Vraag & Antwoord

Beveiliging & privacy

Wie wil m'n Hijackthis log checken ivm performance?

8 antwoorden
  • M'n PC heeft last van performance problemen. CPU is druk bezet. Heb Iobit Malware laten draaien evenals CCleaner en FixRegCleaner. Schijfdefrag uitgevoerd. Daarna dit Hijackthis uitgevoerd. Iemand nog verbetersuggesties? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:46:26, on 13-7-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\windows\system32\svchost.exe C:\windows\Explorer.EXE C:\windows\system32\spoolsv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\windows\RTHDCPL.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Fighters\SPAMfighter\sfagent.exe C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe C:\Program Files\Fighters\Tray\FightersTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe C:\windows\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\vd Wiel\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe C:\Program Files\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe C:\windows\System32\snmp.exe C:\Program Files\Fighters\SPAMfighter\sfus.exe C:\windows\system32\svchost.exe C:\Program Files\Fighters\FighterSuiteService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\mmc.exe C:\windows\system32\DfrgNtfs.exe C:\Documents and Settings\vd Wiel\Mijn documenten\Downloads\HijackThis.exe C:\Program Files\IObit\Advanced SystemCare 5\ASC.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=1414028700000000000000138ff92eb1&tlver=1.4.19.19&affID=19405 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\IPS\IPSBHO.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Philips Device Listener] "C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/nl.special-uninstallation-feedback-app?lic=QU1VQUItWTJFUUgtQVhGTUgtUUdIUkEtOUFMWFItQw"&"inst=NzYtNzE2MDEwODIzLVFJWDErNC1YMjAxMCsyLUNJQTEwKzItU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1DSVArMi1ERFQrOTQ2Mi1ERDEwKzEtU1QxMEFQUCsxLVAxME0xMkMrMS1VMTArMS1UQk4rMS1GVUkrMg"&"prod=92"&"ver=10.0.1424 O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vd Wiel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized O4 - HKCU\..\Run: [sbitunesagent] C:\Program Files\Philips\Philips Songbird\songbirditunesagent.exe O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ? O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.planet.nl O15 - Trusted Zone: http://*.mcafee.com (HKLM) O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM) O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM) O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM) O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM) O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM) O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM) O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM) O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200501299765 O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} - http://www.pixum.de/int/EasyUpload/ImgUploader.cab O16 - DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - http://www.nero.com/doc/NeroVersionChecker.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\SPAMfighter\sfus.exe O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe -- End of file - 16822 bytes [color=darkblue:c60070cd3b][/color:c60070cd3b]
  • Hallo PSL, je schrijft "Heb Iobit Malware laten draaien evenals CCleaner en FixRegCleaner". Heeft dat FixRegCleaner ook back-ups gemaakt van hetgeen het tool heeft verwijderd? Indien ja - dan de back-ups terugzetten. Want dit tool is volledig onbetrouwbaar en Iobit Malware vindt nog niet ééns 0,1% van wat MBAM vindt! Een waardeloos tool dus. Advies: Iobit Malware en FixRegCleaner verwijderen en nooit meer gebruiken. Het gebruik va registercleaners is af te raden. Je houdt er eerder een langzamer Windows door. Verwijder ook Advanced SystemCare 5; dit tool dat ontstaan is door leentjebuur te spelen bij westerse softwaremakers, conflicteert met vrijwel elke antivirussoftware. Dus dat kan ook een verklaring zijn voor de hoge CPU-last! N.B. Iobit is Chinees. We gaan meteen een diepe scan doen: [b:bf3c6cd969]Welk programma[/b:bf3c6cd969]: [color=#008000:bf3c6cd969][b:bf3c6cd969]ComboFix[/b:bf3c6cd969][/color:bf3c6cd969] [b:bf3c6cd969]Waarvoor/waarom[/b:bf3c6cd969]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:bf3c6cd969]Moeilijkheidsgraad[/b:bf3c6cd969]: Lees alles eerst goed vanwege de voorbereidingsfase. [b:bf3c6cd969]Downloadlokatie[/b:bf3c6cd969]: Dit programma absoluut naar het bureaublad downloaden! [b:bf3c6cd969]Download ComboFix via één van deze locaties[/b:bf3c6cd969]: [list:bf3c6cd969][*:bf3c6cd969][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:bf3c6cd969]Bleepingcomputer[/b:bf3c6cd969][/url] [*:bf3c6cd969][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:bf3c6cd969]ForoSpyware[/b:bf3c6cd969][/url] [*:bf3c6cd969][url=http://subs.geekstogo.com/ComboFix.exe][b:bf3c6cd969]Geekstogo[/b:bf3c6cd969][/url][/list:u:bf3c6cd969] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:bf3c6cd969]Hier[/b:bf3c6cd969][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:bf3c6cd969][color=#0000FF:bf3c6cd969]Hier[/color:bf3c6cd969][/b:bf3c6cd969][/url] of [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][color=#0000FF:bf3c6cd969][b:bf3c6cd969]hier[/b:bf3c6cd969][/color:bf3c6cd969][/url] kan je lezen hoe je dat doet. [b:bf3c6cd969]Opmerkingen[/b:bf3c6cd969]: [list:bf3c6cd969][*:bf3c6cd969][b:bf3c6cd969]Voor alle duidelijkheid nogmaals[/b:bf3c6cd969]: ComboFix dient vanaf het bureaublad gestart te worden. [*:bf3c6cd969] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:bf3c6cd969]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:bf3c6cd969]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:bf3c6cd969] [b:bf3c6cd969]ComboFix is opgestart[/b:bf3c6cd969]: [list:bf3c6cd969][*:bf3c6cd969]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:bf3c6cd969]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:bf3c6cd969]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:bf3c6cd969]Wanneer ComboFix gereed is, zal het een logbestand voor je maken. [*:bf3c6cd969]Post de inhoud van dit logbestand in je volgende bericht. [*:bf3c6cd969]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:bf3c6cd969] [b:bf3c6cd969]Belangrijke opmerking[/b:bf3c6cd969]: [list:bf3c6cd969][*:bf3c6cd969][b:bf3c6cd969][color=#0000FF:bf3c6cd969]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:bf3c6cd969][/b:bf3c6cd969] [*:bf3c6cd969][b:bf3c6cd969][color=#FF0000:bf3c6cd969]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:bf3c6cd969][/b:bf3c6cd969] [*:bf3c6cd969][b:bf3c6cd969][color=#008000:bf3c6cd969]Start dan de computer opnieuw op.[/color:bf3c6cd969][/b:bf3c6cd969][/list:u:bf3c6cd969]
  • Dank voor jouw reactie. Ik ga er deze week mee aan de slag. Waarschijnlijk vrijdag a.s. Eerder heb ik geen tijd. Dan laat ik de resultaten weten.
  • Prima hoor, ik wacht je volgende bericht gewoon af.
  • Voila: ComboFix 12-07-18.04 - vd Wiel 18-07-2012 20:24:41.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1015.302 [GMT 2:00] Gestart vanuit: c:\documents and settings\vd Wiel\Mijn documenten\Downloads\ComboFix.exe AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} . WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\A99CD94C80.sys c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\vd Wiel\Mijn documenten\~WRL1122.tmp c:\documents and settings\vd Wiel\Mijn documenten\~WRL2166.tmp c:\documents and settings\vd Wiel\Mijn documenten\~WRL3923.tmp c:\documents and settings\vd Wiel\WINDOWS c:\windows\IsUn0413.exe c:\windows\system32\SET151.tmp c:\windows\system32\SET15D.tmp c:\windows\system32\SET4D.tmp c:\windows\system32\SET57.tmp c:\windows\system32\SET72.tmp c:\windows\system32\SET74.tmp c:\windows\system32\SET82.tmp c:\windows\system32\SETA4.tmp c:\windows\system32\Thumbs.db c:\windows\unin0413.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))) . . 2012-07-13 14:11 . 2012-07-13 14:11 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit 2012-07-13 08:45 . 2012-07-15 20:39 -------- d--h--r- c:\documents and settings\vd Wiel\Onlangs geopend 2012-07-13 08:31 . 2012-07-13 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2012-07-13 08:30 . 2012-07-13 08:31 -------- d-----w- c:\documents and settings\vd Wiel\Application Data\IObit 2012-07-13 08:30 . 2012-07-13 08:30 -------- d-----w- c:\program files\IObit 2012-07-13 08:29 . 2012-07-13 08:30 -------- d-----w- c:\program files\CCleaner 2012-07-08 09:17 . 2012-07-08 09:17 -------- d-----w- c:\documents and settings\vd Wiel\Application Data\Philips 2012-07-08 08:35 . 2012-07-12 07:40 -------- d-----w- c:\documents and settings\vd Wiel\Application Data\Philips-Songbird 2012-07-08 08:35 . 2012-07-08 08:36 -------- d-----w- c:\documents and settings\vd Wiel\Local Settings\Application Data\Philips-Songbird 2012-07-08 08:34 . 2011-01-25 08:48 11264 ----a-w- c:\windows\system32\rockusbCoInstaller.dll 2012-07-08 08:34 . 2012-07-08 08:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{F0489EF2-D393-4114-85BA-A94D71D89543} 2012-07-08 08:33 . 2012-07-08 08:34 -------- d-----w- c:\program files\Philips 2012-06-24 07:41 . 2012-06-24 07:41 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-22 15:59 . 2012-06-22 15:59 -------- d-----w- c:\program files\iPod 2012-06-22 15:59 . 2012-06-22 16:00 -------- d-----w- c:\program files\iTunes . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 07:42 . 2012-04-02 06:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-12 07:42 . 2011-05-18 07:54 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-24 07:41 . 2007-11-19 13:35 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-24 07:41 . 2010-04-21 07:49 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-13 13:55 . 2006-03-02 12:00 1866240 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:49 . 2007-05-15 13:43 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2007-06-21 12:04 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2007-03-24 11:01 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2007-03-24 11:01 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2007-03-24 11:01 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2007-03-24 11:01 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2007-03-24 11:01 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2005-05-26 03:16 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2007-06-21 12:04 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2007-06-21 12:04 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2007-03-24 11:01 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2007-06-21 12:04 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2007-03-24 11:01 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2008-01-17 08:11 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2008-01-17 08:11 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2007-07-30 18:18 214256 ----a-w- c:\windows\system32\muweb.dll 2012-05-31 13:22 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:44 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 03:15 . 2006-03-02 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14 . 2004-08-04 00:58 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47 . 2007-03-24 11:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-03 68856] "Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-05-23 1466760] "sbitunesagent"="c:\program files\Philips\Philips Songbird\songbirditunesagent.exe" [2012-07-10 266240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-25 1397760] "sfagent"="c:\program files\Fighters\SPAMfighter\sfagent.exe" [2012-02-02 1197704] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240] "BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-05-23 1466760] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "CommonToolkitTray"="c:\program files\Fighters\Tray\FightersTray.exe" [2012-02-02 1453704] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2012-07-10 380416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/nl.special-uninstallation-feedback-app?lic=QU1VQUItWTJFUUgtQVhGTUgtUUdIUkEtOUFMWFItQw&inst=NzYtNzE2MDEwODIzLVFJWDErNC1YMjAxMCsyLUNJQTEwKzItU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1DSVArMi1ERFQrOTQ2Mi1ERDEwKzEtU1QxMEFQUCsxLVAxME0xMkMrMS1VMTArMS1UQk4rMS1GVUkrMg&prod=92&ver=10.0.1424" [?] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ ImageMixer for HDD Camcorder.lnk - c:\program files\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe [2007-4-7 1871872] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\vd Wiel\\temp\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1307010.005\symds.sys [28-5-2012 11:15 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1307010.005\symefa.sys [28-5-2012 11:15 905336] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [12-7-2012 12:50 821920] R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1307010.005\ccsetx86.sys [28-5-2012 11:15 132744] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [25-4-2011 1:49 65584] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1307010.005\ironx86.sys [28-5-2012 11:15 149624] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15-6-2011 17:33 249648] R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.7.1.5\ccsvchst.exe [28-5-2012 11:15 138232] R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\SPAMfighter\sfus.exe [2-2-2012 17:07 215688] R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [23-1-2012 14:40 1324680] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [31-5-2012 8:46 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120717.003\IDSXpx86.sys [18-7-2012 9:27 369632] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7-1-2010 9:56 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2-4-2012 8:45 250056] S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7-7-2011 19:31 195336] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [14-11-2010 15:02 36608] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-1-2010 9:56 135664] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [30-3-2010 19:50 160256] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 07:42] . 2012-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57] . 2012-07-17 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-25 13:34] . 2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 07:56] . 2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 07:56] . 2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-57989841-839522115-1004Core.job - c:\documents and settings\vd Wiel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-21 08:11] . 2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-57989841-839522115-1004UA.job - c:\documents and settings\vd Wiel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-21 08:11] . 2012-07-18 c:\windows\Tasks\User_Feed_Synchronization-{28C2891D-CA27-4A30-AF3A-2313E2423CBF}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ig uInternet Settings,ProxyOverride = *.local IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html Trusted Zone: microsoft.com\office Trusted Zone: planet.nl\www Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: DhcpNameServer = 88.159.1.200 88.159.1.201 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} - hxxp://www.pixum.de/int/EasyUpload/ImgUploader.cab DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE AddRemove-Easy-WebPrint - c:\windows\IsUn0413.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-18 20:34 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll\" /prefetch:1" . Voltooingstijd: 2012-07-18 20:38:10 ComboFix-quarantined-files.txt 2012-07-18 18:38 . Pre-Run: 38.939.303.936 bytes beschikbaar Post-Run: 39.131.312.128 bytes beschikbaar . - - End Of File - - BF1F15665FFBDA0991950ACF8612A376
  • Hoe zit het nu met de Iobit programma's? Indien jij ze via de officiële weg hebt verwijderd is er nog veel achtergebleven. En controleer ook onderstaande lijst, of dat wel allemaal klopt, wat betreft als veilig bestemde websites: Trusted Zone: microsoft.com\office Trusted Zone: planet.nl\www Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www
  • Iobit: heb ik inmiddels weggehaald. MCAffee heb ik inmiddels ook weggehaald, immers er zit Norton op. Waar kan ik de trusted zone links beheren?
  • Configuratiescherm/Internetopties. [b:cc00d37f81]Welk programma[/b:cc00d37f81]: [color=#008000:cc00d37f81][b:cc00d37f81]Emsisoft Emergency Kit 1.0[/b:cc00d37f81][/color:cc00d37f81] [b:cc00d37f81]Waarvoor/waarom[/b:cc00d37f81]: Detecteert en verwijdert malware [b:cc00d37f81]Moeilijkheidsgraad[/b:cc00d37f81]: geen. Download: [b:cc00d37f81][url=http://download11.emsisoft.com/EmsisoftEmergencyKit.zip][color=#FF0000:cc00d37f81]Emsisoft Emergency Kit[/color:cc00d37f81][/url][/b:cc00d37f81] [b:cc00d37f81]Opmerkingen[/b:cc00d37f81]:[list:cc00d37f81][*:cc00d37f81]de download is gecomprimeerd, pak EmsisoftEmergencyKit.zip uit en plaats de nieuwe map op het bureaublad. [*:cc00d37f81]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:cc00d37f81] [b:cc00d37f81]Emsisoft Emergency Kit opstarten[/b:cc00d37f81] door de map "[b:cc00d37f81]EmsisoftEmergencyKit[/b:cc00d37f81]" te openen [list:cc00d37f81][list:cc00d37f81][*:cc00d37f81][b:cc00d37f81][color=#0000FF:cc00d37f81]Windows 2000[/color:cc00d37f81][/b:cc00d37f81] en [color=#0000FF:cc00d37f81][b:cc00d37f81]Windows XP[/b:cc00d37f81][/color:cc00d37f81]: dubbelklik op "Start.exe". [*:cc00d37f81][color=#0000FF:cc00d37f81][b:cc00d37f81]Windows Vista[/b:cc00d37f81][/color:cc00d37f81] en [color=#0000FF:cc00d37f81][b:cc00d37f81]Windows 7[/b:cc00d37f81][/color:cc00d37f81]: via rechtsklik op "Start.exe" en kies voor "Als Administrator uitvoeren".[/list:u:cc00d37f81][/list:u:cc00d37f81] [b:cc00d37f81]Scannen[/b:cc00d37f81]: [list:cc00d37f81][*:cc00d37f81] Klik nu in het keuzescherm op "[b:cc00d37f81]Emergency Kit Scanner[/b:cc00d37f81]" en aansluitend komt dan de melding, dat het is aanbevolen om eerst te updaten. [img:cc00d37f81]http://www.imgdumper.nl/uploads5/4f8d1a3bd534a/4f8d1a3bd3fbd-EmsisoftEK11.jpg[/img:cc00d37f81] [*:cc00d37f81]Doe dit dan ook door te klikken op "[b:cc00d37f81]Ja[/b:cc00d37f81]" [*:cc00d37f81]Wanneer het updaten gereed is volgt de melding "[b:cc00d37f81]Update proces is succesvol afgerond[/b:cc00d37f81]" [*:cc00d37f81]Klik nu op"[b:cc00d37f81]Menu[/b:cc00d37f81]" en dan op "[b:cc00d37f81]Scan PC[/b:cc00d37f81]" [*:cc00d37f81] Selecteer de optie "[b:cc00d37f81]Diep[/b:cc00d37f81]" als deze niet standaard al zo is ingesteld. [*:cc00d37f81] Klik aansluitend op de knop "[b:cc00d37f81]Scan[/b:cc00d37f81]" [list:cc00d37f81][*:cc00d37f81]Wees geduldig en doe verder niets met de computer gedurende de scan, daar de scan geruime tijd kan duren.[/list:u:cc00d37f81] [*:cc00d37f81] Het venster met de waarschuwing over een verhoogd risico kan gesloten worden, wanneer de scan gereed is. [*:cc00d37f81] Zorg ervoor dat alle gevonden items zijn aangevinkt en klik dan op de knop "[b:cc00d37f81]Verwijder geselecteerde[/b:cc00d37f81]" - dan zal de volgende melding komen: [img:cc00d37f81]http://www.imgdumper.nl/uploads5/4f8d1a4d63784/4f8d1a4d61ffa-EmsisoftEK2.jpg[/img:cc00d37f81] [*:cc00d37f81]Klik aansluitend dus op "[b:cc00d37f81]Ja[/b:cc00d37f81]" [*:cc00d37f81] Wanneer het verwijderen klaar is, klik dan op de knop "[b:cc00d37f81]View report[/b:cc00d37f81]" en selecteer het tekstbestand van deze scan met de naam zoals: [b:cc00d37f81]a2scan_110730-111615.txt[/b:cc00d37f81] [*:cc00d37f81] Plaats de inhoud van dat LOG bestand straks in het nieuwe bericht.[/list:u:cc00d37f81] [color=#008000:cc00d37f81][b:cc00d37f81]Notabene:[/b:cc00d37f81][/color:cc00d37f81] Herstart nu de computer.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.