Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

opstartherstel mislukt

None
64 antwoorden
  • Ik hoop dat iemand mij kan en wil helpen met het volgende probleem:

    Het is allemaal begonnen met foutmeldingen "ongeldige installatiekopie", dit bij het opstarten van mijn laptop en vervolgens bij het starten van verschillende programma's. Op aanraden van één van de leden heb ik een systeemherstel toegepast. Het probleem leek opgelost, maar bij opnieuw opstarten kom ik telkens in "opstartherstel" terecht. (zie topic http://forum.computertotaal.nl/phpBB/viewtopic.php?p=1453006#1453006)

    Vervolgens gescand met Malwarebytes, Anti-Malware en Hijackthis. Hieronder de resultaten. Is er een reddende engel voor mij aanwezig? Alvast bedankt!


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Databaseversie: 6479

    Windows 6.0.6002 Service Pack 2 (Safe Mode)
    Internet Explorer 8.0.6001.19048

    30-4-2011 20:10:41
    mbam-log-2011-04-30 (20-10-41).txt

    Scantype: Volledige scan (C:\|E:\|)
    Objecten gescand: 324946
    Verstreken tijd: 51 minuut/minuten, 53 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 4
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 2
    Mappen geïnfecteerd: 2
    Bestanden geïnfecteerd: 7

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultDns Service (Adware.ResultDNS) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultDns (Adware.ResultDNS) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.tangosearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.tangosearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully.

    Mappen geïnfecteerd:
    c:\programdata\resultdns (Adware.ResultDns) -> Quarantined and deleted successfully.
    c:\program files\resultdns (Adware.ResultDns) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    c:\programdata\resultdns\resultdns115.exe (Adware.ResultDNS) -> Quarantined and deleted successfully.
    c:\program files\resultdns\resultdns.exe (Adware.ResultDNS) -> Quarantined and deleted successfully.
    c:\program files\resultdns\uninstall.exe (Adware.ResultDNS) -> Quarantined and deleted successfully.
    c:\program files\youruninstaller2008\Keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


    Emsisoft Anti-Malware - Versie 5.1
    Laatste Update: 1-5-2011 15:28:09

    Scaninstellingen:

    Scantype: Diepe Scan
    Objecten: Geheugen, Sporen, Cookies, C:\, E:\
    Scan archieven: Aan
    Heuristieken: Uit
    ADS Scan: Aan

    Scan gestart: 1-5-2011 15:28:36

    C:\Users\Annelie\Documents\keygen etc\Gamehouse\Gamehouse_Patch.exe Ontdekt: Trojan.Generic!IK
    C:\Users\Annelie\Documents\keygen etc\Reflexive\!!Universal Reflexive Key Generator!!.exe Ontdekt: Virus.Win32.Trojan!IK
    C:\Users\Annelie\Downloads\rcoasterty.rar
    coasterty\rcttrn.EXE Ontdekt: BehavesLikeWin32.RemoteInjector!IK
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZA4U4VOD\upgrade[1].cab/$0\resultdns.dll Ontdekt: Riskware.AdWare.Win32.Zwangi!IK
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZA4U4VOD\upgrade[1].cab/$0\resultdns.exe Ontdekt: BHO.Win32.Zwangi!IK

    Gescand

    Bestanden: 399666
    Sporen: 399197
    Cookies: 1
    Processen: 22

    Gevonden

    Bestanden: 6
    Sporen: 0
    Cookies: 0
    Processen: 0
    Registersleutels: 0

    Scan Geëindigd: 1-5-2011 18:25:54
    Scantijd: 2:57:18

    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZA4U4VOD\upgrade[1].cab/$0\resultdns.exe In Quarantaine BHO.Win32.Zwangi!IK
    C:\Users\Annelie\Downloads\rcoasterty.rar
    coasterty\rcttrn.EXE In Quarantaine BehavesLikeWin32.RemoteInjector!IK
    C:\Users\Annelie\Documents\keygen etc\Reflexive\!!Universal Reflexive Key Generator!!.exe In Quarantaine Virus.Win32.Trojan!IK
    C:\Users\Annelie\Documents\keygen etc\Gamehouse\Gamehouse_Patch.exe In Quarantaine Trojan.Generic!IK

    In Quarantaine

    Bestanden: 6
    Sporen: 0
    Cookies: 0


    Verwijderd

    Bestanden: 1
    Sporen: 0
    Cookies: 0

    Dit kon niet verwijderd worden:

    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZA4U4VOD\upgrade[1].cab/$0\resultdns.dll - File not found

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:31:20, on 2-5-2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19048)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alawar.co.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
    O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
    O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
    O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
    uncleanupscript
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - (no file)
    O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: AVG Security Toolbar Service - AVAST Software - (no file)
    O23 - Service: AVGIDSAgent - AVAST Software - (no file)
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - (no file)
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Common Toolkit Tools - Unknown owner - C:\Program Files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe (file missing)
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c9f67b409fb1c7) (gupdate1c9f67b409fb1c7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe
    O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    End of file - 12584 bytes
  • Hallo Eline, een van de problemen in jouw Windows is een conflict dat resten van AVG hebben met Avast!

    Ter verdere informatie: we gaan ComboFix gebruiken.

    Je leest aandachtig onderstaande en je download ComboFix naar je bureaublad en verder doe je nog niks, want via een script gaan we AVG definitief uit jouw Windows halen middels ComboFix!

    1) [b:53e7ecd818]Welk programma[/b:53e7ecd818]: ComboFix
    [b:53e7ecd818]Waarvoor/waarom[/b:53e7ecd818]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:53e7ecd818]Moeilijkheidsgraad[/b:53e7ecd818]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:53e7ecd818]Downloadlokatie[/b:53e7ecd818]: Dit programma absoluut naar het bureaublad downloaden!
    [b:53e7ecd818]Download ComboFix via één van deze locaties[/b:53e7ecd818]:
    [list:53e7ecd818][*:53e7ecd818][b:53e7ecd818]Bleepingcomputer[/b:53e7ecd818]
    [*:53e7ecd818][b:53e7ecd818]ForoSpyware[/b:53e7ecd818]
    [*:53e7ecd818][b:53e7ecd818]Geekstogo[/b:53e7ecd818][/list:u:53e7ecd818]
    [b:53e7ecd818]Hier[/b:53e7ecd818] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:53e7ecd818]Hier[/b:53e7ecd818] en [b:53e7ecd818]hier[/b:53e7ecd818] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:53e7ecd818]Voor alle duidelijkheid nogmaals[/b:53e7ecd818]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:53e7ecd818]Opmerkingen[/b:53e7ecd818]:
    [list:53e7ecd818][*:53e7ecd818] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:53e7ecd818]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:53e7ecd818]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:53e7ecd818]
    [b:53e7ecd818]ComboFix is opgestart[/b:53e7ecd818]:
    [list:53e7ecd818][*:53e7ecd818]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:53e7ecd818]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:53e7ecd818]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:53e7ecd818]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:53e7ecd818]Post de inhoud van dit logbestand in je volgende bericht.
    [*:53e7ecd818]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:53e7ecd818]
    [b:53e7ecd818]Belangrijke opmerking[/b:53e7ecd818]:
    [list:53e7ecd818][*:53e7ecd818][b:53e7ecd818]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:53e7ecd818][/b:53e7ecd818]
    [*:53e7ecd818][b:53e7ecd818]Illegal operation attempted on a registery key that has been marked for deletion.[/color:53e7ecd818][/b:53e7ecd818]
    [*:53e7ecd818][b:53e7ecd818]Start dan de computer opnieuw op.[/color:53e7ecd818][/b:53e7ecd818][/list:u:53e7ecd818]


    2) Script!

    Open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:53e7ecd818]Kladblok[/b:53e7ecd818]".


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster.
    sla vervolgens het kladblokbestand op jouw bureaublad op als [b:53e7ecd818]CFScript_AVG2011.txt[/b:53e7ecd818]

    [b:53e7ecd818]REGISTRY::
    [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert]
    [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished]
    [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
    [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted]
    [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEnd]
    [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEndFail]
    [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdStart]
    [-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray]
    [-HKEY_CURRENT_USER\Software\Avg]
    [-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG9 Shell Extension]
    [-HKEY_CLASSES_ROOT\.avgdx]
    [-HKEY_CLASSES_ROOT\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}]
    [-HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    [-HKEY_CLASSES_ROOT\CLSID\{41B21542-2055-4212-A6F2-395CD109B14B}]
    [-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}]
    [-HKEY_CLASSES_ROOT\CLSID\{6F59E522-4689-156E-316C-D5B48819DE95} ]
    [-HKEY_CLASSES_ROOT\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}]
    [-HKEY_CLASSES_ROOT\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}]
    [-HKEY_CLASSES_ROOT\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}]
    [-HKEY_CLASSES_ROOT\CLSID\{F1FE4608-7924-4908-8E12-81CFA206F00A}]
    [-HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}]
    [-HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\AVG9 Shell Extension]
    [-HKEY_CLASSES_ROOT\Installer\Features\36E852A15FD8BDA48923830A21D156BE]
    [-HKEY_CLASSES_ROOT\Installer\Features\69BC3230A1222404483A39DE4E0799CF]
    [-HKEY_CLASSES_ROOT\Installer\Features\CFD2C1F142D260E3CB8B271543DA9F98]
    [-HKEY_CLASSES_ROOT\Installer\Products\36E852A15FD8BDA48923830A21D156BE]
    [-HKEY_CLASSES_ROOT\Installer\Products\69BC3230A1222404483A39DE4E0799CF]
    [-HKEY_CLASSES_ROOT\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98]
    [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\06DD9E4F7F3FF9C41BC2BD64A2CE18FE]
    [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\38F747DBDC97B4E459142E21199F9D10]
    [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011]
    [-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter]
    [-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter.1]
    [-HKEY_CLASSES_ROOT\MicroScanner.MicroScanner]
    [-HKEY_CLASSES_ROOT\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension]
    [-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\linkscanner]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\AVG]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VC]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0323CB96-221A-4042-84A3-93EDE47099FC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A258E63-8DF5-4ADB-9832-38A0121D65EB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AlwaysUnloadDll]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG]

    DRIVER::
    Avg
    AVGIDSAgent
    AVGIDSDriver
    AVGIDSEH
    AVGIDSFilter
    AVGIDSShim
    Avgldx86
    Avgmfx86
    Avgrkx86
    Avgtdix
    avgwd

    FOLDER::
    %SYSTEMDRIVE%\$AVG
    %COMMONAPPDATA%\AVG10
    %COMMONAPPDATA%\MFAData
    %COMMONPROGRAMS%\AVG 2011
    %APPDATA%\AVG10
    %PROGRAMFILES%\AVG
    %SYSTEM%\drivers\AVG

    File::
    %COMMONAPPDATA%\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat
    %COMMONDESKTOP%\AVG 2011.lnk
    %SYSTEM%\drivers\AVGIDSDriver.sys
    %SYSTEM%\drivers\AVGIDSEH.sys
    %SYSTEM%\drivers\AVGIDSFilter.sys
    %SYSTEM%\drivers\AVGIDSShim.sys
    %SYSTEM%\drivers\avgldx86.sys
    %SYSTEM%\drivers\avgmfx86.sys
    %SYSTEM%\drivers\avgrkx86.sys
    %SYSTEM%\drivers\avgtdix.sys[/b:53e7ecd818][/color:53e7ecd818]

    Sla dit kladblokbestand op je bureaublad op als [b:53e7ecd818]CFScript_AVG2011.txt[/b:53e7ecd818].

    Start de computer in veilige modus: http://www.nationaalcomputerforum.nl/showthread.php?t=27396


    Sleep [b:53e7ecd818]CFScript_AVG2011.txt[/b:53e7ecd818] in [b:53e7ecd818]ComboFix.exe[/b:53e7ecd818] zoals getoond in onderstaand voorbeeld :

    [img:53e7ecd818]http://img517.imageshack.us/img517/8662/cfscript10uc2.gif[/img:53e7ecd818]

    Dit zal [b:53e7ecd818]ComboFix[/b:53e7ecd818] doen herstarten.

    [b:53e7ecd818]Start opnieuw op als daarom gevraagd wordt.[/b:53e7ecd818]

    Post het Combofix log dat na het opnieuw starten wordt getoond!
  • Heel fijn dat je me wilt helpen. Ik zit te popelen om te beginnen, maar ik begrijp iets niet:

    Ik kan nu alleen maar werken in veilige modus, en volgens mij zijn er dan geen anti virus en spyware programma's geaktiveerd. Ik zie tenminste geen icoontjes in de taakbalk. Klopt dat?
    Verder zeg je dat ik Combifix moet downloaden en "verder niks doen". Begrijp ik het goed dat ik Combifix dus niet moet opstarten, alleen dat script in een kladblokbestand bestand moet plakken en vervolgens naar Combofix moet slepen? Dat "verder niks doen" brengt mij in verwarring, daarom vraag ik het maar even voor de zekerheid; ben bang iets verkeerd te doen, ben nog maar een leek…
  • Hoi, ja - je begrijpt het goed - in jouw geval moet dat script over ComboFix heen gesleepd worden.

    Want eerst moet AVG volledig verwijderd zijn, wil ComboFix normaal kunnen opstarten!
  • Hopelijk ben je er nog. Ik krijg een waarschuwing van Combifix, dat Avast actief is, maar ik zie helemaal geen pictogram of iets van Avast. Wat nu??
  • Negeer de waarschuwing maar en laat ComboFix scannen!
  • Dit is het Combofix log:


    ComboFix 11-05-02.03 - Annelie 02-05-2011 21:51:58.1.2 - x86 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2939.2393 [GMT 2:00]
    Gestart vanuit: c:\users\Annelie\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Annelie\Desktop\CFScript_AVG2011.txt
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Emsisoft Anti-Malware *Disabled/Updated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Emsisoft Anti-Malware *Disabled/Updated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    FILE ::
    "c:\programdata\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat"
    "c:\users\Public\Desktop\AVG 2011.lnk"
    "c:\windows\system32\drivers\AVGIDSDriver.sys"
    "c:\windows\system32\drivers\AVGIDSEH.sys"
    "c:\windows\system32\drivers\AVGIDSFilter.sys"
    "c:\windows\system32\drivers\AVGIDSShim.sys"
    "c:\windows\system32\drivers\avgldx86.sys"
    "c:\windows\system32\drivers\avgmfx86.sys"
    "c:\windows\system32\drivers\avgrkx86.sys"
    "c:\windows\system32\drivers\avgtdix.sys"
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\$AVG
    c:\$avg\$CHJW\04951666-ac29-4f58-a228-98b2d31590c9
    c:\$avg\$CHJW\067744b0-67fd-4804-97ac-b1c97d1ef087
    c:\$avg\$CHJW\0f4141ac-9705-4edc-b757-1088aa5317c2
    c:\$avg\$CHJW\21bc3615-053d-45ae-822d-29e70a3dbe1a
    c:\$avg\$CHJW\231ddebd-2881-481c-a968-ed45f3763a32
    c:\$avg\$CHJW\4fd83ff7-37b3-49a4-9a82-1e43193a9b19
    c:\$avg\$CHJW\57bf817e-2fd3-4ff0-a357-41220f4b8344
    c:\$avg\$CHJW\7ea099be-8f0b-4c6d-bd96-5ffab87f19ae
    c:\$avg\$CHJW\8c3adf8e-9966-46a2-a71a-6af2e4a11f35
    c:\$avg\$CHJW\9a35aa6a-fc41-4f22-874c-8dcd33fd5fef
    c:\$avg\$CHJW\9d97b374-62b4-4bbf-b8d3-a0535b8ffbcf
    c:\$avg\$CHJW\avgcchff.dat
    c:\$avg\$CHJW\avgcchfi.dat
    c:\$avg\$CHJW\avgcchmf.dat
    c:\$avg\$CHJW\avgcchmi.dat
    c:\$avg\$CHJW\b417e3d0-879a-4bcd-971c-140322af3d26
    c:\$avg\$CHJW\d3852d67-d13c-4414-8b93-a794fe1ddeb1
    c:\$avg\$CHJW\d546e75a-6bad-498e-959c-e6dde9a2cd7b
    c:\$avg\$CHJW\e097f445-47ce-43b9-896f-eb63658b4489
    c:\$avg\$CHJW\e5a634c6-5025-4b64-9d09-6d76ad434794
    c:\$avg\$CHJW\ec8d2fe8-54fc-4e4b-8bf3-f336133b7acb
    c:\$avg\$CHJW\ecfddcf4-be9c-40ca-be5b-ca9df3f499a1
    c:\$avg\$VAULT\V_00000237.fil
    c:\$avg\$VAULT\V_00000238.fil
    c:\$avg\$VAULT\V_00000239.fil
    c:\$avg\$VAULT\V_00000240.fil
    c:\$avg\$VAULT\V_00000241.fil
    c:\$avg\$VAULT\V_00000242.fil
    c:\$avg\$VAULT\V_00000243.fil
    c:\$avg\$VAULT\vvfolder.idx
    c:\program files\AVG
    c:\program files\AVG\AVG10\avgcertx.dll
    c:\program files\AVG\AVG10\avgcfgx.dll
    c:\program files\AVG\AVG10\avgchclx.dll
    c:\program files\AVG\AVG10\avgchjwx.dll
    c:\program files\AVG\AVG10\avgchsvx.exe
    c:\program files\AVG\AVG10\avgclitx.dll
    c:\program files\AVG\AVG10\avgcorex.dll
    c:\program files\AVG\AVG10\avglogx.dll
    c:\program files\AVG\AVG10\avgmfapx.exe
    c:\program files\AVG\AVG10\avgrsx.exe
    c:\program files\AVG\AVG10\avgse.dll
    c:\program files\AVG\AVG10\HtmLayout.dll
    c:\programdata\AVG10
    c:\programdata\AVG10\Cfg\admin.cfg
    c:\programdata\AVG10\Cfg\changecfgreg.cfg
    c:\programdata\AVG10\Cfg\csl.cfg
    c:\programdata\AVG10\Cfg\emssrv.cfg
    c:\programdata\AVG10\Cfg\erd.cfg
    c:\programdata\AVG10\Cfg\except.cfg
    c:\programdata\AVG10\Cfg\idp.cfg
    c:\programdata\AVG10\Cfg\krnl.cfg
    c:\programdata\AVG10\Cfg\mail.cfg
    c:\programdata\AVG10\Cfg\mailsrv.cfg
    c:\programdata\AVG10\Cfg\mailsrvvsapi.cfg
    c:\programdata\AVG10\Cfg\malrep.cfg
    c:\programdata\AVG10\Cfg\scan.cfg
    c:\programdata\AVG10\Cfg\sched.cfg
    c:\programdata\AVG10\Cfg\setup.cfg
    c:\programdata\AVG10\Cfg\spsrv.cfg
    c:\programdata\AVG10\Cfg\update.cfg
    c:\programdata\AVG10\Cfg\updatecomps.cfg
    c:\programdata\AVG10\Cfg\user.cfg
    c:\programdata\AVG10\cfgall\falsealarm.cfg
    c:\programdata\AVG10\cfgall\krnlall.cfg
    c:\programdata\AVG10\cfgall\pctuneupall.cfg
    c:\programdata\AVG10\cfgall\srmall.cfg
    c:\programdata\AVG10\cfgall\updateall.cfg
    c:\programdata\AVG10\cfgall\userall.cfg
    c:\programdata\AVG10\Chjw\480e17a10e1786da.dat
    c:\programdata\AVG10\Chjw\480e17a10e1786da\avgcchff.dat
    c:\programdata\AVG10\Chjw\480e17a10e1786da\avgcchmf.dat
    c:\programdata\AVG10\Chjw\6e701558701527fb.dat
    c:\programdata\AVG10\Chjw\6e701558701527fb\avgcchff.dat
    c:\programdata\AVG10\Chjw\6e701558701527fb\avgcchmf.dat
    c:\programdata\AVG10\Chjw\823013053012ffb9.dat
    c:\programdata\AVG10\Dumps\iexplore.exe_129478566539724866.exh
    c:\programdata\AVG10\Dumps\iexplore.exe_129478566539724866_F.dmp
    c:\programdata\AVG10\Dumps\iexplore.exe_129478566539724866_M.dmp
    c:\programdata\AVG10\IDS(85)\log\AVGIDSAgent_boot.log
    c:\programdata\AVG10\IDS\config\ClientConfig.cfg
    c:\programdata\AVG10\IDS\log\AVGIDSAgent_boot.log
    c:\programdata\AVG10\IDS\profile\globalLoadable.gdb
    c:\programdata\AVG10\log\arklog.cfg
    c:\programdata\AVG10\log\avgcfg.log
    c:\programdata\AVG10\log\avgcfg.log.lock
    c:\programdata\AVG10\log\avgcfgex.log
    c:\programdata\AVG10\log\avgcfgex.log.lock
    c:\programdata\AVG10\log\avgchjw.log
    c:\programdata\AVG10\log\avgchjw.log.lock
    c:\programdata\AVG10\log\avgchjwsrv.log
    c:\programdata\AVG10\log\avgchjwsrv.log.lock
    c:\programdata\AVG10\log\avgldr.log
    c:\programdata\AVG10\log\avgldr.log.lock
    c:\programdata\AVG10\log\avglng.log
    c:\programdata\AVG10\log\avglng.log.lock
    c:\programdata\AVG10\log\avgmail.cfg
    c:\programdata\AVG10\log\avgrs.log
    c:\programdata\AVG10\log\avgrs.log.1
    c:\programdata\AVG10\log\avgrs.log.2
    c:\programdata\AVG10\log\avgrs.log.lock
    c:\programdata\AVG10\log\avgtbapi.cfg
    c:\programdata\AVG10\log\avgtdi.log
    c:\programdata\AVG10\log\avgtdi.log.lock
    c:\programdata\AVG10\log\avgui.log
    c:\programdata\AVG10\log\avgui.log.lock
    c:\programdata\AVG10\log\avguilog.cfg
    c:\programdata\AVG10\log\avgwd.log
    c:\programdata\AVG10\log\avgwd.log.lock
    c:\programdata\AVG10\log\avgwdsvc.log
    c:\programdata\AVG10\log\avgwdsvc.log.lock
    c:\programdata\AVG10\log\cfgexlog.cfg
    c:\programdata\AVG10\log\cfglog.cfg
    c:\programdata\AVG10\log\chjwlog.cfg
    c:\programdata\AVG10\log\commonpriv.log
    c:\programdata\AVG10\log\commonpriv.log.lock
    c:\programdata\AVG10\log\commonpub.log
    c:\programdata\AVG10\log\commonpub.log.lock
    c:\programdata\AVG10\log\corelog.cfg
    c:\programdata\AVG10\log\csllog.cfg
    c:\programdata\AVG10\log\emclog.cfg
    c:\programdata\AVG10\log\fixcfg.log
    c:\programdata\AVG10\log\fixcfg.log.lock
    c:\programdata\AVG10\log\ldrlog.cfg
    c:\programdata\AVG10\log\lnglog.cfg
    c:\programdata\AVG10\log\lscanlog.cfg
    c:\programdata\AVG10\log
    slog.cfg
    c:\programdata\AVG10\log\privlog.cfg
    c:\programdata\AVG10\log\publog.cfg
    c:\programdata\AVG10\log\rslog.cfg
    c:\programdata\AVG10\log\scanlog.cfg
    c:\programdata\AVG10\log\schedlog.cfg
    c:\programdata\AVG10\log\srmlog.cfg
    c:\programdata\AVG10\log\tdilog.cfg
    c:\programdata\AVG10\log\updlog.cfg
    c:\programdata\AVG10\log\vaultlog.cfg
    c:\programdata\AVG10\log\wdlog.cfg
    c:\programdata\AVG10\log\wdsvclog.cfg
    c:\programdata\AVG10\SetupBackup\Avgx86.msi
    c:\programdata\AVG10\SetupBackup\corex86.msi
    c:\programdata\AVG10\Temp\file9514.tmp
    c:\programdata\AVG10\update\download\fixcorex3.exe
    c:\programdata\MFAData
    c:\programdata\MFAData\logs\mfa-20101112-074712.log
    c:\programdata\MFAData\logs\mfa-20101112-075533.log
    c:\programdata\MFAData\logs\mfa-20110413-162221.log
    c:\programdata\MFAData\logs\mfa-20110428-194956.log
    c:\programdata\MFAData\logs\mfa-20110429-152333.log
    c:\programdata\MFAData\logs\mfa-20110429-153132.log
    c:\programdata\MFAData\logs\mfa-20110429-153151.log
    c:\programdata\MFAData\logs\mfa-20110429-153251.log
    c:\programdata\MFAData\logs\mfa-20110429-153550.log
    c:\programdata\MFAData\logs\mfa-20110429-155731.log
    c:\programdata\MFAData\logs\mfa-20110429-155810.log
    c:\programdata\MFAData\logs\mfa-20110429-160757.log
    c:\programdata\MFAData\logs\msi-20101112-074712.log
    c:\programdata\MFAData\logs\msi-20110413-162221.log
    c:\programdata\MFAData\logs\msi-20110428-194956.log
    c:\programdata\MFAData\logs\msi-20110429-152333.log
    c:\programdata\MFAData\logs\msi-20110429-155731.log
    c:\programdata\MFAData\mfaurlconf.ini
    c:\programdata\MFAData\public_installation_log.xml
    c:\programdata\MFAData\setup_tp.cab
    c:\programdata\Microsoft\Windows\Start Menu\Programs\AVG 2011
    c:\programdata\Microsoft\Windows\Start Menu\Programs\AVG 2011\Installatie van AVG.lnk ongedaan maken.lnk
    c:\puzzelhulp\Puzzelhulp.exe
    c:\users\Annelie\AppData\Roaming\.#
    c:\users\Annelie\AppData\Roaming\AVG10
    c:\users\Annelie\AppData\Roaming\AVG10\cfgall\usergui.cfg
    c:\users\Annelie\AppData\Roaming\log.txt
    c:\windows\system32\drivers\AVG
    c:\windows\system32\drivers\AVG\iavichjg.avm
    c:\windows\system32\drivers\AVG\iavichjw.avm
    c:\windows\system32\drivers\AVG\incavi.avm
    c:\windows\system32\drivers\AVGIDSDriver.sys
    c:\windows\system32\drivers\AVGIDSEH.sys
    c:\windows\system32\drivers\AVGIDSFilter.sys
    c:\windows\system32\drivers\AVGIDSShim.sys
    c:\windows\system32\drivers\avgldx86.sys
    c:\windows\system32\drivers\avgmfx86.sys
    c:\windows\system32\drivers\avgrkx86.sys
    c:\windows\system32\drivers\avgtdix.sys
    c:\windows\XSxS
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ——-\Legacy_AVGIDSDRIVER
    ——-\Legacy_AVGIDSEH
    ——-\Legacy_AVGIDSFILTER
    ——-\Legacy_AVGIDSSHIM
    ——-\Legacy_AVGLDX86
    ——-\Legacy_AVGMFX86
    ——-\Legacy_AVGRKX86
    ——-\Legacy_AVGTDIX
    ——-\Service_Avg
    ——-\Service_AVGIDSAgent
    ——-\Service_AVGIDSDriver
    ——-\Service_AVGIDSEH
    ——-\Service_AVGIDSFilter
    ——-\Service_AVGIDSShim
    ——-\Service_Avgldx86
    ——-\Service_Avgmfx86
    ——-\Service_Avgrkx86
    ——-\Service_Avgtdix
    ——-\Service_avgwd
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-04-02 to 2011-05-02 ))))))))))))))))))))))))))))))
    .
    .
    2011-05-02 19:59 . 2011-05-02 20:06 ——– d—–w- c:\users\Annelie\AppData\Local\temp
    2011-05-02 19:59 . 2011-05-02 19:59 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-04-29 17:36 . 2011-04-29 10:12 64512 —-a-w- c:\windows\system32\drivers\Lbd.sys
    2011-04-29 17:06 . 2010-12-20 16:09 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-29 17:06 . 2010-12-20 16:08 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-29 16:02 . 2011-04-18 17:17 307288 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2011-04-29 16:02 . 2011-04-18 17:12 19544 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-04-29 16:02 . 2011-04-18 17:17 441176 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-29 16:02 . 2011-04-18 17:16 49240 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-04-29 16:02 . 2011-04-18 17:13 25432 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-04-29 16:02 . 2011-04-18 17:13 53592 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-04-29 16:01 . 2011-04-18 17:25 40112 —-a-w- c:\windows\avastSS.scr
    2011-04-29 16:01 . 2011-04-18 17:25 199304 —-a-w- c:\windows\system32\aswBoot.exe
    2011-04-29 15:37 . 2009-11-04 20:43 4915024 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD3A99D1-48BB-401B-835B-7B25654BB522}\mpengine.dll
    2011-04-29 15:35 . 2011-03-03 15:40 28672 —-a-w- c:\windows\system32\Apphlpdm.dll
    2011-04-29 15:35 . 2011-03-03 13:35 4240384 —-a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-04-29 15:35 . 2011-03-12 21:55 876032 —-a-w- c:\windows\system32\XpsPrint.dll
    2011-04-29 07:47 . 2011-04-29 07:47 ——– d—–w- c:\program files\Panda Security
    2011-04-28 20:08 . 2011-04-28 20:08 ——– d—–w- c:\programdata\AVAST Software
    2011-04-28 20:08 . 2011-04-28 20:08 ——– d—–w- c:\program files\AVAST Software
    2011-04-28 19:15 . 2011-04-28 19:15 ——– d—–w- c:\users\Annelie\AppData\Local\Sunbelt Software
    2011-04-28 19:14 . 2011-04-28 19:14 ——– dc-h–w- c:\programdata\{91EC863D-D912-4466-91CC-9489A4A2ADD3}
    2011-04-28 19:13 . 2011-04-28 19:15 ——– d—–w- c:\programdata\Lavasoft
    2011-04-28 19:13 . 2011-04-28 19:13 ——– d—–w- c:\program files\Lavasoft
    2011-04-28 12:11 . 2011-05-02 20:01 ——– d—–w- c:\program files\Emsisoft Anti-Malware
    2011-04-28 11:15 . 2011-04-28 11:15 ——– d—–w- c:\users\Annelie\AppData\Roaming\Malwarebytes
    2011-04-28 11:14 . 2011-04-28 11:14 ——– d—–w- c:\programdata\Malwarebytes
    2011-04-28 11:14 . 2011-04-30 17:13 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-27 20:21 . 2011-04-27 20:21 ——– d—–w- c:\users\Annelie\AppData\Roaming\Skype
    2011-04-27 18:59 . 2011-04-27 18:59 ——– d—–w- c:\program files\Loaris
    2011-04-27 18:16 . 2011-04-27 18:58 ——– d—–w- c:\program files\Loaris Trojan Remover
    2011-04-26 10:23 . 2011-04-26 10:23 ——– d—–w- c:\users\Annelie\AppData\Local\{9E100F3C-EA2F-47A4-B425-21C819210AC5}
    2011-04-24 19:11 . 2011-04-24 19:12 ——– d—–w- c:\users\Annelie\AppData\Local\{395F0E53-EA0F-43D1-BFD8-3073D5DEEA73}
    2011-04-23 10:55 . 2011-04-23 10:55 ——– d—–w- c:\users\Annelie\AppData\Roaming\Ph03nixNewMedia
    2011-04-23 10:30 . 2011-04-23 10:31 ——– d—–w- c:\users\Annelie\AppData\Local\{068C08DC-6D76-4637-979A-D7D0CAD19CE8}
    2011-04-22 19:45 . 2011-04-22 19:45 ——– d—–w- c:\program files\Shangri La 2 Deluxe
    2011-04-22 18:22 . 2011-04-22 18:22 ——– d—–w- c:\users\Annelie\AppData\Local\{16FFFFCA-AFFA-4391-8781-82ABF2CA3816}
    2011-04-21 18:28 . 2011-04-21 18:33 ——– d—–w- c:\program files\Farmscapes Collectors Edition
    2011-04-21 11:13 . 2011-04-21 11:13 ——– d—–w- c:\users\Annelie\AppData\Local\{9B64721A-ADD4-4208-8056-4954A31112B6}
    2011-04-20 10:58 . 2011-04-20 10:58 ——– d—–w- c:\users\Annelie\AppData\Local\ElevatedDiagnostics
    2011-04-20 10:56 . 2011-04-20 10:56 ——– d—–w- c:\program files\Microsoft ATS
    2011-04-20 10:47 . 2011-04-20 10:47 ——– d—–w- c:\users\Annelie\AppData\Local\{BAFE4342-D6FA-4D73-8A27-61B441186B8E}
    2011-04-19 13:03 . 2011-04-19 13:03 ——– d—–w- c:\users\Annelie\AppData\Local\{E0955E8B-3E15-4A18-9D01-EBF192D7A901}
    2011-04-18 08:38 . 2011-04-18 08:38 ——– d—–w- c:\users\Annelie\AppData\Local\{C03CDA2F-C074-4E97-B1F5-72A2D702314B}
    2011-04-17 15:13 . 2011-04-17 15:15 ——– d—–w- c:\program files\Campfire Legends - The Babysitter
    2011-04-17 12:56 . 2011-04-29 16:11 ——– d—–w- c:\program files\Elizabeth Find M.D. - Diagnosis Mystery Deluxe
    2011-04-17 10:55 . 2011-04-17 10:55 ——– d—–w- c:\users\Annelie\AppData\Local\{DDFDE472-6525-4B01-A6C1-6EC67D4F28A3}
    2011-04-16 10:37 . 2011-04-16 10:37 ——– d—–w- c:\users\Annelie\AppData\Local\{1ACCFDEB-DB71-4C89-A9D4-8F6BA85BA551}
    2011-04-14 18:02 . 2011-04-14 18:02 ——– d—–w- c:\users\Annelie\{b2edab7a-3cfa-40b2-9c18-53b00b56e1da}
    2011-04-14 10:56 . 2011-04-14 10:56 ——– d—–w- c:\users\Annelie\AppData\Local\{F2FB913C-883A-4074-A119-1CF089BEE591}
    2011-04-12 14:43 . 2011-04-12 14:43 ——– d—–w- c:\users\Annelie\AppData\Local\{6BE0F641-9E5D-4504-A4E7-C34F53CB82EC}
    2011-04-11 18:19 . 2011-04-11 18:20 ——– d—–w- c:\program files\Little Shop - World Traveler Deluxe
    2011-04-10 19:49 . 2011-04-10 19:49 ——– d—–w- c:\users\Annelie\AppData\Roaming\NevoSoft
    2011-04-08 07:34 . 2011-04-08 07:35 ——– d—–w- c:\users\Annelie\AppData\Roaming\thejoyoffarming
    2011-04-05 17:50 . 2011-04-05 17:50 ——– d—–w- c:\users\Annelie\AppData\Local\{A96C30B7-75C4-4B90-8139-FCCEFF976A89}
    2011-04-04 19:38 . 2011-04-05 17:45 ——– d—–w- c:\program files\Fiction Fixers - De Vloek van Oz
    2011-04-04 18:12 . 2011-04-08 18:01 ——– d—–w- c:\users\Annelie\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
    2011-04-04 18:10 . 2011-04-08 18:02 ——– d—–w- c:\program files\A Gypsy's Tale - The Tower of Secrets Deluxe
    2011-04-03 11:59 . 2011-04-03 11:59 ——– d—–w- c:\users\Annelie\AppData\Local\{84FB63FE-2C6F-4D1E-97EF-BEF282DFFEAE}
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-18 07:15 . 2011-05-02 20:10 7071056 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98F519BA-5EFD-4B41-807F-CB08F51597D3}\mpengine.dll
    2011-03-09 11:37 . 2010-06-24 09:33 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-07 15:16 . 2010-01-19 13:00 444952 —-a-w- c:\windows\system32\wrap_oal.dll
    2011-03-07 15:16 . 2010-01-19 13:00 109080 —-a-w- c:\windows\system32\OpenAL32.dll
    2011-03-03 15:40 . 2011-04-29 15:35 173056 —-a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40 . 2011-04-29 15:35 458752 —-a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40 . 2011-04-29 15:35 542720 —-a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40 . 2011-04-29 15:35 2159616 —-a-w- c:\windows\apppatch\AcGenral.dll
    2011-02-22 14:13 . 2011-03-23 12:25 288768 —-a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33 . 2011-03-23 12:25 1068544 —-a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33 . 2011-03-23 12:25 797696 —-a-w- c:\windows\system32\FntCache.dll
    2011-02-11 17:26 . 2011-02-11 17:26 8198680 —-a-w- c:\windows\system32\TVWSetup.exe
    2011-02-11 17:26 . 2009-07-17 14:48 137752 —-a-w- c:\windows\system32\igfxtray.exe
    2011-02-11 17:26 . 2009-07-17 14:48 267800 —-a-w- c:\windows\system32\igfxsrvc.exe
    2011-02-11 17:26 . 2009-07-17 14:48 172568 —-a-w- c:\windows\system32\igfxpers.exe
    2011-02-11 17:26 . 2009-07-17 14:48 179224 —-a-w- c:\windows\system32\igfxext.exe
    2011-02-11 17:26 . 2009-07-17 14:48 171032 —-a-w- c:\windows\system32\hkcmd.exe
    2011-02-11 17:26 . 2011-02-11 17:26 3157528 —-a-w- c:\windows\system32\GfxUI.exe
    2011-02-11 17:20 . 2011-02-11 17:20 81920 —-a-w- c:\windows\system32\igfxCoIn_v2302.dll
    2011-02-11 17:12 . 2011-02-11 17:12 9036800 —-a-w- c:\windows\system32\drivers\igdkmd32.sys
    2011-02-11 17:12 . 2008-08-19 11:04 4967424 —-a-w- c:\windows\system32\igdumd32.dll
    2011-02-11 17:09 . 2008-08-19 11:04 571904 —-a-w- c:\windows\system32\igdumdx32.dll
    2011-02-11 17:04 . 2011-02-11 17:04 4411392 —-a-w- c:\windows\system32\igd10umd32.dll
    2011-02-11 16:51 . 2011-02-11 16:51 11039744 —-a-w- c:\windows\system32\ig4icd32.dll
    2011-02-11 16:44 . 2011-02-11 16:44 86016 —-a-w- c:\windows\system32\igfxrsky.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrtrk.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrslv.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 84992 —-a-w- c:\windows\system32\igfxrtha.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86528 —-a-w- c:\windows\system32\igfxresn.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86016 —-a-w- c:\windows\system32\igfxrrus.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86016 —-a-w- c:\windows\system32\igfxrptg.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrsve.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86016 —-a-w- c:\windows\system32\igfxrplk.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrptb.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrnor.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 82944 —-a-w- c:\windows\system32\igfxrkor.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86528 —-a-w- c:\windows\system32\igfxrell.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86016 —-a-w- c:\windows\system32\igfxrita.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrhun.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 84480 —-a-w- c:\windows\system32\igfxrheb.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 82944 —-a-w- c:\windows\system32\igfxrjpn.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86528 —-a-w- c:\windows\system32\igfxrfra.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 86016 —-a-w- c:\windows\system32\igfxrdeu.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrfin.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 84992 —-a-w- c:\windows\system32\igfxrdan.lrc
    2011-02-11 16:44 . 2009-07-17 14:48 86016 —-a-w- c:\windows\system32\igfxrnld.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 85504 —-a-w- c:\windows\system32\igfxrcsy.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 84480 —-a-w- c:\windows\system32\igfxrara.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 81920 —-a-w- c:\windows\system32\igfxrcht.lrc
    2011-02-11 16:44 . 2011-02-11 16:44 81920 —-a-w- c:\windows\system32\igfxrchs.lrc
    2011-02-11 16:41 . 2011-02-11 16:41 195584 —-a-w- c:\windows\system32\igfxpph.dll
    2011-02-11 16:41 . 2011-02-11 16:41 115200 —-a-w- c:\windows\system32\igfxcpl.cpl
    2011-02-11 16:41 . 2008-08-19 11:04 261632 —-a-w- c:\windows\system32\igfxTMM.dll
    2011-02-11 16:41 . 2008-08-19 11:04 23552 —-a-w- c:\windows\system32\igfxexps.dll
    2011-02-11 16:41 . 2008-08-19 11:04 57856 —-a-w- c:\windows\system32\igfxsrvc.dll
    2011-02-11 16:40 . 2011-02-11 16:40 130048 —-a-w- c:\windows\system32\igfxdo.dll
    2011-02-11 16:40 . 2008-08-19 11:04 95232 —-a-w- c:\windows\system32\hccutils.dll
    2011-02-11 16:40 . 2011-02-11 16:40 120320 —-a-w- c:\windows\system32\gfxSrvc.dll
    2011-02-11 16:40 . 2011-02-11 16:40 4096 —-a-w- c:\windows\system32\IGFXDEVLib.dll
    2011-02-11 16:40 . 2011-02-11 16:40 85504 —-a-w- c:\windows\system32\igfxrenu.lrc
    2011-02-11 16:40 . 2008-08-19 11:04 828928 —-a-w- c:\windows\system32\igfxress.dll
    2011-02-11 16:40 . 2008-08-19 11:04 228864 —-a-w- c:\windows\system32\igfxdev.dll
    2011-02-11 16:35 . 2011-02-11 16:35 208896 —-a-w- c:\windows\system32\iglhsip32.dll
    2011-02-11 16:35 . 2011-02-11 16:35 147456 —-a-w- c:\windows\system32\iglhcp32.dll
    2011-02-02 20:40 . 2010-06-05 13:13 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 16:11 . 2009-12-24 06:39 222080 ——w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-12-09 11:51 3911776 —-a-w- c:\program files\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    2010-12-09 11:51 3911776 —-a-w- c:\program files\MyAshampoo\tbMyAs.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-12-09 3911776]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-04-18 17:25 122512 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-22 2423752]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
    "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-10-05 9742952]
    "WireLessMouse"="c:\program files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]
    "KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
    "Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-07-21 1045904]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    2009-09-03 13:21 548352 —-a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync
    estart
    .
    [HKLM\~\startupfolder\C:^Users^Annelie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.83u1.lnk]
    path=c:\users\Annelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FreeRapid 0.83u1.lnk
    backup=c:\windows\pss\FreeRapid 0.83u1.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-07-02 13:35 30192 —-a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite]
    2010-08-30 07:45 67448 —-a-w- c:\program files\Uniblue\PowerSuite\Launcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2010-08-24 09:38 247144 —-a-w- c:\users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMERunner.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1c9f67b409fb1c7;Google Update Service (gupdate1c9f67b409fb1c7);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 133104]
    R3 AVG Security Toolbar Service;AVG Security Toolbar Service; [x]
    R3 CFcatchme;CFcatchme;c:\users\Annelie\AppData\Local\Temp\CFcatchme.sys [x]
    R3 Common Toolkit Tools;Common Toolkit Tools;c:\program files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [x]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-02 30192]
    R3 KMWDFILTERx86;MLK KM DRIVER;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2008-03-22 17024]
    R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers
    pf.sys [2007-11-06 34064]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-19 12872]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 BOHCI;BOHCI; [x]
    R4 BUHCI;BUHCI; [x]
    R4 BUSBD;BUSBD; [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-30 721904]
    S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2010-09-05 41928]
    S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-19 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-26 67656]
    S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-03-29 2860800]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
    S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2008-03-28 208896]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [2011-02-02 1176712]
    S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2009-07-21 116104]
    S2 TomTomHOMEService;TomTomHOMEService;c:\users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
    S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]
    S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-02-20 73728]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
    S3 RTL8187B;Realtek RTL8187B draadloos 802.11b/g 54Mbps USB 2.0 netwerkadapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 16:29]
    .
    2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 16:29]
    .
    2011-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000Core.job
    - c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 13:15]
    .
    2011-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000UA.job
    - c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 13:15]
    .
    .
    ——- Bijkomende Scan ——-
    .
    mStart Page = hxxp://alawar.co.nl
    mSearch Bar = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: Free YouTube Download - c:\users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
    IE: Free YouTube to Mp3 Converter - c:\users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
    Trusted Zone: microsoft.com\www
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    BHO-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
    BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
    BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
    Toolbar-10 - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
    SafeBoot-Lavasoft Ad-Aware Service
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    MSConfigStartUp-NDSTray - NDSTray.exe
    AddRemove-FULL-DISKfighter - c:\program files\Fighters\FULL-DISKfighter\Uninstall.exe
    AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-02 22:05
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    detected NTDLL code modification:
    ZwOpenFile
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????6~^????P?V?x?V???V???V??
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:0000007b
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'Explorer.exe'(1184)
    c:\windows\system32\WindowsCodecs.dll
    c:\windows\system32\es.dll
    c:\windows\system32\audioeng.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\conime.exe
    c:\windows\system32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-05-02 22:17:31 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-05-02 20:17
    .
    Pre-Run: 31.229.173.760 bytes beschikbaar
    Post-Run: 30.592.929.792 bytes beschikbaar
    .
    - - End Of File - - 112DE8A280B1DB8C33926CA6E16D579D
  • Hoi Eline, laat even weten hoe Windows na de ComboFixscan is opstart.

    Bovendien wil ik ook weten of Emisofts Antimalware gekocht is of als shareware wordt gebruikt.

    In principe heb je namelijk een overkill aan malwareprogramna's en antivirussoftware in jouw Windows!
  • Windows start prima op. Alles lijkt weer "normaal".Mijn dank hiervoor. Emisoft Antimalware heb ik niet gekocht; gebruik het als shareware.
    Dat ik een overkill aan malwareprogramma's heb kan wel kloppen. Heb van alles gedownload onder het mom van: wat de één niet verwijderd, verwijderd de andere wel. Zou er best wel wat kunnen missen hoor…….

    Even iets heel anders, we zijn nu toch bezig: (als je geen oplossing weet, laat dan maar) Al sinds maanden heb ik, als ik de laptop uit stand-by opstart, een "remind"-melding: cmdpst.dll can't be initialize. Als het eenvoudig opgelost kan worden dan doe ik dat, maar het stoort me verder niet, 1 keer op ok klikken en het is weer weg.
    Ik hoor nog wel van je!
  • Hoi Eline, via googelen gevonden; het betekent dat je de [b:de3b5318ae]Acoustic Silencer[/b:de3b5318ae], di de draaisnelheid van de DVD/RW naar beneden zet, opnieuw dient te installeren!

    http://eu.computers.toshiba-europe.com/innovation/download_drivers_bios.jsp

    En ik wil graag het volgende van je hebben:

    [b:de3b5318ae]Welk programma[/b:de3b5318ae]: Trend Micro [b:de3b5318ae]Hijack This Versie 2.0.4[/b:de3b5318ae]
    [b:de3b5318ae]Waarvoor/waarom[/b:de3b5318ae]: maakt een duidelijk overzicht van Windows door middel van een scan.
    [b:de3b5318ae]Moeilijkheidsgraad[/b:de3b5318ae]: geen, enkel Vista- en Win 7 gebruikers dienen even extra aandacht te geven.

    [b:de3b5318ae]Download[/b:de3b5318ae] de [b:de3b5318ae]HijackThis Installer[/b:de3b5318ae]

    [b:de3b5318ae]Installatie[/b:de3b5318ae]:
    [list:de3b5318ae][*:de3b5318ae]Installeer HijackThis op de aangegeven lokatie - daarmee wordt voorkomen dat eventuele back-ups niet terugvindbaar zijn![/list:u:de3b5318ae]
    Gebruikers van [b:de3b5318ae]Windows Vista[/b:de3b5318ae] en [b:de3b5318ae]Windows 7[/b:de3b5318ae] gaan daarna naar de installatielokatie van HijackThis.
    [list:de3b5318ae][*:de3b5318ae]Vervolgens met rechts hijackthis.exe aanklikken en dan Eigenschappen kiezen.
    [*:de3b5318ae]Klik nu op de tab Comptabiliteit en zet dan een vinkje bij Als Administrator uitvoeren.
    [*:de3b5318ae]Als laatste wordt dan nog op [b:de3b5318ae]Toepassen[/b:de3b5318ae] en [b:de3b5318ae]OK[/b:de3b5318ae] geklikt[/list:u:de3b5318ae]
    [b:de3b5318ae]Hijack This gebruiken[/b:de3b5318ae]:
    [list:de3b5318ae][*:de3b5318ae]Sluit eerst alle openstaande programma's en de webbrowsers.
    [*:de3b5318ae]Start nu 'Hijack This' en klik vervolgens op de knop 'Do a system scan and save a logfile'
    [*:de3b5318ae]Sluit nu alle openstaande vensters en start vervolgens 'HijackThis' en kies voor 'Do a system scan and save a logfile'.
    [*:de3b5318ae]Kopieer en plak inhoud van het Hijack This-logfile in je aansluitende bericht.
    [*:de3b5318ae]Hierna mag je Hijack This weer sluiten[/list:u:de3b5318ae]
  • Krijg tijdens installeren van HijackThis de volgende vraag:
    An installation for Ad-Aware is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes? Yes or no??

    Ik heb er wel een puinhoop van gemaakt geloof ik…

    Dat Acoustic geval installeer ik later wel, eerst het echte probleem maar oplossen.
  • [quote:88113726c8="eline"]Krijg tijdens installeren van HijackThis de volgende vraag:
    An installation for Ad-Aware is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes? Yes or no??

    Ik heb er wel een puinhoop van gemaakt geloof ik…

    Dat Acoustic geval installeer ik later wel, eerst het echte probleem maar oplossen.[/quote:88113726c8]


    :roll: Heb maar "yes" geantwoord, hopende dat dit de goede keus is.
  • Het duurde even..

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:26:49, on 3-5-2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19048)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Mouse Driver\StartAutorun.exe
    C:\Program Files\Toshiba TEMPRO\TemproTray.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files\Mouse Driver\KMConfig.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Mouse Driver\KMProcess.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alawar.co.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
    O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
    O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
    uncleanupscript
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - (no file)
    O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: AVG Security Toolbar Service - AVAST Software - (no file)
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Common Toolkit Tools - Unknown owner - C:\Program Files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe (file missing)
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c9f67b409fb1c7) (gupdate1c9f67b409fb1c7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe
    O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    End of file - 11837 bytes
  • Hallo Eline, indien je in "Configuratiescherm\Programma's en onderdelen" Lavasoft AdAware hebt staan - verwijder dan dit programma!

    Door op "JA\Yes" te klikken heb je juist gehandeld!


    Daarna mag je het volgende doen:

    sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:d701513ef7]Fix checked[/b:d701513ef7] klikt!


    Start nu HijackThis middels rechtsklik met Administratorrechten en klik op de knop [b:d701513ef7]Do a Scan only,

    R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
    O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - (no file)
    O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - (no file)
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)[/b:d701513ef7]

    [list:d701513ef7][*:d701513ef7] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
    [*:d701513ef7] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:d701513ef7]Fix checked[/b:d701513ef7]
    [*:d701513ef7] Klik hierna HijackThis op uit.[/list:u:d701513ef7]

    Noot: de toolbar van Ashampoo is gerelateerd aan Conduit.
    Dat is trackingware, bedoeld om je in een later stadium gerichte reclame te doen toekomen!


    Na bovenstaande gedaan te hebben, doe je het volgende:

    [b:d701513ef7]Welk programma[/b:d701513ef7]: Malwarebytes MBAM
    [b:d701513ef7]Waarvoor/waarom[/b:d701513ef7]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:d701513ef7]Moeilijkheidsgraad[/b:d701513ef7]: geen.

    [b:d701513ef7]Download Malwarebytes MBAM via één van deze locaties[/b:d701513ef7]:
    [list:d701513ef7] [*:d701513ef7][b:d701513ef7]Download.com[/b:d701513ef7]
    [*:d701513ef7][b:d701513ef7]Softpedia.com[/b:d701513ef7][*:d701513ef7][b:d701513ef7]Majorgeeks.com[/b:d701513ef7][/list:u:d701513ef7]
    [b:d701513ef7]Allereerst[/b:d701513ef7]:[list:d701513ef7][*:d701513ef7] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    [*:d701513ef7] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:d701513ef7]
    [b:d701513ef7]Malwarebytes MBAM opstarten[/b:d701513ef7]:
    Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.

    [b:d701513ef7]Scannen[/b:d701513ef7]:
    [list:d701513ef7][*:d701513ef7] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
    [*:d701513ef7]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:d701513ef7]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:d701513ef7]
    [b:d701513ef7]Infecties gevonden[/b:d701513ef7]:
    [list:d701513ef7][*:d701513ef7]Klik nu eerst op OK om de melding weg te klikken
    [*:d701513ef7]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
    [*:d701513ef7]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
    [*:d701513ef7]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [*:d701513ef7]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:d701513ef7]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:d701513ef7]
    [b:d701513ef7]MBAM-Log[/b:d701513ef7]:
    [list:d701513ef7][*:d701513ef7] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:d701513ef7]
    [b:d701513ef7]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:d701513ef7]


    Als laatste gebruik jij onderstaande tool:

    [b:d701513ef7]Welk programma[/b:d701513ef7]: TFC.
    [b:d701513ef7]Waarvoor/waarom[/b:d701513ef7]:grondige reiniging van Windows.
    [b:d701513ef7]Moeilijkheidsgraad[/b:d701513ef7]: geen.

    [b:d701513ef7]Download TFC naar je bureaublad (klick)[/color:d701513ef7] [/b:d701513ef7]

    [b:d701513ef7]TFC opstarten[/b:d701513ef7]:
    Windows 2000 en Windows XP: start TFC.exe middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start TFC.exe middels rechtsklik op de snelkoppeling en dan kiezen voor "Als Administrator uitvoeren".
    [list:d701513ef7][*:d701513ef7] Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen!
    [*:d701513ef7] Vervolgens klik je op de knop [b:d701513ef7]Start[/b:d701513ef7] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is.
    [*:d701513ef7] Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt.
    [*:d701513ef7] Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op.
    [*:d701513ef7] Noot: TFC vertoont geen log![/list:u:d701513ef7]
    [b:d701513ef7]Samenvattend: hierna post je de inhoud van de volgende logs:[/b:d701513ef7][/color:d701513ef7]
    [list:d701513ef7][*:d701513ef7] een nieuw Hijackthis-log
    [*:d701513ef7] MBAM scanlog[/list:u:d701513ef7]
  • Daar is ie weer:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Databaseversie: 6503

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19048

    4-5-2011 12:51:55
    mbam-log-2011-05-04 (12-51-55).txt

    Scantype: Snelle scan
    Objecten gescand: 159993
    Verstreken tijd: 5 minuut/minuten, 43 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:12:25, on 4-5-2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19048)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Mouse Driver\StartAutorun.exe
    C:\Program Files\Toshiba TEMPRO\TemproTray.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe
    C:\Program Files\Mouse Driver\KMConfig.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Mouse Driver\KMProcess.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alawar.co.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
    O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
    O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
    uncleanupscript
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: AVG Security Toolbar Service - AVAST Software - (no file)
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Common Toolkit Tools - Unknown owner - C:\Program Files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe (file missing)
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c9f67b409fb1c7) (gupdate1c9f67b409fb1c7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe
    O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    End of file - 10809 bytes


    Heb trouwens geen Lavasoft AdAware kunnen vinden in Conf.scherm\progr.
    Welke malwareprogramma's raad jij aan om te gebruiken/verwijderen?
  • Hoi Eline, met Avast 6 heb je de nummer 1 van gratis antivirussoftware in je Windows.
    Verder heb je SAS al, daar mag je de aktieive onderdelen van uitschakelen, want ook Avast heeft een prima aktieve spywarescanner!

    Nu heb je ook MBAM.

    Indien je nu wekelijks zowel MBAM als SAS eerst update en dan beiden na elkaar een snelle scan laat doen - met dat voldoende zijn!

    En doe nog het volgende:

    [b:e291781a8d]Doe de ESET online scan (Klik).[/b:e291781a8d]
    [list:e291781a8d]
    [*:e291781a8d]Klik op de knop [b:e291781a8d]ESET Online Scanner[/b:e291781a8d]
    [*:e291781a8d]Zet een vinkje bij [b:e291781a8d]YES, I accept the Terms of Use[/b:e291781a8d]
    [*:e291781a8d]Klik op [b:e291781a8d]Start[/b:e291781a8d]
    [*:e291781a8d]Sta het ActiveX control toe om te installeren.
    [*:e291781a8d]Klik op [b:e291781a8d]"Advanced settings"[/b:e291781a8d]
    [*:e291781a8d]Zet een vinkje bij de volgende opties:
    [list:e291781a8d][*:e291781a8d][b:e291781a8d]Remove found threats[/b:e291781a8d]
    [*:e291781a8d][b:e291781a8d]Scan archives[/b:e291781a8d]
    [*:e291781a8d][b:e291781a8d]Scan for potentially unwanted applications[/b:e291781a8d]
    [*:e291781a8d][b:e291781a8d]Scan for potentially unsafe applications[/b:e291781a8d]
    [*:e291781a8d][b:e291781a8d]Enable Anti-Stealth technology [/b:e291781a8d][/list:u:e291781a8d]
    [*:e291781a8d]Klik op [b:e291781a8d]Start[/b:e291781a8d]
    [*:e291781a8d]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
    [*:e291781a8d]Je mag het venster sluiten wanneer de scan klaar is.
    [*:e291781a8d]Gebruik [b:e291781a8d]Kladblok[/b:e291781a8d] om het logje te openen. Dit logje vind je in de lokatie C:\Program Files\EsetOnlineScanner\[b:e291781a8d]log.txt[/b:e291781a8d]
    [*:e291781a8d]Kopieer en plak de inhoud van dit logje in je volgende bericht.[/list:u:e291781a8d]
    N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!

    Tip: deze onlinescan kan je desnoods één keer per maand of per twee maanden als extra scan uitvoeren!
  • Zo, dàt duurde lang!

    ESETSmartInstaller@High as downloader log:
    all ok
    ESETSmartInstaller@High as downloader log:
    Can not read file from internet.ESETSmartInstaller@High as downloader log:
    all ok
    ESETSmartInstaller@High as downloader log:
    all ok
    esets_scanner_update returned -1 esets_gle=1
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6427
    # api_version=3.0.2
    # EOSSerial=bd78859cd2322544b96becdbc1bc2041
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-05-04 09:38:37
    # local_time=2011-05-04 11:38:37 (+0100, West-Europa (zomertijd))
    # country="Netherlands"
    # lang=1043
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=512 16777215 100 0 72364 72364 0 0
    # compatibility_mode=5892 16776637 100 100 79444 142055784 0 0
    # compatibility_mode=8192 67108863 100 0 11274 11274 0 0
    # scanned=188161
    # found=18
    # cleaned=18
    # scan_time=22061
    C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C
    C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C
    C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C
    C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C
    C:\Program Files\Uniblue\RegistryBooster\rb_track_install.exe Win32/RegistryBooster programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C
    C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C
    C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe Win32/SpeedUpMyPC programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C
    C:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C
    C:\Program Files\Uniblue\SpeedUpMyPC\sp_track_install.exe Win32/SpeedUpMyPC programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C
    C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C
    C:\Users\Annelie\AppData\Local\VirtualStore\Program Files\Loaris\Trojan Remover\ltr.exe.Original een variant van Win32/1AntiVirus programma (opgeschoond door te verwijderen - in quarantaine geplaatst) 00000000000000000000000000000000 C
    C:\Users\Annelie\AppData\Roaming\OpenCandy\OpenCandy_CFF0AF8B013D4EFA8048DB6C344AD805\registrybooster11.exe een variant van Win32/RegistryBooster programma (verwijderd - in quarantaine geplaatst) 00000000000000000000000000000000 C
    C:\Users\Annelie\AppData\Roaming\OpenCandy\OpenCandy_CFF0AF8B013D4EFA8048DB6C344AD805\registrybooster11Wrapped.exe een variant van Win32/RegistryBooster programma (verwijderd - in quarantaine geplaatst) 00000000000000000000000000000000 C
    C:\Users\Annelie\AppData\Roaming\Uniblue\PowerSuite\_temp\ub.exe meerdere bedreigingen (verwijderd - in quarantaine geplaatst) 00000000000000000000000000000000 C
    C:\Users\Annelie\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe Win32/RegistryBooster programma (verwijderd - in quarantaine geplaatst) 00000000000000000000000000000000 C
    C:\Users\Annelie\Downloads\registrybooster.exe een variant van Win32/RegistryBooster programma (verwijderd - in quarantaine geplaatst) 00000000000000000000000000000000 C
    C:\Users\Annelie\Downloads\speedupmypc.exe Win32/SpeedUpMyPC programma (verwijderd - in quarantaine geplaatst) 00000000000000000000000000000000 C
    E:\bestanden sims 3\The Sims 3\The Sims 3 - Razor1911\The Sims 3 - Razor1911.iso waarschijnlijk een variant van Win32/Hupigon.CJKIBCX trojaans paard (verwijderd - in quarantaine geplaatst) 00000000000000000000000000000000 C
  • Hoi Eline, even iets over registry tools.

    Het registry tool dat jouw register onder handen neemt en daardoor Windows sneller maakt {b]moet nog steeds uitgevonden worden!

    Het problem is altijd wel dat registertools het Windows register te veel opschonen, waardoor Windows beschadigd raakt.
    Niet gebruiken dus.
    Alle NTFS-versies van Windows laden enkel de benodigde DLL's uit het register!

    Post maar een nieuw HijackThis-log!
  • Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:05:16, on 5-5-2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19048)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Mouse Driver\StartAutorun.exe
    C:\Program Files\Toshiba TEMPRO\TemproTray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Mouse Driver\KMConfig.exe
    C:\Program Files\Mouse Driver\KMProcess.exe
    C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alawar.co.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
    O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
    O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
    uncleanupscript
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Annelie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: AVG Security Toolbar Service - AVAST Software - (no file)
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Common Toolkit Tools - Unknown owner - C:\Program Files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe (file missing)
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c9f67b409fb1c7) (gupdate1c9f67b409fb1c7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe
    O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Users\Annelie\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    End of file - 10296 bytes
  • Hoi Eline, dat ziet er goed hoor.

    Doe het volgende: een Uninstall-lijst posten:
    [list:791bb556e2][*:791bb556e2] start HijackThis,
    [*:791bb556e2] klik op de knop Open the Misc Tools section,
    [*:791bb556e2] klik op de knop Open Uninstall Manager,
    [*:791bb556e2] Klik op de knop Save.[/list:u:791bb556e2]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.