kantoor.boom.nl/CSHELL/extender.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- End of file - 7359 bytes

Hallo, De laatste tijd is mijn pc weer erg traag, bovendien constateerde ik allerlei vreemde directories op de C-schijf (Kokahox?) die leeg lijken te zijn maar schijnbaar wel in het opstartproces meedraaien. Ik vermoed dat dit de bron is van alle ellende. Dit is het Hijack logje wat ik heb gemaakt: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:01:16, on 16-4-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19190) Boot mode: Normal Running processes: C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\taskeng.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R O4 - HKCU\..\Run: [{8E33F7B6-6141-159D-90A6-52E1ACEC1927}] C:\Users\Joost\AppData\Roaming\Kokahox\reibpuu.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-NL\local\search.html O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing) O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - https://kantoor.boom.nl/CSHELL/extender.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- End of file - 7379 bytes

CCleaner geinstalleerd en uitgevoerd. Alles lijkt weer redelijk goed te draaien. Wel geeft de pc sinds vandaag bij het opstarten telkens een melding of ik het programma MRT.exe wil uitvoeren. Aangezien ik niet zeker weet of dit veilig is telkens annuleren geklikt. Ik heb nog een nieuw logje gemaakt met Hijackthis (zie hieronder) en daarin komt het ook voor. In antwoord op vraag vorige pagina over printer: ik heb een HP PSC 4100 series. Software (Solution Center) opent niet meer, geeft aan 'geen HP-apparaten gevonden'. Een herinstallatie helpt niet. Printer print/kopieert wel gewoon, scannen gaat evenwel niet meer. Hijackthis logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:08:39, on 12-5-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19048) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - Alles op een rijtje! (ook op mobiel) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-NL\local\search.html O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - https://kantoor.boom.nl/CSHELL/extender.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- End of file - 6928 bytes

Ook in veilige modus kan ik de map niet verwijderen, hij blijft melden dat ik niet gemachtigd ben. Is het een groot probleem als deze map gewoon blijft staan of kan ik ook verdergaan met de volgende stap en CCleaner draaien?

Ook dit geeft alweer problemen. Het bestand van bureaublad opruimen lukt wel, maar ik ben niet gemachtigd de map Qoobox manueel te verwijderen. Ik heb reeds geprobeerd de instellingen van de map aan te passen zodat dit wel lukt, maar ook dit helpt niet (hij geeft oa problemen bij het gemachtigd maken van de submap BackEnv).

Hij blijft zeggen dat het bestand ComboFix niet gevonden kan worden, dit terwijl het bestand wel degelijk op het bureaublad staat en ook de map Qoobox nog aanwezig is op de pc. Ook in veilige modus krijg ik deze foutmelding.