Mededeling

Collapse
No announcement yet.

avg virusmelding

Collapse
X
  •  
  • Tijd
  • Show
Clear All
new posts

  • avg virusmelding

    Hallo,

    geruime tijd is het goed gegaan met enkel AVG antivirus scanner.
    Onlangs heb ik me laten vertellen Registry mechanic en Ad Aware zijn goede aanvullingen, waarvan mijn bijna volle pc sneller en beter zou worden en een toegangscode kon ik wel krijgen. Installatie is inderdaad gelukt en dit heb ik nu ook geweten!
    Deze ochtend bij de reguliere AVG controle de ene virusmelding na de andere die niet te verwijderen is en de virusscan van Ad Aware knalt eruit.
    Uiteraard komt berouw na de zonde en heeft verwijdering van Registry cleaner ook niet meer geholpen. Symantec scan levert een melding over drive cleaner en ircfast.
    Wil iemand mij alsjeblieft helpen. Onderstaand mijn hijack this log.
    Dank je wel, Frank

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:26:41, on 20-12-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\FolderSize\FolderSizeSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\vsnpstd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Microsoft Office\Office10\msoffice.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {A4762212-715A-4AF5-9544-DA99EC013E70} - C:\WINDOWS\System32\fccaw.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
    O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
    O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-21-1801674531-842925246-1957994488-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'gast1')
    O4 - HKUS\S-1-5-21-1801674531-842925246-1957994488-1010\..\Run: [HyvesKwekker] "C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe" (User 'gast1')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {041FA6AB-BA33-498F-AD6D-5913F66801D2} (F5 Networks screen sharing client) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urxcli.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/cachecleaner.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urxvpn.cab
    O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://gateway01.thegreenery.com/vdesk/terminal/InstallerControl.cab#version=6020,2007,1001,2146
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/f5InspectionHost.cab
    O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://2006.smgbb.cn/pps/powerplayer.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://gateway01.thegreenery.com/vdesk/terminal/urTermProxy.cab#version=6020,2007,1001,2136
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
    O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/msrdp.cab
    O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/vdeskctrl.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rachelluhh.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
    O16 - DPF: {B8693DEF-98AC-43FC-AA00-E7D728334C80} (F5 Networks 5250 Terminal emulator) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/ur5250x.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urxshost.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O16 - DPF: {D84C4D49-A63A-4432-B319-718ECA705773} - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/f5syschk.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
    O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://gateway01.thegreenery.com/vdesk/terminal/urxhost.cab#version=6020,2007,1001,2140
    O16 - DPF: {E66D35B8-E70D-42A6-B1F5-DB784CB92B15} (URVNCX Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urvncx.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
    O20 - Winlogon Notify: hggfccb - hggfccb.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

    --
    End of file - 12949 bytes

  • #2
    Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A4762212-715A-4AF5-9544-DA99EC013E70} - C:\WINDOWS\System32\fccaw.dll
    O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file)
    O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
    O20 - Winlogon Notify: hggfccb - hggfccb.dll (file missing)

    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    Download Combofix naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      Hallo Smeenk,
      hierbij het resultaat van combofix.
      Bedankt voor je snelle reactie.
      groet
      Frank

      ComboFix 07-12-21.4 - Frank 2007-12-21 0:11:02.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.189 [GMT 1:00]Gestart vanuit: C:\Documents and Settings\Frank\Mijn documenten\temp\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .
      The following files were disabled during the run:
      C:\WINDOWS\System32\wmfhotfix.dll


      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\components

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))
      .

      2007-12-20 21:26 . 2007-12-20 21:26 <DIR> d-------- C:\Program Files\Trend Micro
      2007-12-20 16:21 . 2007-12-20 16:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2007-12-20 16:21 . 2007-12-20 16:21 1,409 --a------ C:\WINDOWS\QTFont.for
      2007-12-19 16:49 . 2007-12-20 17:04 <DIR> d-------- C:\Program Files\Incomplete
      2007-12-18 16:17 . 2007-12-18 16:17 <DIR> d-------- C:\Program Files\Microsoft Games
      2007-12-18 12:24 . 2007-12-18 12:24 <DIR> d-------- C:\Program Files\Lavasoft
      2007-12-18 12:24 . 2007-12-18 12:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2007-12-18 12:22 . 2007-12-18 12:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2007-12-10 22:36 . 2007-12-10 23:28 0 --a------ C:\WINDOWS\system32\mcrh.tmp
      2007-12-09 14:11 . 2007-12-09 14:24 51,355 --a------ C:\WINDOWS\system32\muzika.xm
      2007-12-09 11:14 . 2007-12-20 09:10 22,094 --ahs---- C:\WINDOWS\system32\waccf.ini2
      2007-12-09 11:14 . 2007-12-20 09:12 22,094 --ahs---- C:\WINDOWS\system32\waccf.ini

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2007-12-20 21:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2007-12-20 16:01 --------- d-----w C:\Program Files\LimeWire
      2007-12-20 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
      2007-12-18 20:57 --------- d-----w C:\Program Files\Webroot
      2007-12-18 20:57 --------- d-----w C:\Program Files\Hitman Pro
      2007-12-14 17:00 --------- d-----w C:\Program Files\PartyGaming.Net
      2007-12-13 14:39 --------- d-----w C:\Documents and Settings\Kevin\Application Data\InstallShield Installation Information
      2007-12-10 16:38 26,800 ----a-w C:\Documents and Settings\gast1\Application Data\GDIPFONTCACHEV1.DAT
      2007-11-25 13:29 --------- d-----w C:\Program Files\TVAnts
      2007-11-19 08:58 --------- d-----w C:\Documents and Settings\Frank\Application Data\ICAClient
      2007-11-17 17:22 --------- d-----w C:\Program Files\Hyves Kwekker
      2007-11-16 22:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
      2007-11-14 12:25 26,800 ----a-w C:\Documents and Settings\Kevin\Application Data\GDIPFONTCACHEV1.DAT
      2007-10-29 17:00 --------- d-----w C:\Documents and Settings\gast1\Application Data\Screenshot Sender
      2007-10-28 17:18 --------- d-----w C:\Program Files\MSN Messenger
      2007-10-28 17:18 --------- d-----w C:\Program Files\Messenger Plus! Live
      2007-10-24 15:54 --------- d-----w C:\Program Files\Omerta Script
      2006-09-12 20:32 1,619 ----a-w C:\Program Files\INSTALL.LOG
      2006-02-21 21:44 26,408 ----a-w C:\Documents and Settings\Frank\Application Data\GDIPFONTCACHEV1.DAT
      2006-02-21 15:18 54,784 --sha-w C:\Program Files\Thumbs.db
      2005-07-09 08:52 155,439 ----a-w C:\Program Files\Uninstall.exe
      2005-06-16 20:39 3,218,064 ----a-w C:\Program Files\hitmanpro2012nl.exe
      2005-06-11 13:07 26,408 ----a-w C:\Documents and Settings\Wesley\Application Data\GDIPFONTCACHEV1.DAT
      2005-05-07 07:37 26,408 ----a-w C:\Documents and Settings\Rachelle\Application Data\GDIPFONTCACHEV1.DAT
      2002-06-21 10:19 684,032 ----a-w C:\Program Files\coaster.exe
      2002-01-23 16:57 11,363 ----a-w C:\Program Files\db.txt
      2001-10-19 22:59 6,630 ----a-w C:\Program Files\UNWISE.INI
      2001-09-28 15:00 164,864 ----a-w C:\Program Files\UNWISE.EXE
      2000-12-18 02:10 116,224 ----a-w C:\Program Files\fmod.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 14:54]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 18:30]
      "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 13:00]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-04-10 13:00]
      "snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 16:39]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-25 07:51]
      "NvCplDaemon"="RUNDLL32.exe" [2001-09-07 13:00 C:\WINDOWS\system32\rundll32.exe]
      "nwiz"="nwiz.exe" [2002-08-30 08:06 C:\WINDOWS\system32\nwiz.exe]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-09-07 13:00]
      "Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52]
      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 07:51]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-02-10 14:13:38]
      Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 14:04:48]
      KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 13:12:08]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\WINDOWS\System32\wmfhotfix.dll

      R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-09-06 22:27]
      R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 22:28]
      R3 urvpndrv;F5 Networks VPN Adapter;C:\WINDOWS\System32\DRIVERS\urvpndrv.sys [2005-02-16 12:32]
      S3 f5ipfw;F5 Networks StoneWall Filter;C:\WINDOWS\System32\drivers\urfltw2k.sys [2005-02-16 12:33]

      .
      Inhoud van de 'Gedeelde Taken' map
      "2007-12-13 21:00:00 C:\WINDOWS\Tasks\A7D4FB3A9103759E.job"
      - c:\docume~1\kevin\applic~1\burngr~1\Noun heart corn.exe
      "2007-12-13 21:00:00 C:\WINDOWS\Tasks\A7F61778918D90E8.job"
      - c:\docume~1\kevin\applic~1\burngr~1\Noun heart corn.exe
      "2007-12-13 21:00:00 C:\WINDOWS\Tasks\A9A01FE491FB98FC.job"
      - c:\docume~1\kevin\applic~1\burngr~1\Noun heart corn.exe
      "2007-12-18 11:56:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2007-12-13 21:00:00 C:\WINDOWS\Tasks\B1828FEF93C90023.job"
      - c:\docume~1\kevin\applic~1\burngr~1\Noun heart corn.exe
      "2007-11-16 22:38:31 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
      - C:\WINDOWS\System32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registr ation_7.5.30.2.sxt _RegistrationOffer@16
      .
      **************************************************************************

      catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-12-21 00:25:18
      Windows 5.1.2600 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      PROCESS: C:\WINDOWS\system32\winlogon.exe
      -> C:\WINDOWS\System32\wmfhotfix.dll

      PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.0000]
      -> C:\WINDOWS\System32\wmfhotfix.dll

      PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2600.0000]
      -> C:\WINDOWS\System32\wmfhotfix.dll
      .
      Voltooingstijd: 2007-12-21 0:30:22 - machine was rebooted

      Comment


      • #4
        toevoeging informatie

        Hallo,

        heb zoeven niet vermeld dat ik tussen mijn verzoek om hulp en jouw reactie ook nog spybot heb gedraaid.

        Comment


        • #5
          Download dit bestand: Deljob.exe (mirror)
          Plaats het op je bureaublad.
          Indien je virusscanner de download van deljob.exe blokkeert,
          schakel dan tijdelijk je virusscanner uit of download de zip-versie
          deljob.zip en pak deze uit naar je Bureaublad.
          Dubbelklik Deljob.exe.
          Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad.
          Post de inhoud van logit.txt in je volgende bericht.

          Comment


          • #6
            Onderstaand het resultaat, groet Frank

            --------------------------------------------------------
            File(s) moved to C:\deljob

            A7D4FB3A9103759E.job
            A7F61778918D90E8.job
            A9A01FE491FB98FC.job
            B1828FEF93C90023.job
            --------------------------------------------------------
            Files remaining after cleaning

            AppleSoftwareUpdate.job
            EasyShare Registration Task.job
            --------------------------------------------------------
            App data folders

            Het volume in station C heeft geen naam.
            Het volumenummer is C8D4-768A

            Map van C:\Documents and Settings\Frank\Application Data

            10-10-2007 18:47 <DIR> .
            10-10-2007 18:47 <DIR> ..
            16-09-2004 10:49 <DIR> Adobe
            16-10-2004 15:20 <DIR> Ahead
            10-03-2007 17:51 <DIR> APPLEC~1 Apple Computer
            14-01-2005 22:49 <DIR> ArcSoft
            17-11-2005 10:38 <DIR> AVG7
            11-03-2007 21:43 <DIR> Google
            10-02-2005 16:54 <DIR> Help
            19-11-2007 09:58 <DIR> ICACLI~1 ICAClient
            08-02-2006 22:18 <DIR> IDENTI~1 Identities
            16-09-2004 10:49 <DIR> INTERT~1 InterTrust
            14-10-2004 12:40 <DIR> KAZAAL~1 Kazaa Lite
            21-12-2005 10:31 <DIR> Lavasoft
            04-11-2004 21:55 <DIR> MACROM~1 Macromedia
            11-08-2007 01:11 <DIR> MICROS~1 Microsoft
            10-10-2007 18:47 <DIR> Mozilla
            28-09-2004 20:17 <DIR> Sun
            16-09-2004 08:39 <DIR> Symantec
            21-08-2006 23:06 <DIR> Toshiba
            16-06-2005 22:50 <DIR> Webroot
            0 bestand(en) 0 bytes
            21 map(pen) 4.692.922.368 bytes beschikbaar
            Het volume in station C heeft geen naam.
            Het volumenummer is C8D4-768A

            Map van C:\Documents and Settings\All Users\Application Data

            18-12-2007 12:24 <DIR> .
            18-12-2007 12:24 <DIR> ..
            05-03-2007 19:18 <DIR> APPLEC~1 Apple Computer
            15-01-2005 13:15 <DIR> ArcSoft
            29-12-2006 13:14 <DIR> avg7
            16-09-2004 10:45 <DIR> CYBERL~1 CyberLink
            16-06-2005 22:23 <DIR> FORKPO~1 Fork poke real lies
            18-09-2006 20:50 <DIR> Google
            07-09-2007 21:59 <DIR> Grisoft
            16-11-2007 23:37 <DIR> Kodak
            18-12-2007 12:24 <DIR> Lavasoft
            26-10-2006 14:49 <DIR> MESSEN~1 Messenger Plus!
            22-03-2007 20:24 <DIR> MICROS~1 Microsoft
            09-07-2005 18:44 <DIR> MSN6
            05-10-2004 18:06 <DIR> QUICKT~1 QuickTime
            20-12-2007 22:19 <DIR> SPYBOT~1 Spybot - Search & Destroy
            17-11-2005 11:13 <DIR> Symantec
            22-03-2007 20:27 <DIR> TEMP
            06-12-2006 13:27 <DIR> WINDOW~1 Windows Genuine Advantage
            0 bestand(en) 0 bytes
            19 map(pen) 4.692.922.368 bytes beschikbaar

            Comment


            • #7
              Download de bijlage: CFScript.txt

              Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



              Dit zal ComboFix doen herstarten.
              Start opnieuw op als daarom gevraagd wordt,
              en post de inhoud van de Combofix.txt in je volgende antwoord.

              Post ook een nieuw logje van Hijackthis en vertel ook of er nog problemen zijn.
              Bijgevoegde Bestanden

              Comment


              • #8
                Hallo,

                onderstaand de 2 gevraagde files.
                Inmiddels verschijnen de AVG waarschuwingen niet meer en lijkt de pc ook sneller geworden.
                Groet, Frank

                ComboFix 07-12-21.4 - Frank 2007-12-22 13:13:03.2 - NTFSx86
                Gestart vanuit: C:\Documents and Settings\Frank\Mijn documenten\temp\ComboFix.exe
                Command switches used :: C:\cfscript.txt

                FILE
                C:\WINDOWS\system32\mcrh.tmp
                C:\WINDOWS\system32\waccf.ini
                C:\WINDOWS\system32\waccf.ini2
                .
                The following files were disabled during the run:
                C:\WINDOWS\System32\wmfhotfix.dll


                (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                .

                C:\deljob
                C:\deljob\A7D4FB3A9103759E.job
                C:\deljob\A7F61778918D90E8.job
                C:\deljob\A9A01FE491FB98FC.job
                C:\deljob\B1828FEF93C90023.job
                c:\docume~1\kevin\applic~1\burngr~1
                c:\docume~1\kevin\applic~1\burngr~1\44A9B00D
                C:\Documents and Settings\All Users\Application Data\Fork poke real lies
                C:\Documents and Settings\All Users\Application Data\Fork poke real lies\sixthplusinfo
                C:\WINDOWS\system32\mcrh.tmp
                C:\WINDOWS\system32\waccf.ini
                C:\WINDOWS\system32\waccf.ini2

                .
                (((((((((((((((((((( Bestanden Gemaakt van 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))
                .

                2007-12-20 21:26 . 2007-12-20 21:26 <DIR> d-------- C:\Program Files\Trend Micro
                2007-12-20 16:21 . 2007-12-20 16:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
                2007-12-20 16:21 . 2007-12-20 16:21 1,409 --a------ C:\WINDOWS\QTFont.for
                2007-12-19 16:49 . 2007-12-20 17:04 <DIR> d-------- C:\Program Files\Incomplete
                2007-12-18 16:17 . 2007-12-18 16:17 <DIR> d-------- C:\Program Files\Microsoft Games
                2007-12-18 12:24 . 2007-12-18 12:24 <DIR> d-------- C:\Program Files\Lavasoft
                2007-12-18 12:24 . 2007-12-18 12:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                2007-12-18 12:22 . 2007-12-18 12:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
                2007-12-09 14:11 . 2007-12-09 14:24 51,355 --a------ C:\WINDOWS\system32\muzika.xm

                .
                ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2007-12-20 21:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                2007-12-20 16:01 --------- d-----w C:\Program Files\LimeWire
                2007-12-20 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
                2007-12-18 20:57 --------- d-----w C:\Program Files\Webroot
                2007-12-18 20:57 --------- d-----w C:\Program Files\Hitman Pro
                2007-12-14 17:00 --------- d-----w C:\Program Files\PartyGaming.Net
                2007-12-13 14:39 --------- d-----w C:\Documents and Settings\Kevin\Application Data\InstallShield Installation Information
                2007-12-10 16:38 26,800 ----a-w C:\Documents and Settings\gast1\Application Data\GDIPFONTCACHEV1.DAT
                2007-11-25 13:29 --------- d-----w C:\Program Files\TVAnts
                2007-11-19 08:58 --------- d-----w C:\Documents and Settings\Frank\Application Data\ICAClient
                2007-11-17 17:22 --------- d-----w C:\Program Files\Hyves Kwekker
                2007-11-16 22:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
                2007-11-14 12:25 26,800 ----a-w C:\Documents and Settings\Kevin\Application Data\GDIPFONTCACHEV1.DAT
                2007-10-29 17:00 --------- d-----w C:\Documents and Settings\gast1\Application Data\Screenshot Sender
                2007-10-28 17:18 --------- d-----w C:\Program Files\MSN Messenger
                2007-10-28 17:18 --------- d-----w C:\Program Files\Messenger Plus! Live
                2007-10-24 15:54 --------- d-----w C:\Program Files\Omerta Script
                2006-09-12 20:32 1,619 ----a-w C:\Program Files\INSTALL.LOG
                2006-02-21 21:44 26,408 ----a-w C:\Documents and Settings\Frank\Application Data\GDIPFONTCACHEV1.DAT
                2006-02-21 15:18 54,784 --sha-w C:\Program Files\Thumbs.db
                2005-07-09 08:52 155,439 ----a-w C:\Program Files\Uninstall.exe
                2005-06-16 20:39 3,218,064 ----a-w C:\Program Files\hitmanpro2012nl.exe
                2005-06-11 13:07 26,408 ----a-w C:\Documents and Settings\Wesley\Application Data\GDIPFONTCACHEV1.DAT
                2005-05-07 07:37 26,408 ----a-w C:\Documents and Settings\Rachelle\Application Data\GDIPFONTCACHEV1.DAT
                2002-06-21 10:19 684,032 ----a-w C:\Program Files\coaster.exe
                2002-01-23 16:57 11,363 ----a-w C:\Program Files\db.txt
                2001-10-19 22:59 6,630 ----a-w C:\Program Files\UNWISE.INI
                2001-09-28 15:00 164,864 ----a-w C:\Program Files\UNWISE.EXE
                2000-12-18 02:10 116,224 ----a-w C:\Program Files\fmod.dll
                .

                ((((((((((((((((((((((((((((( snapshot@2007-12-21_ 0.28.27.54 )))))))))))))))))))))))))))))))))))))))))
                .
                - 2007-12-20 23:10:47 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
                + 2007-12-22 12:12:38 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
                - 2006-11-20 18:40:43 3,968 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
                + 2007-12-21 07:40:00 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
                - 2007-06-26 06:40:31 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
                + 2007-12-21 07:39:40 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
                - 2007-12-09 13:40:25 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
                + 2007-12-20 23:35:32 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
                - 2007-12-09 13:40:25 53,418 ----a-w C:\WINDOWS\system32\perfc013.dat
                + 2007-12-20 23:35:32 53,418 ----a-w C:\WINDOWS\system32\perfc013.dat
                - 2007-12-09 13:40:25 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
                + 2007-12-20 23:35:32 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
                - 2007-12-09 13:40:25 364,330 ----a-w C:\WINDOWS\system32\perfh013.dat
                + 2007-12-20 23:35:32 364,330 ----a-w C:\WINDOWS\system32\perfh013.dat
                + 2007-12-22 12:07:08 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5bc.dat
                .
                ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                REGEDIT4
                *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 18:30]
                "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 13:00]
                "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
                "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 14:54]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-04-10 13:00]
                "snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 16:39]
                "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 08:39]
                "NvCplDaemon"="RUNDLL32.exe" [2001-09-07 13:00 C:\WINDOWS\system32\rundll32.exe]
                "nwiz"="nwiz.exe" [2002-08-30 08:06 C:\WINDOWS\system32\nwiz.exe]
                "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
                "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
                "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51]

                [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-09-07 13:00]
                "Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52]
                "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 07:51]

                C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-02-10 14:13:38]
                Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 14:04:48]
                KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 13:12:08]
                Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
                "AppInit_DLLs"=C:\WINDOWS\System32\wmfhotfix.dll

                R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-09-06 22:27]
                R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 22:28]
                R3 urvpndrv;F5 Networks VPN Adapter;C:\WINDOWS\System32\DRIVERS\urvpndrv.sys [2005-02-16 12:32]
                S3 f5ipfw;F5 Networks StoneWall Filter;C:\WINDOWS\System32\drivers\urfltw2k.sys [2005-02-16 12:33]

                .
                Inhoud van de 'Gedeelde Taken' map
                "2007-12-18 11:56:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                "2007-11-16 22:38:31 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
                - C:\WINDOWS\System32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registr ation_7.5.30.2.sxt _RegistrationOffer@16
                .
                **************************************************************************

                catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                Rootkit scan 2007-12-22 13:19:34
                Windows 5.1.2600 NTFS

                scannen van verborgen processen ...

                scannen van verborgen autostart items ...

                scannen van verborgen bestanden ...

                **************************************************************************
                .
                Voltooingstijd: 2007-12-22 13:21:59
                C:\ComboFix2.txt ... 2007-12-21 00:30

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 13:26:37, on 22-12-2007
                Platform: Windows XP (WinNT 5.01.2600)
                MSIE: Internet Explorer v6.00 (6.00.2600.0000)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
                C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
                C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
                C:\Program Files\FolderSize\FolderSizeSvc.exe
                C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                C:\WINDOWS\System32\nvsvc32.exe
                C:\WINDOWS\system32\pctspk.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\vsnpstd.exe
                C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
                C:\Program Files\Messenger\msmsgs.exe
                C:\WINDOWS\System32\ctfmon.exe
                C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                C:\WINDOWS\System32\wuauclt.exe
                C:\WINDOWS\explorer.exe
                C:\Program Files\Internet Explorer\IEXPLORE.EXE
                C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
                O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
                O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
                O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
                O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
                O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
                O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
                O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
                O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
                O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                O4 - Global Startup: Bluetooth Manager.lnk = ?
                O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
                O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
                O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
                O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
                O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
                O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
                O16 - DPF: {041FA6AB-BA33-498F-AD6D-5913F66801D2} (F5 Networks screen sharing client) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urxcli.cab
                O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
                O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
                O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/cachecleaner.cab
                O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
                O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urxvpn.cab
                O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://gateway01.thegreenery.com/vdesk/terminal/InstallerControl.cab#version=6020,2007,1001,2146
                O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/mail/resources/MsnPUpld.cab
                O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
                O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/f5InspectionHost.cab
                O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} - http://2006.smgbb.cn/pps/powerplayer.cab
                O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
                O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://gateway01.thegreenery.com/vdesk/terminal/urTermProxy.cab#version=6020,2007,1001,2136
                O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
                O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/msrdp.cab
                O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/vdeskctrl.cab
                O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rachelluhh.spaces.live.com/PhotoUpload/MsnPUpld.cab
                O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
                O16 - DPF: {B8693DEF-98AC-43FC-AA00-E7D728334C80} (F5 Networks 5250 Terminal emulator) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/ur5250x.cab
                O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
                O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urxshost.cab
                O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
                O16 - DPF: {D84C4D49-A63A-4432-B319-718ECA705773} - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/f5syschk.cab
                O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
                O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://gateway01.thegreenery.com/vdesk/terminal/urxhost.cab#version=6020,2007,1001,2140
                O16 - DPF: {E66D35B8-E70D-42A6-B1F5-DB784CB92B15} (URVNCX Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urvncx.cab
                O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
                O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
                O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
                O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
                O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
                O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
                O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
                O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

                --
                End of file - 11438 bytes

                Comment


                • #9
                  Verwijder de volgende map:
                  C:\Qoobox

                  Maak dan je prullenbak leeg.

                  Je Java software is verouderd. oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                  Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                  • Download Java Runtime Environment (JRE) 6.3 en bewaar het naar je Bureaublad.
                  • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                  • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                  • Herhaal dit tot alle oudere versies verdwenen zijn.
                  • Na het verwijderen van alle oudere versies, herstart je pc.
                  • Dubbelklik vervolgens op jre-6u3-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                  Download ATF cleaner (mirror)(gemaakt door Atribune)

                  Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                  Dubbelklik op ATF cleaner om het programma te starten.
                  Op het tabblad "Main", plaats je een vinkje bij Select All.
                  Klik op de knop Empty Selected.

                  Het volgende doen als je ook FireFox als browser hebt:
                  Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                  Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                  (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                  Klik op de knop Empty Selected.

                  Het volgende doen als je ook Opera als browser hebt:
                  Klik op tabblad "Opera", plaats een vinkje bij Select All.
                  Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                  Klik op de knop Empty Selected.
                  Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                  Ga naar Start - Uitvoeren en geef hier het volgende in:
                  Combofix /U
                  Druk daarna op OK.
                  Let op: Er moet een spatie tussen Combofix en /U zitten.

                  Dit zal Combofix deïnstalleren.

                  Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                  Kijk hier hoe je je systeemherstel moet uitschakelen.
                  Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                  Post als laatste nog een nieuw logje van Hijackthis ter controle

                  Comment


                  • #10
                    Hallo,
                    zag dat er wel een snelkoppeling was achtergebleven van Combofix.
                    Hopelijk is echter toch alles verdwenen.
                    groet,

                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 16:05:13, on 22-12-2007
                    Platform: Windows XP (WinNT 5.01.2600)
                    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
                    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
                    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
                    C:\Program Files\FolderSize\FolderSizeSvc.exe
                    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                    C:\WINDOWS\System32\nvsvc32.exe
                    C:\WINDOWS\system32\pctspk.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\WINDOWS\vsnpstd.exe
                    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
                    C:\Program Files\QuickTime\qttask.exe
                    C:\Program Files\iTunes\iTunesHelper.exe
                    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                    C:\Program Files\Messenger\msmsgs.exe
                    C:\WINDOWS\System32\ctfmon.exe
                    C:\Program Files\iPod\bin\iPodService.exe
                    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
                    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
                    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
                    C:\WINDOWS\System32\wuauclt.exe
                    C:\Program Files\Microsoft Office\Office10\msoffice.exe
                    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
                    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll
                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
                    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
                    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
                    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
                    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                    O4 - Global Startup: Bluetooth Manager.lnk = ?
                    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
                    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
                    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
                    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
                    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
                    O16 - DPF: {041FA6AB-BA33-498F-AD6D-5913F66801D2} (F5 Networks screen sharing client) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urxcli.cab
                    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
                    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
                    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                    O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/cachecleaner.cab
                    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
                    O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urxvpn.cab
                    O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://gateway01.thegreenery.com/vdesk/terminal/InstallerControl.cab#version=6020,2007,1001,2146
                    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/mail/resources/MsnPUpld.cab
                    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
                    O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/f5InspectionHost.cab
                    O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} - http://2006.smgbb.cn/pps/powerplayer.cab
                    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
                    O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://gateway01.thegreenery.com/vdesk/terminal/urTermProxy.cab#version=6020,2007,1001,2136
                    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
                    O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/msrdp.cab
                    O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/vdeskctrl.cab
                    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rachelluhh.spaces.live.com/PhotoUpload/MsnPUpld.cab
                    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
                    O16 - DPF: {B8693DEF-98AC-43FC-AA00-E7D728334C80} (F5 Networks 5250 Terminal emulator) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/ur5250x.cab
                    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
                    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                    O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urxshost.cab
                    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
                    O16 - DPF: {D84C4D49-A63A-4432-B319-718ECA705773} - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/f5syschk.cab
                    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
                    O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://gateway01.thegreenery.com/vdesk/terminal/urxhost.cab#version=6020,2007,1001,2140
                    O16 - DPF: {E66D35B8-E70D-42A6-B1F5-DB784CB92B15} (URVNCX Class) - file://C:/DOCUME~1/Frank/LOCALS~1/Temp/F5_TMP/urvncx.cab
                    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
                    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
                    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
                    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
                    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
                    O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
                    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
                    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

                    --
                    End of file - 12041 bytes

                    Comment


                    • #11
                      Logje ziet er goed uit

                      Verwijder die snelkoppeling maar.

                      Comment


                      • #12
                        Smeenk, bedankt voor je duidelijke en snelle response!

                        Comment


                        • #13
                          Graag gedaan hoor

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X
                          😀
                          🥰
                          🤢
                          😎
                          😡
                          👍
                          👎