Windows explorer vreemd gedrag

[MODB]

Dit zijn de symptomen en ik heb geen enkel vermoeden hoe dit weg te krijgen :

- verwijderen van item op buroblad : gaat weg maar kader met verwijderen naar prullenbak blijft op het scherm en gaat niet weg. Enkel via taakbeheer 'taak beëindigen' Ik krijg dan foutboodschap "Windows explorer reageert niet en wordt afgesloten" "Probleemoplossing wordt gezocht" "explorer start opnieuw op" en dan is het kadertje pas weg.

- naam van een bestand in de verkenner gaat niet rechtstreeks. De verkenner blokkeert en moet afgesloten worden via taakbeheer. Bij opnieuw opstarten is naam wel gewijzigd.

- verwijderen bestand in verkenner gaat maar idem probleem als bij het eerste punt.

- Schermbeveiliging springt nooit op, ook niet als het telkens opnieuw wordt ingesteld.

- Nu start de computer al op direct met de melding van zo'n kadertje "annuleren" dat we enkel weg krijgen via taakbeheer.

Heb al verschillende scans gedaan, de dreigingen die hieruit komen zijn te verhelpen via een aantal updates maar de essentie van ons probleem wordt nooit aangepakt.

Hopelijk kan iemand ons hierbij helpen.

Groetjes en alvast bedankt
Michael.

[miekiemoes]

Zo te zien is je Explorer.exe constant aan het crashen..

Doe even het volgende..

* Download DDS en bewaar het op je bureaublad.
Schakel programma's uit die scripts blokkeren, zoals je Antivirus
Dubbelklik dds.scr om de tool te starten.
Daarna zal DDS.txt openen.
Klik Yes voor de Optional Scan. Dit zal het bestand Attach.txt maken.
Kopieer en plak beide logs in je volgende post Het is beter om hiervoor twee posts te maken aangezien beide logs niet in één post zullen passen.

[MODB]

(01-03-2011 16:09)miekiemoes schreef:  Zo te zien is je Explorer.exe constant aan het crashen..

Doe even het volgende..

* Download DDS en bewaar het op je bureaublad.
Schakel programma's uit die scripts blokkeren, zoals je Antivirus
Dubbelklik dds.scr om de tool te starten.
Daarna zal DDS.txt openen.
Klik Yes voor de Optional Scan. Dit zal het bestand Attach.txt maken.
Kopieer en plak beide logs in je volgende post Het is beter om hiervoor twee posts te maken aangezien beide logs niet in één post zullen passen.

[MODB]

(01-03-2011 16:09)miekiemoes schreef:  Zo te zien is je Explorer.exe constant aan het crashen..

Doe even het volgende..

* Download DDS en bewaar het op je bureaublad.
Schakel programma's uit die scripts blokkeren, zoals je Antivirus
Dubbelklik dds.scr om de tool te starten.
Daarna zal DDS.txt openen.
Klik Yes voor de Optional Scan. Dit zal het bestand Attach.txt maken.
Kopieer en plak beide logs in je volgende post Het is beter om hiervoor twee posts te maken aangezien beide logs niet in één post zullen passen.

[miekiemoes]

Hoi,

Je hebt twee keer mijn vorige post ge-quote. Plaats je bericht in het "snel reactie plaatsen" - veld onderaan, klik daarna op "reactie plaatsen" in plaats van de "reply knop"
Zo zal het wat makkelijker gaan...

[MODB]

ok nieuwe poging DDS.txt

DDS (Ver_10-12-12.02) - NTFSx86
Run by Michael at 17:08:40,32 on di 01/03/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3325.1810 [GMT 1:00]

AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Michael\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.nieuwsblad.be/index.html
uDefault_Page_URL = hxxp://www.aldi.com/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.aldi.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: BittorrentBar_NL Toolbar: {2d8d9acc-f6d7-4362-8876-a275ca929591} - c:\program files\bittorrentbar_nl\tbBit1.dll
mURLSearchHooks: BittorrentBar_NL Toolbar: {2d8d9acc-f6d7-4362-8876-a275ca929591} - c:\program files\bittorrentbar_nl\tbBit1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BittorrentBar_NL Toolbar: {2d8d9acc-f6d7-4362-8876-a275ca929591} - c:\program files\bittorrentbar_nl\tbBit1.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: BittorrentBar_NL Toolbar: {2d8d9acc-f6d7-4362-8876-a275ca929591} - c:\program files\bittorrentbar_nl\tbBit1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10m_ActiveX.exe -update activex
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe GE
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
mRun: [NPSStartup]
mRun: [beid] "c:\program files\belgium identity card\beid35gui.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [SymInstallStub] c:\windows\system32\macromed\shockwave 10\syminstallstub.exe /partnerid=adobe /productlist=nss /staging=false /debug /delay=5 /tasktries=2 /tasktries=1 /tasktries=1 /tasktries=1 /tasktries=1 /tasktries=1 /tasktries=1 /tasktries=1 /tasktries=1 /tasktries=1 /tasktries=1
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.extrafilm.be/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll

============= SERVICES / DRIVERS ===============

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-1-24 233472]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-1-24 36608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2008-10-13 645120]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2008-10-22 13976]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe --> c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [?]
S2 AVP;Kaspersky Anti-Virus-service;c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe -r --> c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe -r [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe --> c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-11-30 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NxpCap;CTX capture service;c:\windows\system32\drivers\NxpCap.sys [2008-10-21 1332576]
S3 SMA_USBBus;SMA USB Serial Converter;c:\windows\system32\drivers\FTD2XX.sys [2010-2-17 29292]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-1-24 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-1-24 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-1-24 121856]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-03-01 06:06:30 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{87f740e2-b177-47b1-8910-ee6e768b93e3}\mpengine.dll
2011-02-27 18:13:02 -------- d-----w- c:\program files\NortonInstaller
2011-02-26 17:52:05 -------- d-----w- c:\progra~2\Symantec
2011-02-26 17:52:05 -------- d-----w- c:\progra~2\Norton
2011-02-26 17:52:04 -------- d-----w- c:\progra~2\NortonInstaller
2011-02-06 13:25:42 -------- d-----w- c:\users\michael\appdata\roaming\AVS4YOU
2011-02-06 13:25:42 -------- d-----w- c:\progra~2\AVS4YOU
2011-02-06 13:24:15 -------- d-----w- c:\program files\common files\AVSMedia
2011-02-06 13:23:44 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-02-06 13:23:44 -------- d-----w- c:\program files\AVS4YOU

==================== Find3M ====================

2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-27 16:57:21 894616 ----a-w- c:\windows\dbplugin.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe

============= FINISH: 17:09:01,03 ===============

[MODB]

en hierbij de attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 30/11/2008 13:30:34
System Uptime: 1/03/2011 16:02:54 (1 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7502
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz | Socket 775 | 2331/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 901 GiB total, 358,251 GiB free.
D: is FIXED (FAT32) - 30 GiB total, 19,695 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0005
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0005
Service: tunnel

==== System Restore Points ===================

RP799: 10/02/2011 6:44:09 - Windows Update
RP800: 11/02/2011 7:10:42 - Windows Update
RP801: 16/02/2011 6:44:35 - Windows Update
RP802: 18/02/2011 6:39:50 - Windows Update
RP803: 22/02/2011 6:47:25 - Windows Update
RP804: 24/02/2011 7:27:29 - Installed Java™ 6 Update 24
RP805: 24/02/2011 15:17:39 - Windows Update
RP806: 25/02/2011 6:55:32 - Windows Update
RP807: 1/03/2011 7:05:48 - Windows Update

==== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2 - Nederlands
Adobe Shockwave Player 11.5
AJCompressCopy
Ask Toolbar
Audacity 1.2.6
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Recorder 2.4
AVS Video ReMaker 4.0.2.126
AVS4YOU Software Navigator 1.4
Belgium e-ID middleware 3.5.3 (build 6295)
BitTorrent
BittorrentBar_NL Toolbar
Compatibiliteitspakket voor het 2007 Microsoft Office system
Conduit Engine
Corel MediaOne
CorelDRAW Essential Edition 3
CyberLink MediaShow
CyberLink PhotoNow
CyberLink PowerDirector
CyberLink PowerDVD
CyberLink PowerProducer
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
Intel® Network Connections 13.2.8.0
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java DB 10.5.3.0
Java™ 6 Update 20
Java™ 6 Update 24
Java™ 6 Update 7
Java™ SE Development Kit 6 Update 18
Java™ SE Development Kit 6 Update 22
Kaspersky Anti-Virus 2011
LADSPA_plugins-win-0.4.15
LAME v3.98.2 for Audacity
McAfee Security Scan Plus
MCE Software Encoder 1.1
Microsoft .NET Framework 3.5 Language Pack SP1 - nld
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office PowerPoint Viewer 2007 (Dutch)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
NL
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX v8.09.19
Off-linediensten van Home'Bank
Off-linediensten van Home'Bank 4.53
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
PC Connectivity Solution
Picasa 2
PVSonyDll
Ralink RT2870 Wireless LAN Card
Realtek High Definition Audio Driver
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
SMA USB Bus Direct Driver
Spelling Dictionaries Support For Adobe Reader 9
Sunny Data Control
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
Timez Attack
TomTom HOME 2.7.5.2014
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Manager
VCRedistSetup
Windows-stuurprogrammapakket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows 7 Upgrade Advisor
WinRAR
X10 Hardware™

==== End Of File ===========================

[miekiemoes]

Hoi,

Eerst en vooral, deïnstalleer volgende programma's:

Ask Toolbar
BittorrentBar_NL Toolbar
Conduit Engine

Want deze zijn niet aangeraden.
Herstart daarna je pc.

Daarna, deïnstalleer je Kaspersky, want zo te zien is deze niet correct geïnstalleerd en kan daardoor wel problemen veroorzaken.
Installeer deze nog niet opnieuw, want ik wil eerst nagaan hoe alles werkt zonder Kaspersky momenteel.

Na het deïnstalleren van bovenstaande, herstart de pc opnieuw op en plaats een HijackThis log in plaats, want via HijackThis kunnen we register restanten makkelijker verwijderen.


Trouwens, kan je dit in je log verklaren?

2011-02-27 18:13:02 -------- d-----w- c:\program files\NortonInstaller
2011-02-26 17:52:05 -------- d-----w- c:\progra~2\Symantec
2011-02-26 17:52:05 -------- d-----w- c:\progra~2\Norton
2011-02-26 17:52:04 -------- d-----w- c:\progra~2\NortonInstaller

Blijkbaar werd Norton tussendoor ook geïnstalleerd, doch zie ik deze niet actief in je log, dus ik veronderstel dat dit al terug gedeïnstalleerd werd? Installeer nooit meer dan 1 Antivirus, want zo veroorzaak je zowiezo problemen.

Sinds wanneer is het probleem precies ontstaan?

[MODB]

Ik heb het bovenstaande gedaan. Enkel de ASK TOOLBAR vind ik niet om te deinstalleren.
De Hijack is aan het lopen, maar ik zie niets hiervan waarschijnloijk loopt die op de achtergrond.
Dat van dit Norton, probeer ik altijd te vermijden maar die wordt automatisch gïnstalleerd met de updates van adobe.
Het probleem hebben we eigenlijk al verschillende maanden. Dat de schermbeveiliging niet opspringt vonden we niet erg, maar nu laatste twee maand dat van die internet explorer werd altijd maar vervelender.

[miekiemoes]

Hmm, HijackThis draait niet echt op de achtergrond hoor. Hoogstwaarschijnlijk heb je iets verkeerds gebruikt.

* Download HijackThis: http://free.antivirus.com/hijackthis/ en installeer het.
Standaard zal HijackThis in de Program Files\Trendmicro map geînstalleerd worden en een snelkoppeling zal op je bureaublad komen te staan.
HijackThis zal openen na het installeren.
Klik de Scan knop onderaan.
Dit zal de scan starten en een log openen.
Kopieer en plak deze log in je volgende post.


Heb je inmiddels ook Kaspersky verwijderd?

[MODB]

Ben het net aan het downloaden
Kaspersky heb ik ook verwijderd. en daarna de computer opgestart.
Heb net hijack geinstalleerd via uw link en alles gedaan zoals gezegd maar ik zie niets van een geopend programma. In taakbeheer zie ik hem wel bij processen staan.
eigenaardig
Ik ga nu de computer terug opstarten en ben dierct terug op het forum.

[MODB]

Ik kan geen scan uitvoeren met hijack.
start het programma op maar ik zie neits verschijnen.
Moet nu de pc afsluiten wegens andere verplichtingen alvast bedankt en tot later.

[miekiemoes]

Vreemd..

Doe even iets anders in plaats..

* Bezoek volgende pagina met de instructies voor het downloaden en gebruiken van Combofix.

http://www.bleepingcomputer.com/combofix...-te-worden

Daarna post je de log van Combofix in je volgende post.

Extra nota... Zorg ervoor dat je Security software uitschakeld is (Antivirus, Firewall, AntiSpyware) tijdens het gebruik van Combofix. Dit omdat deze scanners bepaalde componenten die Combofix gebruikt onterecht zullen zien als geïnfecteerd (bijvoorbeeld Prep.com) en Combofix zullen blokkeren.Klik deze link indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

[MODB]

Hey die combofix is gelukt hierbij het log.

ComboFix 11-03-02.05 - Michael 03/03/2011 14:47:56.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3325.2333 [GMT 1:00]
Gestart vanuit: c:\users\Michael\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((( Bestanden Gemaakt van 2011-02-03 to 2011-03-03 ))))))))))))))))))))))))))))))
.

2011-03-03 13:53 . 2011-03-03 13:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-03 12:13 . 2011-03-03 12:13 388096 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-03 12:13 . 2011-03-03 12:13 -------- d-----w- c:\program files\Trend Micro
2011-03-01 19:55 . 2011-03-01 19:55 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-03-01 19:55 . 2011-03-01 19:55 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2011-03-01 19:53 . 2011-03-01 19:53 -------- d-----w- c:\program files\Kaspersky Lab
2011-02-27 18:13 . 2011-02-27 18:13 -------- d-----w- c:\program files\NortonInstaller
2011-02-06 13:25 . 2011-02-06 13:25 -------- d-----w- c:\users\Michael\AppData\Roaming\AVS4YOU
2011-02-06 13:24 . 2011-02-06 13:25 -------- d-----w- c:\program files\Common Files\AVSMedia
2011-02-06 13:23 . 2011-02-06 13:25 -------- d-----w- c:\program files\AVS4YOU
2011-02-06 13:23 . 2010-08-11 12:06 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 20:40 . 2010-05-27 10:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-03 10:03 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-27 16:57 . 2011-01-27 16:57 894616 ----a-w- c:\windows\dbplugin.exe
2010-12-28 15:55 . 2011-01-12 05:53 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 05:53 1169408 ----a-w- c:\windows\system32\sdclt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-30 39408]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2009-03-25 1840424]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 6281760]
"Skytel"="Skytel.exe" [2008-09-09 1833504]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-31 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-10-14 20480]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-05-31 2060288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-11-02 365336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymInstallStub"="c:\windows\System32\Macromed\Shockwave 10\syminstallstub.exe" [2011-02-26 292216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-31 30192]
R3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [2008-09-25 1332576]
R3 SMA_USBBus;SMA USB Serial Converter;c:\windows\system32\DRIVERS\FTD2XX.sys [2004-10-15 29292]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-08-21 645120]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map

2011-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 06:17]

2011-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 06:17]

2011-03-03 c:\windows\Tasks\User_Feed_Synchronization-{8185107D-8E80-4CA7-BAAB-B3D491F145A3}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nieuwsblad.be/index.html
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
.
- - - - ORPHANS VERWIJDERD - - - -

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
URLSearchHooks-{2d8d9acc-f6d7-4362-8876-a275ca929591} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file)
HKLM-Run-NPSStartup - (no file)
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-03 15:00
Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


c:\users\Michael\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan succesvol afgerond
verborgen bestanden: 1

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2011-03-03 15:07:29
ComboFix-quarantined-files.txt 2011-03-03 14:07

Pre-Run: 363.699.093.504 bytes beschikbaar
Post-Run: 368.049.520.640 bytes beschikbaar

- - End Of File - - A70DC961FEE5D4369734402AE7BEDE10

[miekiemoes]

Hoi,

Ik zie Kaspersky nog steeds geïnstalleerd. Kan je deze even deïnstalleren zoals eerder gevraagd en daarna je pc opnieuw opstarten?

Alsook, zoek nog eens even om de Ask Toolbar te deïnstalleren, want deze moet ook in je lijst staan van programma's wijzigen/verwijderen hoor.

[MODB]

Ok heb Kaspersky gedeinstalleerd en hoop die ask toolbar te hebben verwijderd.
Hierbij nieuwe poging.
Het log :
ComboFix 11-03-02.05 - Michael 03/03/2011 16:58:33.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3325.2337 [GMT 1:00]
Gestart vanuit: c:\users\Michael\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((( Bestanden Gemaakt van 2011-02-03 to 2011-03-03 ))))))))))))))))))))))))))))))
.

2011-03-03 16:03 . 2011-03-03 16:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-03 12:13 . 2011-03-03 12:13 388096 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-03 12:13 . 2011-03-03 12:13 -------- d-----w- c:\program files\Trend Micro
2011-02-27 18:13 . 2011-02-27 18:13 -------- d-----w- c:\program files\NortonInstaller
2011-02-06 13:25 . 2011-02-06 13:25 -------- d-----w- c:\users\Michael\AppData\Roaming\AVS4YOU
2011-02-06 13:24 . 2011-02-06 13:25 -------- d-----w- c:\program files\Common Files\AVSMedia
2011-02-06 13:23 . 2011-02-06 13:25 -------- d-----w- c:\program files\AVS4YOU
2011-02-06 13:23 . 2010-08-11 12:06 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 20:40 . 2010-05-27 10:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-03 10:03 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-27 16:57 . 2011-01-27 16:57 894616 ----a-w- c:\windows\dbplugin.exe
2010-12-28 15:55 . 2011-01-12 05:53 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 05:53 1169408 ----a-w- c:\windows\system32\sdclt.exe
.

((((((((((((((((((((((((((((( SnapShot@2011-03-03_14.00.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2011-03-03 15:56 62382 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-30 12:42 . 2011-03-03 15:56 11784 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4208140175-554303096-695495240-1000_UserData.bin
- 2008-11-30 12:42 . 2011-03-03 13:42 11784 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4208140175-554303096-695495240-1000_UserData.bin
- 2008-11-30 12:36 . 2011-03-03 13:41 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-30 12:36 . 2011-03-03 14:51 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-30 12:36 . 2011-03-03 13:41 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-30 12:36 . 2011-03-03 14:51 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-30 12:36 . 2011-03-03 14:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d​at
- 2008-11-30 12:36 . 2011-03-03 13:41 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d​at
+ 2009-08-30 18:52 . 2011-03-03 15:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-30 18:52 . 2011-03-02 11:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-30 18:52 . 2011-03-03 15:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-30 18:52 . 2011-03-02 11:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-30 18:52 . 2011-03-02 11:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.​dat
+ 2009-08-30 18:52 . 2011-03-03 15:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.​dat
- 2009-11-18 10:00 . 2011-03-03 05:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-18 10:00 . 2011-03-03 15:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-18 10:00 . 2011-03-03 15:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.da​t
- 2009-11-18 10:00 . 2011-03-03 05:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.da​t
+ 2006-11-02 10:25 . 2011-03-03 15:38 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2011-03-01 19:54 51200 c:\windows\inf\infpub.dat
- 2011-03-03 13:40 . 2011-03-03 13:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-03 15:54 . 2011-03-03 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-03-03 13:40 . 2011-03-03 13:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-03 15:54 . 2011-03-03 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2011-03-03 15:56 109208 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2011-02-10 12:57 . 2011-03-03 13:39 344848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-10 12:57 . 2011-03-03 15:53 344848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2006-11-02 10:25 . 2011-03-01 19:54 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2011-03-03 15:38 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2011-03-01 19:54 143360 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2011-03-03 15:38 143360 c:\windows\inf\infstor.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-30 39408]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2009-03-25 1840424]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 6281760]
"Skytel"="Skytel.exe" [2008-09-09 1833504]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-31 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-10-14 20480]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-05-31 2060288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymInstallStub"="c:\windows\System32\Macromed\Shockwave 10\syminstallstub.exe" [2011-02-26 292216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-31 30192]
R3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [2008-09-25 1332576]
R3 SMA_USBBus;SMA USB Serial Converter;c:\windows\system32\DRIVERS\FTD2XX.sys [2004-10-15 29292]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-08-21 645120]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]


--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map

2011-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 06:17]

2011-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 06:17]

2011-03-03 c:\windows\Tasks\User_Feed_Synchronization-{8185107D-8E80-4CA7-BAAB-B3D491F145A3}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nieuwsblad.be/index.html
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
.
- - - - ORPHANS VERWIJDERD - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-03 17:03
Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2011-03-03 17:05:13
ComboFix-quarantined-files.txt 2011-03-03 16:05
ComboFix2.txt 2011-03-03 14:07

Pre-Run: 368.152.727.552 bytes beschikbaar
Post-Run: 368.120.131.584 bytes beschikbaar

- - End Of File - - F68129A17A2FBEA8DB2095812C39895E

[miekiemoes]

Zijn er nog steeds problemen nu, nadat je Kaspersky hebt gedeïnstalleerd?

[MODB]

Yep, problemen blijven, ik zie eigenlijk geen enkele verandering.
Strange

[miekiemoes]

Ok, dan moeten we verder zoeken. Inmiddels is de voornaamste potentiele oorzaak verwijderd (kaspersky). Deze kan je nadien terug installeren..
Deïnstalleer ook even Google desktop, want deze heeft ook een appinit_dll waarde geplaatst.
herstart daarna je pc.

Indien nog geen verandering, dan zullen we de shellextensies even bekijken nadien..

[MODB]

Neen geen enkele verbetering te zien.