Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Mijn machine is besmet!

None
13 antwoorden
  • Ik heb een verslag van HiJackThis, wat dien ik te verwijderen? Bedankt.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:22:12 AM, on 12/12/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.7930.16406)
    Boot mode: Safe mode

    Running processes:
    C:\Users\maanvol\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mirostart.com/?cfg=2-365-0-0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~2\SEARCH~1\SEARCH~1.DLL
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
    O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - (no file)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    O2 - BHO: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - (no file)
    O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\SPEEDB~1\Toolbar\grabber.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    O3 - Toolbar: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - (no file)
    O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
    O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files (x86)\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=053010 serial=wo12wrx-0000043-sgj lang=EN
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
    O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\maanvol\Program Files (x86)\DNA\btdna.exe"
    O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
    O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{888637D5-4078-4464-A5A9-2F0203DA70EB}: NameServer
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe
    O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
    O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
    O23 - Service: Printer Control - Unknown owner - C:\Windows\system32\PrintCtrl.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TrafMeter 10.2.566 (TrafSvc) - Unknown owner - C:\Program Files\TrafMeter\TrafSvc.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 13233 bytes
  • Ik zie een hoop rommel, beter wachten op de expert, maar in ieder geval is je hosts file corrupt, zie deze

    [b:bb57d4b420]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
    [/b:bb57d4b420]
  • Hoi maanvol, voordat ik met je begin, wil ik graag een aantal vragen beantwoord hebben!


    a) Heb jij van Iobit Advanced System Care geïnstalleerd en mogelijk ook andere Iobit programma's?

    Want je hebt o.a. de ConduitToolbar nu en die staat bekend als hoogst dubieus!


    b) Waarom heb je HijackThis in Veilige modus opsgestart?
  • Ik weet niet of ik 'Iobit Advanced System Care' zelf heb genomen, of dat het bij een ander programma mee is gekomen – ik gebruik het nimmer, en weet niet eens waar het voor wordt toegepast.

    'Safe mode', is 'een gewoonte' van mij. Ooit heb ik vernomen dat bepaalde programma's zich in 'safe mode' beter laten verwijderen.
  • In safe mode ben je dus slechter beveiligd, dus daarom waarschijnlijk dat je behoorlijk besmet bent geraakt!

    Ik wil graag dat je gewoon opstart en dan mnogmaals een log maakt en post!
  • 'Safe mode', heb ik slechts bij het willen verwijderen van de pest, gewoonlijk gebruik ik de computer bij 'normal mode'. Ik heb al het ongewenste spul binnengekregen bij het installeren van de browser 'chrome' – van een verkeerde site gedownload.

    Mest recent rapport van 'HijackThis':


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:03:34 AM, on 12/13/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.7930.16406)
    Boot mode: Normal

    Running processes:
    C:\Program Files\TrafMeter\TrafMonitor.exe
    C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
    C:\Users\tosh\Program Files (x86)\DNA\btdna.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
    C:\Program Files (x86)\PC Tools Security\pctsGui.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Users\maanvol\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mirostart.com/?cfg=2-365-0-0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer

    \BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~2\SEARCH~1\SEARCH~1.DLL
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
    O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - (no file)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE

    \PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    O2 - BHO: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - (no file)
    O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\SPEEDB~1\Toolbar\grabber.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    O3 - Toolbar: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - (no file)
    O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
    O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
    O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files (x86)\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12"

    /date=053010 serial=wo12wrx-0000043-sgj lang=EN
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink

    \PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
    O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
    O4 - HKLM\..\Run: [MediaButtons] C:\Program Files (x86)\Trigem\MediaButtons\MediaButtons.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
    O4 - HKCU\..\Run: [PowerSuite] "C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe" delay 20000 -m
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\maanvol\Program Files (x86)\DNA\btdna.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office

    \Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{888637D5-4078-4464-A5A9-2F0203DA70EB}: NameServer
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe
    O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
    O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher

    \FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader

    \1.0\NitroPDFReaderDriverServicex64.exe
    O23 - Service: Printer Control - Unknown owner - C:\Windows\system32\PrintCtrl.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TrafMeter 10.2.566 (TrafSvc) - Unknown owner - C:\Program Files\TrafMeter\TrafSvc.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player

    \wmpnetwk.exe (file missing)


    End of file - 13767 bytes
  • Post het log opnieuw, maar zorg er eerst voor dat je in Kladblok dit doet:

    klik in de menublak op "Opmaak" en haal dan het vinkje weg bij "Automatische terugloop"!
  • Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:03:34 AM, on 12/13/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.7930.16406)
    Boot mode: Normal

    Running processes:
    C:\Program Files\TrafMeter\TrafMonitor.exe
    C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
    C:\Users\tosh\Program Files (x86)\DNA\btdna.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
    C:\Program Files (x86)\PC Tools Security\pctsGui.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Users\maanvol\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mirostart.com/?cfg=2-365-0-0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~2\SEARCH~1\SEARCH~1.DLL
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
    O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - (no file)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    O2 - BHO: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - (no file)
    O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\SPEEDB~1\Toolbar\grabber.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    O3 - Toolbar: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - (no file)
    O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
    O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
    O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files (x86)\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=053010 serial=wo12wrx-0000043-sgj lang=EN
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
    O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
    O4 - HKLM\..\Run: [MediaButtons] C:\Program Files (x86)\Trigem\MediaButtons\MediaButtons.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
    O4 - HKCU\..\Run: [PowerSuite] "C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe" delay 20000 -m
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\maanvol\Program Files (x86)\DNA\btdna.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{888637D5-4078-4464-A5A9-2F0203DA70EB}: NameServer
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe
    O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
    O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
    O23 - Service: Printer Control - Unknown owner - C:\Windows\system32\PrintCtrl.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TrafMeter 10.2.566 (TrafSvc) - Unknown owner - C:\Program Files\TrafMeter\TrafSvc.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 13767 bytes
  • Hoi maanvol, dank je, nu was het log makkelijk te analyseren.

    Hieronder staan de eerste stappen vermeld!


    [b:12905fcda8]N.B.: Vista- en Windows 7 gebruik(st)ers starten alle hier vermelde tools middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:12905fcda8]

    [b:12905fcda8]Stap •1•[/b:12905fcda8][/color:12905fcda8]

    Schakel tijdelijk Windows Defender uit
    Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken)

    [list:12905fcda8][*:12905fcda8] Open Windows Defender > Klik op Tools
    [*:12905fcda8] Klik "General Settings" of Options
    [*:12905fcda8] Scroll naar "Real Time Protection Options"
    [*:12905fcda8] Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
    [*:12905fcda8]Sluit Windows Defender
    (als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)[/list:u:12905fcda8]
    [b:12905fcda8]Stap •2•[/b:12905fcda8][/color:12905fcda8]

    Download en gebruik de [b:12905fcda8]ASK Toolbar Remover[/b:12905fcda8]: http://www.chip.de/downloads/ASK-Toolbar-Remover_43117721.html

    [b:12905fcda8]Stap •3•[/b:12905fcda8][/color:12905fcda8]
    sluit alle openstaande vensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:12905fcda8]Fix checked[/b:12905fcda8] klikt!


    Start nu HijackThis en klik op de knop [b:12905fcda8]Do a Scan only,

    O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
    O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - (no file)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - (no file)
    O3 - Toolbar: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - (no file)
    O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
    O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll[/b:12905fcda8]
    [list:12905fcda8][*:12905fcda8] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
    [*:12905fcda8] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:12905fcda8]Fix checked[/b:12905fcda8]
    [*:12905fcda8] Klik hierna HijackThis op uit.[/list:u:12905fcda8]
    [b:12905fcda8]Stap •4•[/b:12905fcda8][/color:12905fcda8]

    Typ in de zoekregel direkt boven de Startknop [b:12905fcda8]mrt[/b:12905fcda8].
    Bovenaan het startmenu klik je met rechts op de snelkoppeling van MRT en kies je voor Uitvoeren als administrator.
    MRT is het windows eigen Malicious Removal Tool.
    Laat de instelling op Snelle scan staan en kies scannen!


    [b:12905fcda8]Stap •5•[/b:12905fcda8][/color:12905fcda8]

    [b:12905fcda8]Download, installeer en blijf MBAM gebruiken[/b:12905fcda8] (KLIK)
    (klik op de blaue knop om de gratis versie te downloaden!)
    [list:12905fcda8][*:12905fcda8] Al meteen na de installatie wil [b:12905fcda8]MBAM[/b:12905fcda8] zijn database opwaarderen – toestaan dus.
    [*:12905fcda8] Ook bij herhaald gebruik: eerst MBAM updaten via de tab [b:12905fcda8]Update[/b:12905fcda8]!

    [*:12905fcda8] Start [b:12905fcda8]MBAM[/b:12905fcda8] en kies voor [b:12905fcda8]Snelle Scan[/b:12905fcda8]

    [*:12905fcda8] Het scannen kan een tijdje duren, dus wees geduldig.
    [*:12905fcda8] Indien de scan voltooid is, klik dan op de knop [b:12905fcda8]OK[/b:12905fcda8]
    [*:12905fcda8] Klik daarna op de knop [b:12905fcda8]Bekijk Resultaten[/b:12905fcda8] om de resultaten te zien.
    [*:12905fcda8] Zorg ervoor, dat alles aangevinkt is.
    [*:12905fcda8] Vervolgens klik je op: [b:12905fcda8]Verwijder geselecteerde[/b:12905fcda8] .
    [*:12905fcda8] Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    [*:12905fcda8] Het log wordt automatisch bewaard door [b:12905fcda8]MBAM[/b:12905fcda8] en dat kan je terugvinden door op de tab [b:12905fcda8]Logs[/b:12905fcda8] te klikken in [b:12905fcda8]MBAM[/b:12905fcda8] .

    [*:12905fcda8] Indien [b:12905fcda8]MBAM[/b:12905fcda8] moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op [b:12905fcda8]OK[/b:12905fcda8] klikken!
    [*:12905fcda8] Daarna zal [b:12905fcda8]MBAM[/b:12905fcda8] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:12905fcda8]
    [b:12905fcda8]Stap •6•[/b:12905fcda8][/color:12905fcda8]

    [b:12905fcda8]Hierna post je de inhoud van de volgende logs:[/b:12905fcda8]
    [list:12905fcda8][*:12905fcda8] een nieuw Hijackthis-log
    [*:12905fcda8] MBAM scanlog[/list:u:12905fcda8]
    [list:12905fcda8][b:12905fcda8]Tevens een Uninstall-lijst posten:[/b:12905fcda8]
    [*:12905fcda8] start HijackThis,
    [*:12905fcda8] klik op de knop [b:12905fcda8]Open the Misc Tools section[/b:12905fcda8],
    [*:12905fcda8] klik op de knop [b:12905fcda8]Open Uninstall Manager[/b:12905fcda8]
    [*:12905fcda8] Klik op de knop [b:12905fcda8]Save[/b:12905fcda8].[/list:u:12905fcda8]
  • Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:42:54 PM, on 12/13/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.7930.16406)
    Boot mode: Normal

    Running processes:
    C:\Program Files\TrafMeter\TrafMonitor.exe
    C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
    C:\Users\tosh\Program Files (x86)\DNA\btdna.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
    C:\Program Files (x86)\PC Tools Security\pctsGui.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Users\maanvol\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mirostart.com/?cfg=2-365-0-0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~2\SEARCH~1\SEARCH~1.DLL
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\SPEEDB~1\Toolbar\grabber.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files (x86)\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=053010 serial=wo12wrx-0000043-sgj lang=EN
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
    O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
    O4 - HKLM\..\Run: [MediaButtons] C:\Program Files (x86)\Trigem\MediaButtons\MediaButtons.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
    O4 - HKCU\..\Run: [PowerSuite] "C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe" delay 20000 -m
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\maanvol\Program Files (x86)\DNA\btdna.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{888637D5-4078-4464-A5A9-2F0203DA70EB}: NameServer
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe
    O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
    O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
    O23 - Service: Printer Control - Unknown owner - C:\Windows\system32\PrintCtrl.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TrafMeter 10.2.566 (TrafSvc) - Unknown owner - C:\Program Files\TrafMeter\TrafSvc.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 12789 bytes


    mBam-log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:42:54 PM, on 12/13/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.7930.16406)
    Boot mode: Normal

    Running processes:
    C:\Program Files\TrafMeter\TrafMonitor.exe
    C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
    C:\Users\tosh\Program Files (x86)\DNA\btdna.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
    C:\Program Files (x86)\PC Tools Security\pctsGui.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Users\maanvol\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://


    UnInstall-list:

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Apple Application Support
    Apple Software Update
    ArcSoft TotalMedia 3.5
    Ask Toolbar
    Audacity 1.3.12 (Unicode)
    AVG 9.0
    BitTorrent
    BitTorrentBar Toolbar
    Browser Defender 3.0
    Catalyst Control Center - Branding
    CDBurnerXP
    Combined Community Codec Pack 2009-09-09
    CyberLink PowerDirector
    Feedback Tool
    FileZilla Client 3.3.4.1
    FlashFXP v4.0
    Font Xplorer 1.2.2
    FreeFixer
    GIMP 2.6.11
    GPL Ghostscript 8.70
    GSview 4.9
    Java(TM) 6 Update 13
    Java(TM) 6 Update 18
    Java(TM) 6 Update 21
    JMB36X Raid Configurer
    Knoll Light Factory EZ Studio
    LAME v3.98.2 for Audacity
    Magic Bullet Looks Studio
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware
    MediaBar
    MediaButtons
    MediaCoder x64 0.7.3.4640
    MediaMonkey 3.0
    Mega Manager
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    MiKTeX 2.8
    Miro
    Mozilla Firefox (3.6.12)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Opera 10.63
    ParetoLogic DriverCure
    Picasa 3
    Pinnacle Studio 14
    Pinnacle Studio Ultimate Collection Plugins
    PL-2303 USB-to-Serial
    PSPad editor
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Red Giant ToonIt Studio
    RegTweaker version 3.2.1
    Replay Music
    Revo Uninstaller 1.90
    RICOH R5U8xx Media Driver ver.3.62.02
    Scope
    Smart Defrag
    SmartSound Quicktracks Plugin
    Snagit 10
    Songbird 1.7.3 (Build 1700)
    SpeedBit Video Accelerator
    SpeedBit Video Downloader
    Spyware Doctor 8.0
    StarOffice 9
    SUPER © Version 2010.bld.42 (Nov 7, 2010)
    TeXnicCenter Version 1.0 Stable RC1
    Total Recorder 8.1
    Trapcode 3DStroke Studio
    Trapcode Particular Studio
    Trapcode Shine Studio
    Uniblue DriverScanner
    Uniblue PowerSuite
    Uniblue RegistryBooster
    Uniblue SpeedUpMyPC
    Vers. 1.1
    VLC media player 1.0.5
    What's Running 2.2
    Windows Media Player Firefox Plugin
  • Hoi maanvol, waar is nu het MBAM-log?
  • Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5293

    Windows 6.1.7600
    Internet Explorer 9.0.7930.16406

    12/13/2010 1:38:00 PM
    mbam-log-2010-12-13 (13-38-00).txt

    Scan type: Quick scan
    Objects scanned: 157443
    Time elapsed: 9 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Ik bemerk dat na de infectie, bij het opstarten, het proces veel langer duurt. Hoe kan ik weten wat werkelijk windows 7 nodig heeft bij het opstarten? Via 'msconfig', tab: start up, zie ik erg veel spul.
  • Hoi maanvol,

    je hebt zo te zien geen spyware probleem.

    Het probleem in jouw Windows is het volgende: je hebt de betaalde versie van AVG internet security en je hebt [b:e87012fc3e]Spyware Doctor 8.0[/b:e87012fc3e] ook geïnstalleerd.
    Dat is ook een antivirusprogramma en daardoor heb je nu een conflict in jouw Windows!

    Dus deïnstalleer Spyware Doctor geheel en dan moet de problemen na een herstart over zijn!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.