Mededeling

Collapse
No announcement yet.

avg virusmelding

Collapse
X
Collapse
  •  
  • Page of 1
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    avg virusmelding

    Hallo,

    geruime tijd is het goed gegaan met enkel AVG antivirus scanner.
    Onlangs heb ik me laten vertellen Registry mechanic en Ad Aware zijn goede aanvullingen, waarvan mijn bijna volle pc sneller en beter zou worden en een toegangscode kon ik wel krijgen. Installatie is inderdaad gelukt en dit heb ik nu ook geweten!
    Deze ochtend bij de reguliere AVG controle de ene virusmelding na de andere die niet te verwijderen is en de virusscan van Ad Aware knalt eruit.
    Uiteraard komt berouw na de zonde en heeft verwijdering van Registry cleaner ook niet meer geholpen. Symantec scan levert een melding over drive cleaner en ircfast.
    Wil iemand mij alsjeblieft helpen. Onderstaand mijn hijack this log.
    Dank je wel, Frank

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:26:41, on 20-12-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\FolderSize\FolderSizeSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\vsnpstd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Microsoft Office\Office10\msoffice.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {A4762212-715A-4AF5-9544-DA99EC013E70} - C:\WINDOWS\System32\fccaw.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
    O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
    O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-21-1801674531-842925246-1957994488-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'gast1')
    O4 - HKUS\S-1-5-21-1801674531-842925246-1957994488-1010\..\Run: [HyvesKwekker] "C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe" (User 'gast1')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {041FA6AB-BA33-498F-AD6D-5913F66801D2} (F5 Networks screen sharing client) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urxcli.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/cachecleaner.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urxvpn.cab
    O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://gateway01.thegreenery.com/vdesk/terminal/InstallerControl.cab#version=6020,2007,1001,2146
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/f5InspectionHost.cab
    O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://2006.smgbb.cn/pps/powerplayer.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://gateway01.thegreenery.com/vdesk/terminal/urTermProxy.cab#version=6020,2007,1001,2136
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
    O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/msrdp.cab
    O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/vdeskctrl.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rachelluhh.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
    O16 - DPF: {B8693DEF-98AC-43FC-AA00-E7D728334C80} (F5 Networks 5250 Terminal emulator) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/ur5250x.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urxshost.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O16 - DPF: {D84C4D49-A63A-4432-B319-718ECA705773} - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/f5syschk.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
    O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://gateway01.thegreenery.com/vdesk/terminal/urxhost.cab#version=6020,2007,1001,2140
    O16 - DPF: {E66D35B8-E70D-42A6-B1F5-DB784CB92B15} (URVNCX Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urvncx.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
    O20 - Winlogon Notify: hggfccb - hggfccb.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

    --
    End of file - 12949 bytes
    Labels: Geen
      • Citaat
    • #2
      Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: (no name) - - (no file)
      R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
      O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {A4762212-715A-4AF5-9544-DA99EC013E70} - C:\WINDOWS\System32\fccaw.dll
      O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file)
      O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
      O20 - Winlogon Notify: hggfccb - hggfccb.dll (file missing)
      Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

      Download Combofix naar je Bureaublad.
      Dubbelklik op Combofix.exe
      Kies voor "Continue" door 1 te typen gevolgd door ENTER.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
      Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
      Plaats deze log in je volgende post.

      NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
        • Citaat

        Comment

        • #3
          Hallo Smeenk,
          hierbij het resultaat van combofix.
          Bedankt voor je snelle reactie.
          groet
          Frank

          ComboFix 07-12-21.4 - Frank 2007-12-21 0:11:02.1 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.189 [GMT 1:00]Gestart vanuit: C:\Documents and Settings\Frank\Mijn documenten\temp\ComboFix.exe
          * Nieuw herstelpunt werd aangemaakt
          .
          The following files were disabled during the run:
          C:\WINDOWS\System32\wmfhotfix.dll


          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\system32\components

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))
          .

          2007-12-20 21:26 . 2007-12-20 21:26 <DIR> d-------- C:\Program Files\Trend Micro
          2007-12-20 16:21 . 2007-12-20 16:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
          2007-12-20 16:21 . 2007-12-20 16:21 1,409 --a------ C:\WINDOWS\QTFont.for
          2007-12-19 16:49 . 2007-12-20 17:04 <DIR> d-------- C:\Program Files\Incomplete
          2007-12-18 16:17 . 2007-12-18 16:17 <DIR> d-------- C:\Program Files\Microsoft Games
          2007-12-18 12:24 . 2007-12-18 12:24 <DIR> d-------- C:\Program Files\Lavasoft
          2007-12-18 12:24 . 2007-12-18 12:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
          2007-12-18 12:22 . 2007-12-18 12:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
          2007-12-10 22:36 . 2007-12-10 23:28 0 --a------ C:\WINDOWS\system32\mcrh.tmp
          2007-12-09 14:11 . 2007-12-09 14:24 51,355 --a------ C:\WINDOWS\system32\muzika.xm
          2007-12-09 11:14 . 2007-12-20 09:10 22,094 --ahs---- C:\WINDOWS\system32\waccf.ini2
          2007-12-09 11:14 . 2007-12-20 09:12 22,094 --ahs---- C:\WINDOWS\system32\waccf.ini

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2007-12-20 21:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2007-12-20 16:01 --------- d-----w C:\Program Files\LimeWire
          2007-12-20 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
          2007-12-18 20:57 --------- d-----w C:\Program Files\Webroot
          2007-12-18 20:57 --------- d-----w C:\Program Files\Hitman Pro
          2007-12-14 17:00 --------- d-----w C:\Program Files\PartyGaming.Net
          2007-12-13 14:39 --------- d-----w C:\Documents and Settings\Kevin\Application Data\InstallShield Installation Information
          2007-12-10 16:38 26,800 ----a-w C:\Documents and Settings\gast1\Application Data\GDIPFONTCACHEV1.DAT
          2007-11-25 13:29 --------- d-----w C:\Program Files\TVAnts
          2007-11-19 08:58 --------- d-----w C:\Documents and Settings\Frank\Application Data\ICAClient
          2007-11-17 17:22 --------- d-----w C:\Program Files\Hyves Kwekker
          2007-11-16 22:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
          2007-11-14 12:25 26,800 ----a-w C:\Documents and Settings\Kevin\Application Data\GDIPFONTCACHEV1.DAT
          2007-10-29 17:00 --------- d-----w C:\Documents and Settings\gast1\Application Data\Screenshot Sender
          2007-10-28 17:18 --------- d-----w C:\Program Files\MSN Messenger
          2007-10-28 17:18 --------- d-----w C:\Program Files\Messenger Plus! Live
          2007-10-24 15:54 --------- d-----w C:\Program Files\Omerta Script
          2006-09-12 20:32 1,619 ----a-w C:\Program Files\INSTALL.LOG
          2006-02-21 21:44 26,408 ----a-w C:\Documents and Settings\Frank\Application Data\GDIPFONTCACHEV1.DAT
          2006-02-21 15:18 54,784 --sha-w C:\Program Files\Thumbs.db
          2005-07-09 08:52 155,439 ----a-w C:\Program Files\Uninstall.exe
          2005-06-16 20:39 3,218,064 ----a-w C:\Program Files\hitmanpro2012nl.exe
          2005-06-11 13:07 26,408 ----a-w C:\Documents and Settings\Wesley\Application Data\GDIPFONTCACHEV1.DAT
          2005-05-07 07:37 26,408 ----a-w C:\Documents and Settings\Rachelle\Application Data\GDIPFONTCACHEV1.DAT
          2002-06-21 10:19 684,032 ----a-w C:\Program Files\coaster.exe
          2002-01-23 16:57 11,363 ----a-w C:\Program Files\db.txt
          2001-10-19 22:59 6,630 ----a-w C:\Program Files\UNWISE.INI
          2001-09-28 15:00 164,864 ----a-w C:\Program Files\UNWISE.EXE
          2000-12-18 02:10 116,224 ----a-w C:\Program Files\fmod.dll
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 14:54]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 18:30]
          "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 13:00]
          "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-04-10 13:00]
          "snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 16:39]
          "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-25 07:51]
          "NvCplDaemon"="RUNDLL32.exe" [2001-09-07 13:00 C:\WINDOWS\system32\rundll32.exe]
          "nwiz"="nwiz.exe" [2002-08-30 08:06 C:\WINDOWS\system32\nwiz.exe]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-09-07 13:00]
          "Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52]
          "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 07:51]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-02-10 14:13:38]
          Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 14:04:48]
          KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 13:12:08]
          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
          "AppInit_DLLs"=C:\WINDOWS\System32\wmfhotfix.dll

          R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-09-06 22:27]
          R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 22:28]
          R3 urvpndrv;F5 Networks VPN Adapter;C:\WINDOWS\System32\DRIVERS\urvpndrv.sys [2005-02-16 12:32]
          S3 f5ipfw;F5 Networks StoneWall Filter;C:\WINDOWS\System32\drivers\urfltw2k.sys [2005-02-16 12:33]

          .
          Inhoud van de 'Gedeelde Taken' map
          "2007-12-13 21:00:00 C:\WINDOWS\Tasks\A7D4FB3A9103759E.job"
          - c:\docume~1\kevin\applic~1\burngr~1\Noun heart corn.exe
          "2007-12-13 21:00:00 C:\WINDOWS\Tasks\A7F61778918D90E8.job"
          - c:\docume~1\kevin\applic~1\burngr~1\Noun heart corn.exe
          "2007-12-13 21:00:00 C:\WINDOWS\Tasks\A9A01FE491FB98FC.job"
          - c:\docume~1\kevin\applic~1\burngr~1\Noun heart corn.exe
          "2007-12-18 11:56:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          "2007-12-13 21:00:00 C:\WINDOWS\Tasks\B1828FEF93C90023.job"
          - c:\docume~1\kevin\applic~1\burngr~1\Noun heart corn.exe
          "2007-11-16 22:38:31 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
          - C:\WINDOWS\System32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registr ation_7.5.30.2.sxt _RegistrationOffer@16
          .
          **************************************************************************

          catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2007-12-21 00:25:18
          Windows 5.1.2600 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          **************************************************************************
          .
          --------------------- DLLs Loaded Under Running Processes ---------------------

          PROCESS: C:\WINDOWS\system32\winlogon.exe
          -> C:\WINDOWS\System32\wmfhotfix.dll

          PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.0000]
          -> C:\WINDOWS\System32\wmfhotfix.dll

          PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2600.0000]
          -> C:\WINDOWS\System32\wmfhotfix.dll
          .
          Voltooingstijd: 2007-12-21 0:30:22 - machine was rebooted
            • Citaat

            Comment

            • #4
              toevoeging informatie

              Hallo,

              heb zoeven niet vermeld dat ik tussen mijn verzoek om hulp en jouw reactie ook nog spybot heb gedraaid.
                • Citaat

                Comment

                • #5
                  Download dit bestand: Deljob.exe (mirror)
                  Plaats het op je bureaublad.
                  Indien je virusscanner de download van deljob.exe blokkeert,
                  schakel dan tijdelijk je virusscanner uit of download de zip-versie
                  deljob.zip en pak deze uit naar je Bureaublad.
                  Dubbelklik Deljob.exe.
                  Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad.
                  Post de inhoud van logit.txt in je volgende bericht.
                    • Citaat

                    Comment

                    • #6
                      Onderstaand het resultaat, groet Frank

                      --------------------------------------------------------
                      File(s) moved to C:\deljob

                      A7D4FB3A9103759E.job
                      A7F61778918D90E8.job
                      A9A01FE491FB98FC.job
                      B1828FEF93C90023.job
                      --------------------------------------------------------
                      Files remaining after cleaning

                      AppleSoftwareUpdate.job
                      EasyShare Registration Task.job
                      --------------------------------------------------------
                      App data folders

                      Het volume in station C heeft geen naam.
                      Het volumenummer is C8D4-768A

                      Map van C:\Documents and Settings\Frank\Application Data

                      10-10-2007 18:47 <DIR> .
                      10-10-2007 18:47 <DIR> ..
                      16-09-2004 10:49 <DIR> Adobe
                      16-10-2004 15:20 <DIR> Ahead
                      10-03-2007 17:51 <DIR> APPLEC~1 Apple Computer
                      14-01-2005 22:49 <DIR> ArcSoft
                      17-11-2005 10:38 <DIR> AVG7
                      11-03-2007 21:43 <DIR> Google
                      10-02-2005 16:54 <DIR> Help
                      19-11-2007 09:58 <DIR> ICACLI~1 ICAClient
                      08-02-2006 22:18 <DIR> IDENTI~1 Identities
                      16-09-2004 10:49 <DIR> INTERT~1 InterTrust
                      14-10-2004 12:40 <DIR> KAZAAL~1 Kazaa Lite
                      21-12-2005 10:31 <DIR> Lavasoft
                      04-11-2004 21:55 <DIR> MACROM~1 Macromedia
                      11-08-2007 01:11 <DIR> MICROS~1 Microsoft
                      10-10-2007 18:47 <DIR> Mozilla
                      28-09-2004 20:17 <DIR> Sun
                      16-09-2004 08:39 <DIR> Symantec
                      21-08-2006 23:06 <DIR> Toshiba
                      16-06-2005 22:50 <DIR> Webroot
                      0 bestand(en) 0 bytes
                      21 map(pen) 4.692.922.368 bytes beschikbaar
                      Het volume in station C heeft geen naam.
                      Het volumenummer is C8D4-768A

                      Map van C:\Documents and Settings\All Users\Application Data

                      18-12-2007 12:24 <DIR> .
                      18-12-2007 12:24 <DIR> ..
                      05-03-2007 19:18 <DIR> APPLEC~1 Apple Computer
                      15-01-2005 13:15 <DIR> ArcSoft
                      29-12-2006 13:14 <DIR> avg7
                      16-09-2004 10:45 <DIR> CYBERL~1 CyberLink
                      16-06-2005 22:23 <DIR> FORKPO~1 Fork poke real lies
                      18-09-2006 20:50 <DIR> Google
                      07-09-2007 21:59 <DIR> Grisoft
                      16-11-2007 23:37 <DIR> Kodak
                      18-12-2007 12:24 <DIR> Lavasoft
                      26-10-2006 14:49 <DIR> MESSEN~1 Messenger Plus!
                      22-03-2007 20:24 <DIR> MICROS~1 Microsoft
                      09-07-2005 18:44 <DIR> MSN6
                      05-10-2004 18:06 <DIR> QUICKT~1 QuickTime
                      20-12-2007 22:19 <DIR> SPYBOT~1 Spybot - Search & Destroy
                      17-11-2005 11:13 <DIR> Symantec
                      22-03-2007 20:27 <DIR> TEMP
                      06-12-2006 13:27 <DIR> WINDOW~1 Windows Genuine Advantage
                      0 bestand(en) 0 bytes
                      19 map(pen) 4.692.922.368 bytes beschikbaar
                        • Citaat

                        Comment

                        • #7
                          Download de bijlage: CFScript.txt

                          Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                          Dit zal ComboFix doen herstarten.
                          Start opnieuw op als daarom gevraagd wordt,
                          en post de inhoud van de Combofix.txt in je volgende antwoord.

                          Post ook een nieuw logje van Hijackthis en vertel ook of er nog problemen zijn.
                          Bijgevoegde Bestanden
                            • Citaat

                            Comment

                            • #8
                              Hallo,

                              onderstaand de 2 gevraagde files.
                              Inmiddels verschijnen de AVG waarschuwingen niet meer en lijkt de pc ook sneller geworden.
                              Groet, Frank

                              ComboFix 07-12-21.4 - Frank 2007-12-22 13:13:03.2 - NTFSx86
                              Gestart vanuit: C:\Documents and Settings\Frank\Mijn documenten\temp\ComboFix.exe
                              Command switches used :: C:\cfscript.txt

                              FILE
                              C:\WINDOWS\system32\mcrh.tmp
                              C:\WINDOWS\system32\waccf.ini
                              C:\WINDOWS\system32\waccf.ini2
                              .
                              The following files were disabled during the run:
                              C:\WINDOWS\System32\wmfhotfix.dll


                              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                              .

                              C:\deljob
                              C:\deljob\A7D4FB3A9103759E.job
                              C:\deljob\A7F61778918D90E8.job
                              C:\deljob\A9A01FE491FB98FC.job
                              C:\deljob\B1828FEF93C90023.job
                              c:\docume~1\kevin\applic~1\burngr~1
                              c:\docume~1\kevin\applic~1\burngr~1\44A9B00D
                              C:\Documents and Settings\All Users\Application Data\Fork poke real lies
                              C:\Documents and Settings\All Users\Application Data\Fork poke real lies\sixthplusinfo
                              C:\WINDOWS\system32\mcrh.tmp
                              C:\WINDOWS\system32\waccf.ini
                              C:\WINDOWS\system32\waccf.ini2

                              .
                              (((((((((((((((((((( Bestanden Gemaakt van 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))
                              .

                              2007-12-20 21:26 . 2007-12-20 21:26 <DIR> d-------- C:\Program Files\Trend Micro
                              2007-12-20 16:21 . 2007-12-20 16:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
                              2007-12-20 16:21 . 2007-12-20 16:21 1,409 --a------ C:\WINDOWS\QTFont.for
                              2007-12-19 16:49 . 2007-12-20 17:04 <DIR> d-------- C:\Program Files\Incomplete
                              2007-12-18 16:17 . 2007-12-18 16:17 <DIR> d-------- C:\Program Files\Microsoft Games
                              2007-12-18 12:24 . 2007-12-18 12:24 <DIR> d-------- C:\Program Files\Lavasoft
                              2007-12-18 12:24 . 2007-12-18 12:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                              2007-12-18 12:22 . 2007-12-18 12:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
                              2007-12-09 14:11 . 2007-12-09 14:24 51,355 --a------ C:\WINDOWS\system32\muzika.xm

                              .
                              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              2007-12-20 21:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                              2007-12-20 16:01 --------- d-----w C:\Program Files\LimeWire
                              2007-12-20 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
                              2007-12-18 20:57 --------- d-----w C:\Program Files\Webroot
                              2007-12-18 20:57 --------- d-----w C:\Program Files\Hitman Pro
                              2007-12-14 17:00 --------- d-----w C:\Program Files\PartyGaming.Net
                              2007-12-13 14:39 --------- d-----w C:\Documents and Settings\Kevin\Application Data\InstallShield Installation Information
                              2007-12-10 16:38 26,800 ----a-w C:\Documents and Settings\gast1\Application Data\GDIPFONTCACHEV1.DAT
                              2007-11-25 13:29 --------- d-----w C:\Program Files\TVAnts
                              2007-11-19 08:58 --------- d-----w C:\Documents and Settings\Frank\Application Data\ICAClient
                              2007-11-17 17:22 --------- d-----w C:\Program Files\Hyves Kwekker
                              2007-11-16 22:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
                              2007-11-14 12:25 26,800 ----a-w C:\Documents and Settings\Kevin\Application Data\GDIPFONTCACHEV1.DAT
                              2007-10-29 17:00 --------- d-----w C:\Documents and Settings\gast1\Application Data\Screenshot Sender
                              2007-10-28 17:18 --------- d-----w C:\Program Files\MSN Messenger
                              2007-10-28 17:18 --------- d-----w C:\Program Files\Messenger Plus! Live
                              2007-10-24 15:54 --------- d-----w C:\Program Files\Omerta Script
                              2006-09-12 20:32 1,619 ----a-w C:\Program Files\INSTALL.LOG
                              2006-02-21 21:44 26,408 ----a-w C:\Documents and Settings\Frank\Application Data\GDIPFONTCACHEV1.DAT
                              2006-02-21 15:18 54,784 --sha-w C:\Program Files\Thumbs.db
                              2005-07-09 08:52 155,439 ----a-w C:\Program Files\Uninstall.exe
                              2005-06-16 20:39 3,218,064 ----a-w C:\Program Files\hitmanpro2012nl.exe
                              2005-06-11 13:07 26,408 ----a-w C:\Documents and Settings\Wesley\Application Data\GDIPFONTCACHEV1.DAT
                              2005-05-07 07:37 26,408 ----a-w C:\Documents and Settings\Rachelle\Application Data\GDIPFONTCACHEV1.DAT
                              2002-06-21 10:19 684,032 ----a-w C:\Program Files\coaster.exe
                              2002-01-23 16:57 11,363 ----a-w C:\Program Files\db.txt
                              2001-10-19 22:59 6,630 ----a-w C:\Program Files\UNWISE.INI
                              2001-09-28 15:00 164,864 ----a-w C:\Program Files\UNWISE.EXE
                              2000-12-18 02:10 116,224 ----a-w C:\Program Files\fmod.dll
                              .

                              ((((((((((((((((((((((((((((( snapshot@2007-12-21_ 0.28.27.54 )))))))))))))))))))))))))))))))))))))))))
                              .
                              - 2007-12-20 23:10:47 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
                              + 2007-12-22 12:12:38 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
                              - 2006-11-20 18:40:43 3,968 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
                              + 2007-12-21 07:40:00 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
                              - 2007-06-26 06:40:31 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
                              + 2007-12-21 07:39:40 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
                              - 2007-12-09 13:40:25 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
                              + 2007-12-20 23:35:32 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
                              - 2007-12-09 13:40:25 53,418 ----a-w C:\WINDOWS\system32\perfc013.dat
                              + 2007-12-20 23:35:32 53,418 ----a-w C:\WINDOWS\system32\perfc013.dat
                              - 2007-12-09 13:40:25 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
                              + 2007-12-20 23:35:32 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
                              - 2007-12-09 13:40:25 364,330 ----a-w C:\WINDOWS\system32\perfh013.dat
                              + 2007-12-20 23:35:32 364,330 ----a-w C:\WINDOWS\system32\perfh013.dat
                              + 2007-12-22 12:07:08 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5bc.dat
                              .
                              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              .
                              REGEDIT4
                              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 18:30]
                              "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 13:00]
                              "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
                              "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 14:54]

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-04-10 13:00]
                              "snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 16:39]
                              "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 08:39]
                              "NvCplDaemon"="RUNDLL32.exe" [2001-09-07 13:00 C:\WINDOWS\system32\rundll32.exe]
                              "nwiz"="nwiz.exe" [2002-08-30 08:06 C:\WINDOWS\system32\nwiz.exe]
                              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
                              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
                              "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51]

                              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                              "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-09-07 13:00]
                              "Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52]
                              "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 07:51]

                              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                              Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-02-10 14:13:38]
                              Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 14:04:48]
                              KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 13:12:08]
                              Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

                              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
                              "AppInit_DLLs"=C:\WINDOWS\System32\wmfhotfix.dll

                              R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-09-06 22:27]
                              R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 22:28]
                              R3 urvpndrv;F5 Networks VPN Adapter;C:\WINDOWS\System32\DRIVERS\urvpndrv.sys [2005-02-16 12:32]
                              S3 f5ipfw;F5 Networks StoneWall Filter;C:\WINDOWS\System32\drivers\urfltw2k.sys [2005-02-16 12:33]

                              .
                              Inhoud van de 'Gedeelde Taken' map
                              "2007-12-18 11:56:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                              - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                              "2007-11-16 22:38:31 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
                              - C:\WINDOWS\System32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registr ation_7.5.30.2.sxt _RegistrationOffer@16
                              .
                              **************************************************************************

                              catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                              Rootkit scan 2007-12-22 13:19:34
                              Windows 5.1.2600 NTFS

                              scannen van verborgen processen ...

                              scannen van verborgen autostart items ...

                              scannen van verborgen bestanden ...

                              **************************************************************************
                              .
                              Voltooingstijd: 2007-12-22 13:21:59
                              C:\ComboFix2.txt ... 2007-12-21 00:30

                              Logfile of Trend Micro HijackThis v2.0.2
                              Scan saved at 13:26:37, on 22-12-2007
                              Platform: Windows XP (WinNT 5.01.2600)
                              MSIE: Internet Explorer v6.00 (6.00.2600.0000)
                              Boot mode: Normal

                              Running processes:
                              C:\WINDOWS\System32\smss.exe
                              C:\WINDOWS\system32\winlogon.exe
                              C:\WINDOWS\system32\services.exe
                              C:\WINDOWS\system32\lsass.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                              C:\WINDOWS\system32\spoolsv.exe
                              C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                              C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
                              C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
                              C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
                              C:\Program Files\FolderSize\FolderSizeSvc.exe
                              C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                              C:\WINDOWS\System32\nvsvc32.exe
                              C:\WINDOWS\system32\pctspk.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\WINDOWS\vsnpstd.exe
                              C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
                              C:\Program Files\Messenger\msmsgs.exe
                              C:\WINDOWS\System32\ctfmon.exe
                              C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                              C:\WINDOWS\System32\wuauclt.exe
                              C:\WINDOWS\explorer.exe
                              C:\Program Files\Internet Explorer\IEXPLORE.EXE
                              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                              O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
                              O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                              O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
                              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                              O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
                              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
                              O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                              O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
                              O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
                              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
                              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                              O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
                              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                              O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
                              O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                              O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                              O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
                              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                              O4 - Global Startup: Bluetooth Manager.lnk = ?
                              O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
                              O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
                              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
                              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
                              O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
                              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                              O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                              O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
                              O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
                              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                              O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
                              O16 - DPF: {041FA6AB-BA33-498F-AD6D-5913F66801D2} (F5 Networks screen sharing client) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urxcli.cab
                              O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
                              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                              O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
                              O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                              O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/cachecleaner.cab
                              O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
                              O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urxvpn.cab
                              O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://gateway01.thegreenery.com/vdesk/terminal/InstallerControl.cab#version=6020,2007,1001,2146
                              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/mail/resources/MsnPUpld.cab
                              O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
                              O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/f5InspectionHost.cab
                              O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} - http://2006.smgbb.cn/pps/powerplayer.cab
                              O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
                              O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://gateway01.thegreenery.com/vdesk/terminal/urTermProxy.cab#version=6020,2007,1001,2136
                              O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
                              O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/msrdp.cab
                              O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/vdeskctrl.cab
                              O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rachelluhh.spaces.live.com/PhotoUpload/MsnPUpld.cab
                              O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                              O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
                              O16 - DPF: {B8693DEF-98AC-43FC-AA00-E7D728334C80} (F5 Networks 5250 Terminal emulator) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/ur5250x.cab
                              O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
                              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                              O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urxshost.cab
                              O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
                              O16 - DPF: {D84C4D49-A63A-4432-B319-718ECA705773} - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/f5syschk.cab
                              O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
                              O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://gateway01.thegreenery.com/vdesk/terminal/urxhost.cab#version=6020,2007,1001,2140
                              O16 - DPF: {E66D35B8-E70D-42A6-B1F5-DB784CB92B15} (URVNCX Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urvncx.cab
                              O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
                              O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
                              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                              O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                              O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
                              O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
                              O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
                              O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
                              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                              O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                              O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
                              O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                              O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

                              --
                              End of file - 11438 bytes
                                • Citaat

                                Comment

                                • #9
                                  Verwijder de volgende map:
                                  C:\Qoobox

                                  Maak dan je prullenbak leeg.

                                  Je Java software is verouderd. oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                                  Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                                  • Download Java Runtime Environment (JRE) 6.3 en bewaar het naar je Bureaublad.
                                  • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                                  • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                                  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                                  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                                  • Herhaal dit tot alle oudere versies verdwenen zijn.
                                  • Na het verwijderen van alle oudere versies, herstart je pc.
                                  • Dubbelklik vervolgens op jre-6u3-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                                  Download ATF cleaner (mirror)(gemaakt door Atribune)

                                  Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                                  Dubbelklik op ATF cleaner om het programma te starten.
                                  Op het tabblad "Main", plaats je een vinkje bij Select All.
                                  Klik op de knop Empty Selected.

                                  Het volgende doen als je ook FireFox als browser hebt:
                                  Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                                  Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                                  (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                                  Klik op de knop Empty Selected.

                                  Het volgende doen als je ook Opera als browser hebt:
                                  Klik op tabblad "Opera", plaats een vinkje bij Select All.
                                  Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                                  Klik op de knop Empty Selected.
                                  Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                                  Ga naar Start - Uitvoeren en geef hier het volgende in:
                                  Combofix /U
                                  Druk daarna op OK.
                                  Let op: Er moet een spatie tussen Combofix en /U zitten.

                                  Dit zal Combofix deïnstalleren.

                                  Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                                  Kijk hier hoe je je systeemherstel moet uitschakelen.
                                  Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                                  Post als laatste nog een nieuw logje van Hijackthis ter controle
                                    • Citaat

                                    Comment

                                    • #10
                                      Hallo,
                                      zag dat er wel een snelkoppeling was achtergebleven van Combofix.
                                      Hopelijk is echter toch alles verdwenen.
                                      groet,

                                      Logfile of Trend Micro HijackThis v2.0.2
                                      Scan saved at 16:05:13, on 22-12-2007
                                      Platform: Windows XP (WinNT 5.01.2600)
                                      MSIE: Internet Explorer v6.00 (6.00.2600.0000)
                                      Boot mode: Normal

                                      Running processes:
                                      C:\WINDOWS\System32\smss.exe
                                      C:\WINDOWS\system32\winlogon.exe
                                      C:\WINDOWS\system32\services.exe
                                      C:\WINDOWS\system32\lsass.exe
                                      C:\WINDOWS\system32\svchost.exe
                                      C:\WINDOWS\System32\svchost.exe
                                      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                                      C:\WINDOWS\system32\spoolsv.exe
                                      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                                      C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
                                      C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
                                      C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
                                      C:\Program Files\FolderSize\FolderSizeSvc.exe
                                      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                                      C:\WINDOWS\System32\nvsvc32.exe
                                      C:\WINDOWS\system32\pctspk.exe
                                      C:\WINDOWS\System32\svchost.exe
                                      C:\WINDOWS\Explorer.EXE
                                      C:\WINDOWS\vsnpstd.exe
                                      C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
                                      C:\Program Files\QuickTime\qttask.exe
                                      C:\Program Files\iTunes\iTunesHelper.exe
                                      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                                      C:\Program Files\Messenger\msmsgs.exe
                                      C:\WINDOWS\System32\ctfmon.exe
                                      C:\Program Files\iPod\bin\iPodService.exe
                                      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                                      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                                      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
                                      C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
                                      C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
                                      C:\WINDOWS\System32\wuauclt.exe
                                      C:\Program Files\Microsoft Office\Office10\msoffice.exe
                                      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
                                      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
                                      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                                      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                                      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                                      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                                      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
                                      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                                      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                                      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
                                      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                                      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
                                      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                                      O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
                                      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
                                      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
                                      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                                      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                                      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                                      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
                                      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                                      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                                      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
                                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                                      O4 - Global Startup: Bluetooth Manager.lnk = ?
                                      O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
                                      O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
                                      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                                      O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
                                      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                                      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                                      O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
                                      O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
                                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                                      O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
                                      O16 - DPF: {041FA6AB-BA33-498F-AD6D-5913F66801D2} (F5 Networks screen sharing client) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urxcli.cab
                                      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
                                      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                                      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
                                      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                                      O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/cachecleaner.cab
                                      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
                                      O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urxvpn.cab
                                      O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://gateway01.thegreenery.com/vdesk/terminal/InstallerControl.cab#version=6020,2007,1001,2146
                                      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/mail/resources/MsnPUpld.cab
                                      O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
                                      O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/f5InspectionHost.cab
                                      O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} - http://2006.smgbb.cn/pps/powerplayer.cab
                                      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
                                      O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://gateway01.thegreenery.com/vdesk/terminal/urTermProxy.cab#version=6020,2007,1001,2136
                                      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
                                      O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/msrdp.cab
                                      O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/vdeskctrl.cab
                                      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rachelluhh.spaces.live.com/PhotoUpload/MsnPUpld.cab
                                      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                                      O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
                                      O16 - DPF: {B8693DEF-98AC-43FC-AA00-E7D728334C80} (F5 Networks 5250 Terminal emulator) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/ur5250x.cab
                                      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
                                      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                                      O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urxshost.cab
                                      O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
                                      O16 - DPF: {D84C4D49-A63A-4432-B319-718ECA705773} - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/f5syschk.cab
                                      O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
                                      O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://gateway01.thegreenery.com/vdesk/terminal/urxhost.cab#version=6020,2007,1001,2140
                                      O16 - DPF: {E66D35B8-E70D-42A6-B1F5-DB784CB92B15} (URVNCX Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urvncx.cab
                                      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
                                      O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
                                      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                                      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                                      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
                                      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
                                      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
                                      O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
                                      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                                      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                                      O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
                                      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                                      O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

                                      --
                                      End of file - 12041 bytes
                                        • Citaat

                                        Comment

                                        • #11
                                          Logje ziet er goed uit

                                          Verwijder die snelkoppeling maar.
                                            • Citaat

                                            Comment

                                            • #12
                                              Smeenk, bedankt voor je duidelijke en snelle response!
                                                • Citaat

                                                Comment

                                                • #13
                                                  Graag gedaan hoor
                                                    • Citaat

                                                    Comment

                                                    Vorige template Volgende
                                                    Sorry, you are not authorized to view this page
                                                    Working...
                                                    X
                                                    😀
                                                    🥰
                                                    🤢
                                                    😎
                                                    😡
                                                    👍
                                                    👎