Hi bacobat,

Je log is eigenlijk wel aardig schoon!

Hoe bedoel je dit? Wat is IBIS? Zoals ik al zei is je log best wel schoon. Het enige wat ik kan bedenken waarom je iets niet gedeïnstalleerd krijgt is de O6-lijn in je log...

Start HijackThis, klik op "Scan" and kruis de volgende onderdelen aan.
Er zitten beperkingen op het Configuratiescherm. Als jij of de systeembeheerder deze niet hebben opgegeven kruis dan het volgende onderdeel aan:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20a4e606...p/RdxIE601.cab

Sluit alle programma's, inclusief browsers, behalve HijackThis. Klik op "Fix checked". Herstart de computer en post een nieuwe log in deze thread.

Re: Ibis

Bobbi

Adaware scant IBIS Toobar, en deze krijg ik niet weg.
Wellicht niet schadelijk maar het komt iedere keer terug als ik scan.

Hieronder de log na verwijderen zoals aangegeven.

Logfile of HijackThis v1.99.0
Scan saved at 12:42:39, on 26-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\A!K Research Labs\NotesHolder\NotesHolder.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Ben Kerkhoff\Bureaublad\Spyware\hijackthis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ben Kerkhoff\Bureaublad\Spyware\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - Startup: NotesHolder.lnk = C:\Program Files\A!K Research Labs\NotesHolder\NotesHolder.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - http://www.gigex.com/tv/igor/gigexagent.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game13.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall Pro - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Alvast harstikke bedankt voor de tijd en moeite.

Baco

Hi bacobat,

Kan je een log plaatsen van AdAware? Je log is nl. schoon...

Re: IBIS toolbar

Bobbi,

Bij deze de log van adaware
Ik hoor het graag als je er meer van weet.


Ad-Aware SE Build 1.05
Logfile Created on:zondag 26 december 2004 21:26:51
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R22 13.12.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar(TAC index:5):4 total references
MRU List(TAC index:0):26 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


26-12-2004 21:26:51 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 484
ThreadCreationTime : 26-12-2004 11:22:01
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 548
ThreadCreationTime : 26-12-2004 11:22:05
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 576
ThreadCreationTime : 26-12-2004 11:22:06
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 620
ThreadCreationTime : 26-12-2004 11:22:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Services en controllertoepassingen
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 26-12-2004 11:22:07
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 792
ThreadCreationTime : 26-12-2004 11:22:09
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 844
ThreadCreationTime : 26-12-2004 11:22:09
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [smc.exe]
FilePath : C:\Program Files\Sygate\SPF\
ProcessID : 900
ThreadCreationTime : 26-12-2004 11:22:09
BasePriority : Normal
FileVersion : 5.5.00.2516
ProductVersion : 5.5.00.2516
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2003 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1024
ThreadCreationTime : 26-12-2004 11:22:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1092
ThreadCreationTime : 26-12-2004 11:22:13
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1180
ThreadCreationTime : 26-12-2004 11:22:15
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:12 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1204
ThreadCreationTime : 26-12-2004 11:22:15
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1356
ThreadCreationTime : 26-12-2004 11:22:16
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1604
ThreadCreationTime : 26-12-2004 11:22:19
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Verkenner
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : EXPLORER.EXE

#:15 [mmtask.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 1696
ThreadCreationTime : 26-12-2004 11:22:23
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
LegalCopyright : TODO: (c) <Company name>. All rights reserved.
OriginalFilename : mmtask.exe

#:16 [winpatrol.exe]
FilePath : C:\Program Files\BillP Studios\WinPatrol\
ProcessID : 1712
ThreadCreationTime : 26-12-2004 11:22:23
BasePriority : Normal
FileVersion : 8, 0, 1, 0
ProductVersion : 8.0.1.0
ProductName : WinPatrol Monitor
CompanyName : BillP Studios
FileDescription : WinPatrol System Monitor
InternalName : WinPatrol Monitor
LegalCopyright : Copyright © 1997- 2004 BillP Studios
OriginalFilename : Scotty
Comments : Let Scotty the Windows Watchdog patrol your system.

#:17 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1724
ThreadCreationTime : 26-12-2004 11:22:23
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:18 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1760
ThreadCreationTime : 26-12-2004 11:22:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Een DLL-bestand als toepassing starten
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : RUNDLL.EXE

#:19 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1768
ThreadCreationTime : 26-12-2004 11:22:23
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:20 [popups~1.exe]
FilePath : C:\PROGRA~1\PANICW~1\POP-UP~1\
ProcessID : 1792
ThreadCreationTime : 26-12-2004 11:22:24
BasePriority : Normal
FileVersion : 1, 60, 0, 1000
ProductVersion : 1, 0, 0, 1
ProductName : Pop-Up Stopper Professional
CompanyName : Panicware, Inc.
FileDescription : Pop-Up Stopper Professional
InternalName : Pop-Up Stopper Professional
LegalCopyright : Copyright (C) 2002-2003
OriginalFilename : PopUpStopperPro.exe

#:21 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1836
ThreadCreationTime : 26-12-2004 11:22:25
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe

#:22 [hpobnz08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1844
ThreadCreationTime : 26-12-2004 11:22:25
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBNZ08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOBNZ08.EXE
Comments : HP OfficeJet <Banzai> Series COM Device Objects

#:23 [notesholder.exe]
FilePath : C:\Program Files\A!K Research Labs\NotesHolder\
ProcessID : 1888
ThreadCreationTime : 26-12-2004 11:22:26
BasePriority : Normal
FileVersion : 1.32.0.73
ProductVersion : 1.0.0.0
ProductName : NotesHolder
CompanyName : A!K Research Labs
InternalName : 1.30

#:24 [hpoevm08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 492
ThreadCreationTime : 26-12-2004 11:22:33
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager

#:25 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1436
ThreadCreationTime : 26-12-2004 11:22:49
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:26 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1484
ThreadCreationTime : 26-12-2004 11:22:49
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:27 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1520
ThreadCreationTime : 26-12-2004 11:22:50
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:28 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1532
ThreadCreationTime : 26-12-2004 11:22:50
BasePriority : Normal
FileVersion : 6.14.10.6693
ProductVersion : 6.14.10.6693
ProductName : NVIDIA Driver Helper Service, Version 66.93
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 66.93
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:29 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1916
ThreadCreationTime : 26-12-2004 11:22:50
BasePriority : Normal
FileVersion : 9.2.1.14
ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright (c) 2003 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:30 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1992
ThreadCreationTime : 26-12-2004 11:22:51
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:31 [hposts08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\
ProcessID : 2492
ThreadCreationTime : 26-12-2004 11:23:12
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSTS08.EXE
Comments : HP OfficeJet Status

#:32 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3600
ThreadCreationTime : 26-12-2004 11:24:17
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Automatische updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : wuauclt.exe

#:33 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1684
ThreadCreationTime : 26-12-2004 20:24:56
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : IEXPLORE.EXE

#:34 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2780
ThreadCreationTime : 26-12-2004 20:25:51
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:35 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2140
ThreadCreationTime : 26-12-2004 20:26:09
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:36 [winword.exe]
FilePath : C:\Program Files\Microsoft Office\Office10\
ProcessID : 2616
ThreadCreationTime : 26-12-2004 20:26:26
BasePriority : Normal


#:37 [opscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 3964
ThreadCreationTime : 26-12-2004 20:26:32
BasePriority : Normal
FileVersion : 10.0.2.610
ProductVersion : 10.0.2.610
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Out of Process Scan Server
InternalName : OPScan
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : OPScan.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 27


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27



Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27


Deep scanning and examining files (D
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27


Deep scanning and examining files (E
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27


Deep scanning and examining files (H
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
5255 entries scanned.
New critical objects:0
Objects found so far: 27




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\wintoolssvc

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\wintoolssvc

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_wintoolssvc

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 30

21:42:59 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:08.531
Objects scanned:156552
Objects identified:4
Objects ignored:0
New critical objects:4

Hi bacobat,

Er was nog een update geweest op 16 december

Start Kladblok, en kopieer en plak de tekst hieronder in een nieuw bestand. Sla dit op als fixme.reg op het bureaublad.

Zoek fixme.reg op het bureaublad en dubbelklik hierop.
Er wordt iets gevraagd in de trant van "Weet je zeker dat dit aan het register wil toevoegen?". Antwoord "Ja" en wacht op een boodschap lijkend op "Gegevens zijn toegevoegd".

Herstart je computer en scan hierna met AdAware. Zijn de meldingen weg?

Re: Ibis

Bobbi,

helaas scant adaware Ibis toolbar nog steeds,
na de toevoeging aan het register,
hieronder laatste log van adaware

Gr. Baco

Ad-Aware SE Build 1.05
Logfile Created on:maandag 27 december 2004 11:45:58
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R22 13.12.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar(TAC index:5):4 total references
MRU List(TAC index:0):26 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


27-12-2004 11:45:58 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 492
ThreadCreationTime : 27-12-2004 10:43:14
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 552
ThreadCreationTime : 27-12-2004 10:43:19
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 576
ThreadCreationTime : 27-12-2004 10:43:20
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 620
ThreadCreationTime : 27-12-2004 10:43:21
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Services en controllertoepassingen
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 27-12-2004 10:43:21
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 792
ThreadCreationTime : 27-12-2004 10:43:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 844
ThreadCreationTime : 27-12-2004 10:43:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [smc.exe]
FilePath : C:\Program Files\Sygate\SPF\
ProcessID : 904
ThreadCreationTime : 27-12-2004 10:43:23
BasePriority : Normal
FileVersion : 5.5.00.2516
ProductVersion : 5.5.00.2516
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2003 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1028
ThreadCreationTime : 27-12-2004 10:43:27
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1056
ThreadCreationTime : 27-12-2004 10:43:27
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1176
ThreadCreationTime : 27-12-2004 10:43:28
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:12 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1200
ThreadCreationTime : 27-12-2004 10:43:28
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1356
ThreadCreationTime : 27-12-2004 10:43:29
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1608
ThreadCreationTime : 27-12-2004 10:43:34
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Verkenner
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : EXPLORER.EXE

#:15 [mmtask.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 1696
ThreadCreationTime : 27-12-2004 10:43:38
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
LegalCopyright : TODO: (c) <Company name>. All rights reserved.
OriginalFilename : mmtask.exe

#:16 [winpatrol.exe]
FilePath : C:\Program Files\BillP Studios\WinPatrol\
ProcessID : 1712
ThreadCreationTime : 27-12-2004 10:43:38
BasePriority : Normal
FileVersion : 8, 0, 1, 0
ProductVersion : 8.0.1.0
ProductName : WinPatrol Monitor
CompanyName : BillP Studios
FileDescription : WinPatrol System Monitor
InternalName : WinPatrol Monitor
LegalCopyright : Copyright © 1997- 2004 BillP Studios
OriginalFilename : Scotty
Comments : Let Scotty the Windows Watchdog patrol your system.

#:17 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1720
ThreadCreationTime : 27-12-2004 10:43:38
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:18 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1756
ThreadCreationTime : 27-12-2004 10:43:38
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Een DLL-bestand als toepassing starten
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : RUNDLL.EXE

#:19 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1768
ThreadCreationTime : 27-12-2004 10:43:38
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:20 [popups~1.exe]
FilePath : C:\PROGRA~1\PANICW~1\POP-UP~1\
ProcessID : 1792
ThreadCreationTime : 27-12-2004 10:43:39
BasePriority : Normal
FileVersion : 1, 60, 0, 1000
ProductVersion : 1, 0, 0, 1
ProductName : Pop-Up Stopper Professional
CompanyName : Panicware, Inc.
FileDescription : Pop-Up Stopper Professional
InternalName : Pop-Up Stopper Professional
LegalCopyright : Copyright (C) 2002-2003
OriginalFilename : PopUpStopperPro.exe

#:21 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1832
ThreadCreationTime : 27-12-2004 10:43:40
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe

#:22 [hpobnz08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1840
ThreadCreationTime : 27-12-2004 10:43:40
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBNZ08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOBNZ08.EXE
Comments : HP OfficeJet <Banzai> Series COM Device Objects

#:23 [notesholder.exe]
FilePath : C:\Program Files\A!K Research Labs\NotesHolder\
ProcessID : 1864
ThreadCreationTime : 27-12-2004 10:43:40
BasePriority : Normal
FileVersion : 1.32.0.73
ProductVersion : 1.0.0.0
ProductName : NotesHolder
CompanyName : A!K Research Labs
InternalName : 1.30

#:24 [hpoevm08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 744
ThreadCreationTime : 27-12-2004 10:43:48
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager

#:25 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1460
ThreadCreationTime : 27-12-2004 10:44:04
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:26 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1512
ThreadCreationTime : 27-12-2004 10:44:04
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:27 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1568
ThreadCreationTime : 27-12-2004 10:44:04
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:28 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1580
ThreadCreationTime : 27-12-2004 10:44:04
BasePriority : Normal
FileVersion : 6.14.10.6693
ProductVersion : 6.14.10.6693
ProductName : NVIDIA Driver Helper Service, Version 66.93
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 66.93
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:29 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1892
ThreadCreationTime : 27-12-2004 10:44:05
BasePriority : Normal
FileVersion : 9.2.1.14
ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright (c) 2003 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:30 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2016
ThreadCreationTime : 27-12-2004 10:44:05
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:31 [hpzipm12.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2084
ThreadCreationTime : 27-12-2004 10:44:19
BasePriority : Normal
FileVersion : 6, 0, 0, 0
ProductVersion : 6, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:32 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3880
ThreadCreationTime : 27-12-2004 10:44:58
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Automatische updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : wuauclt.exe

#:33 [hposts08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\
ProcessID : 3980
ThreadCreationTime : 27-12-2004 10:45:09
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSTS08.EXE
Comments : HP OfficeJet Status

#:34 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2000
ThreadCreationTime : 27-12-2004 10:45:18
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Automatische updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : wuauclt.exe

#:35 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1212
ThreadCreationTime : 27-12-2004 10:45:38
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:36 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 1124
ThreadCreationTime : 27-12-2004 10:45:50
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 27


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27



Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27


Deep scanning and examining files (D
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27


Deep scanning and examining files (E
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27


Deep scanning and examining files (H
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
5255 entries scanned.
New critical objects:0
Objects found so far: 27




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\wintoolssvc

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\wintoolssvc

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_wintoolssvc

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 30

12:01:06 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:15:08.703
Objects scanned:154214
Objects identified:4
Objects ignored:0
New critical objects:4

Hi bacobat,

Had je dit ook gelezen?Ik heb het reg script nu maar eens als een bijlage meegestuurd.Kan je dit downloaden en erop dubbelklikken. Omdat ik geen .reg bestand mag uploaden heb ik hernoemd naar .txt. Hernoem dus het bestand naar fix.reg voor je dubbelklikt.

Ibis

Bobbi,

Had ik inderdaad gelezen ja,
ik heb de fix gebruikt, nogmaals gescand, opnieuw opgestart, nogmaals
gescand, en wat denk je. IBIS

Ben ik de enige die last heeft IBIS?
Ik heb echt geen idee waar ik het opgelopen heb.

Als we er niet uitkomen, laat maar hoor, je hebt er al genoeg tijd ingestoken.
Erg bedankt daarvoor.

Baco

hierbij nogmaals een copie van de laatste log van adaware.

Ad-Aware SE Build 1.05
Logfile Created on:maandag 27 december 2004 23:47:34
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R23 16.12.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar(TAC index:5):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


27-12-2004 23:47:34 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 484
ThreadCreationTime : 27-12-2004 22:45:30
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 548
ThreadCreationTime : 27-12-2004 22:45:35
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 576
ThreadCreationTime : 27-12-2004 22:45:36
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 620
ThreadCreationTime : 27-12-2004 22:45:37
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Services en controllertoepassingen
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 27-12-2004 22:45:37
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 792
ThreadCreationTime : 27-12-2004 22:45:38
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 844
ThreadCreationTime : 27-12-2004 22:45:38
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [smc.exe]
FilePath : C:\Program Files\Sygate\SPF\
ProcessID : 904
ThreadCreationTime : 27-12-2004 22:45:39
BasePriority : Normal
FileVersion : 5.5.00.2516
ProductVersion : 5.5.00.2516
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2003 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1076
ThreadCreationTime : 27-12-2004 22:45:43
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1096
ThreadCreationTime : 27-12-2004 22:45:44
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1176
ThreadCreationTime : 27-12-2004 22:45:44
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:12 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1200
ThreadCreationTime : 27-12-2004 22:45:44
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1356
ThreadCreationTime : 27-12-2004 22:45:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1612
ThreadCreationTime : 27-12-2004 22:46:00
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Verkenner
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : EXPLORER.EXE

#:15 [mmtask.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 1700
ThreadCreationTime : 27-12-2004 22:46:05
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
LegalCopyright : TODO: (c) <Company name>. All rights reserved.
OriginalFilename : mmtask.exe

#:16 [winpatrol.exe]
FilePath : C:\Program Files\BillP Studios\WinPatrol\
ProcessID : 1732
ThreadCreationTime : 27-12-2004 22:46:06
BasePriority : Normal
FileVersion : 8, 0, 1, 0
ProductVersion : 8.0.1.0
ProductName : WinPatrol Monitor
CompanyName : BillP Studios
FileDescription : WinPatrol System Monitor
InternalName : WinPatrol Monitor
LegalCopyright : Copyright © 1997- 2004 BillP Studios
OriginalFilename : Scotty
Comments : Let Scotty the Windows Watchdog patrol your system.

#:17 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1744
ThreadCreationTime : 27-12-2004 22:46:06
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:18 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1768
ThreadCreationTime : 27-12-2004 22:46:06
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Een DLL-bestand als toepassing starten
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : RUNDLL.EXE

#:19 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1776
ThreadCreationTime : 27-12-2004 22:46:06
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:20 [popups~1.exe]
FilePath : C:\PROGRA~1\PANICW~1\POP-UP~1\
ProcessID : 1784
ThreadCreationTime : 27-12-2004 22:46:06
BasePriority : Normal
FileVersion : 1, 60, 0, 1000
ProductVersion : 1, 0, 0, 1
ProductName : Pop-Up Stopper Professional
CompanyName : Panicware, Inc.
FileDescription : Pop-Up Stopper Professional
InternalName : Pop-Up Stopper Professional
LegalCopyright : Copyright (C) 2002-2003
OriginalFilename : PopUpStopperPro.exe

#:21 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1848
ThreadCreationTime : 27-12-2004 22:46:09
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe

#:22 [hpobnz08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1864
ThreadCreationTime : 27-12-2004 22:46:09
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBNZ08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOBNZ08.EXE
Comments : HP OfficeJet <Banzai> Series COM Device Objects

#:23 [notesholder.exe]
FilePath : C:\Program Files\A!K Research Labs\NotesHolder\
ProcessID : 1908
ThreadCreationTime : 27-12-2004 22:46:10
BasePriority : Normal
FileVersion : 1.32.0.73
ProductVersion : 1.0.0.0
ProductName : NotesHolder
CompanyName : A!K Research Labs
InternalName : 1.30

#:24 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 352
ThreadCreationTime : 27-12-2004 22:46:15
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:25 [hpoevm08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 460
ThreadCreationTime : 27-12-2004 22:46:16
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager

#:26 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 840
ThreadCreationTime : 27-12-2004 22:46:19
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:27 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 956
ThreadCreationTime : 27-12-2004 22:46:19
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:28 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1000
ThreadCreationTime : 27-12-2004 22:46:19
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:29 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1040
ThreadCreationTime : 27-12-2004 22:46:20
BasePriority : Normal
FileVersion : 6.14.10.6693
ProductVersion : 6.14.10.6693
ProductName : NVIDIA Driver Helper Service, Version 66.93
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 66.93
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:30 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1492
ThreadCreationTime : 27-12-2004 22:46:20
BasePriority : Normal
FileVersion : 9.2.1.14
ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright (c) 2003 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:31 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1564
ThreadCreationTime : 27-12-2004 22:46:20
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:32 [hpzipm12.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2332
ThreadCreationTime : 27-12-2004 22:46:32
BasePriority : Normal
FileVersion : 6, 0, 0, 0
ProductVersion : 6, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:33 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 4032
ThreadCreationTime : 27-12-2004 22:47:13
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Automatische updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : wuauclt.exe

#:34 [hposts08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\
ProcessID : 228
ThreadCreationTime : 27-12-2004 22:47:20
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSTS08.EXE
Comments : HP OfficeJet Status

#:35 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1844
ThreadCreationTime : 27-12-2004 22:47:20
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:36 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1892
ThreadCreationTime : 27-12-2004 22:47:33
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Automatische updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : wuauclt.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Deep scanning and examining files (D
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Deep scanning and examining files (E
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Deep scanning and examining files (H
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
5255 entries scanned.
New critical objects:0
Objects found so far: 1




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\wintoolssvc

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\wintoolssvc

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_wintoolssvc

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 4

0:03:43 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:08.641
Objects scanned:155116
Objects identified:4
Objects ignored:0
New critical objects:4

Hi bacobat,

Ik snap het niet! Deze reg scripts worden geïmporteerd. In het script staat dat die takken verwijderd moeten worden. Dan snap ik niet dat dat niet gebeurt...

Heb je al geprobeerd om de takken handmatig met Regedit te verwijderen? Wat is dan de reaktie?

Ibis

Bobbi,

Ik heb nog niets handmatig verwijdert,
geen idee wat wel en niet weg mag.
Er zijn bepaalde sleutels in register die niet geopend kunnen worden en sommige kan ik niet verwijderen.
Ik heb dit ooit geprobeerd maar te bang dat er wat mis gaat in het systeem.

Is er aan te geven wat er precies mag worden verwijderd?

Gr. Baco

Hi bacobat,

Als je RegEdit opent kan je naar deze sleutels gaan en kijken of je ze op die manier kan verwijderen. Alleen de sleutels aangegeven in het rood

HKEY_LOCAL_MACHINE---->software----->wintools

HKEY_LOCAL_MACHINE---->system---->controlset001---->services---->wintoolssvc

HKEY_LOCAL_MACHINE---->system---->currentcontrolset---->services---->wintoolssvc

HKEY_LOCAL_MACHINE---->system---->currentcontrolset---->enum---->root---->legacy_wintoolssvc

Helaas,

Krijg melding dat er fout opgetreden is bij verwijderen sleutel,
kan sleutel niet verwijderen.

Is IBIS schadelijk?, zoniet, laten we hem toch lekker zitten tot ik m'n schijf een keer formateer.

Baco

Ik denk dat het niet schadelijk is. De bestanden die hiermee te maken hebben zijn schadelijk, maar de registry sleutel niet.

Hoeveel accounts heb jij op je systeem?

Ik heb 3 accounts waarvan er 1 niet gebruikt wordt