Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\gcc.exe,
O2 - BHO: (no name) - {3694E8C1-1329-473F-97E8-6665ADC27AFF} - C:\WINDOWS\system32\d3dpmeshk.dll
O2 - BHO: (no name) - {4AA34498-0D2A-48C6-A6DC-9D1C15B7394B} - c:\windows\system32\dhcpcsvcw.dll
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlogon.exe
O20 - Winlogon Notify: ideusr50 - ideusr50.dll (file missing)
O20 - Winlogon Notify: yebbvatl - C:\WINDOWS\SYSTEM32\dhcpcsvcw.dll
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

Download: RVAXO.exe

• Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
• Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
  Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
• Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
  
• Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
  Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
• Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
• Post de inhoud van de logfile in je volgende bericht.

Download Combofix naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

Alvast bedankt voor alle hulp!

Combofix

ComboFix 07-12-27.1 - Administrator 2007-12-27 14:00:06.2 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\ksl48.bin
C:\WINDOWS\Temp\460624263.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FCI
-------\LEGACY_IDERSRVC
-------\LEGACY_PROTECT
-------\LEGACY_SYSLIBRARY
-------\FCI
-------\idersrvc
-------\protect
-------\SysLibrary




(((((((((((((((((((( Bestanden Gemaakt van 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))
.

2007-12-27 12:48 . 2007-12-27 12:48 <DIR> d-------- C:\RVAXO
2007-12-27 12:38 . 2007-12-27 12:48 107,980 --a------ C:\RVAXO.reg
2007-12-27 11:15 . 2007-12-27 12:15 572,339 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-12-27 11:15 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-12-27 11:15 . 2007-12-13 16:46 7,048 --a------ C:\WINDOWS\system32\fixp.bat
2007-12-27 10:56 . 2007-12-27 10:56 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-24 12:01 . 2007-12-27 09:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-12-24 11:59 . 2007-12-24 11:59 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-24 11:58 . 2007-12-24 11:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 11:58 . 2007-12-24 12:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-24 11:47 . 2007-12-24 11:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-24 11:29 . 2007-12-24 11:29 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-24 11:29 . 2007-12-24 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-24 11:28 . 2007-12-24 11:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-16 20:45 . 2007-12-16 20:45 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2007-12-16 20:45 . 2007-12-16 20:45 741,632 --a------ C:\WINDOWS\system32\kamrtgrh.dat
2007-12-16 20:45 . 2007-12-16 20:45 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-16 20:45 . 2007-12-26 09:19 120,576 --a------ C:\WINDOWS\system32\emaqvlju.dat
2007-12-16 20:45 . 2007-12-21 17:13 42,240 --a------ C:\WINDOWS\system32\vbmtdgeq.dat
2007-12-16 20:45 . 2007-12-16 20:45 36,096 --a------ C:\WINDOWS\system32\sbvokdxj.dat
2007-12-16 20:45 . 2007-12-16 20:45 35,072 --a------ C:\WINDOWS\system32\sanooioo.dat
2007-12-16 20:23 . 2007-12-26 21:33 <DIR> d-------- C:\WINDOWS\system32\AppCert
2007-12-16 20:23 . 2007-12-24 11:20 84,992 --a------ C:\WINDOWS\system32\dhcpcsvcw.dll.bak
2007-12-16 20:23 . 2007-12-26 09:31 84,992 --a------ C:\WINDOWS\system32\dhcpcsvcw.dll
2007-12-16 20:23 . 19,584 C:\WINDOWS\system32\drivers\koyuhtax.dat
2007-12-16 20:22 . 2004-08-04 09:00 84,992 --a------ C:\WINDOWS\system32\d3dpmeshk.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-16 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-16 19:28 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2007-11-16 19:28 14,336 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3694E8C1-1329-473F-97E8-6665ADC27AFF}]
2004-08-04 09:00 84992 --a------ C:\WINDOWS\system32\d3dpmeshk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA34498-0D2A-48C6-A6DC-9D1C15B7394B}]
2007-12-26 09:31 84992 --a------ c:\windows\system32\dhcpcsvcw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-21 13:16]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-21 13:11]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 12:20 C:\WINDOWS\AGRSMMSG.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 11:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2005-06-10 21:27]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 00:05]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 19:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 19:38]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 15:28]
"hpWirelessAssistant"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 16:23]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2004-12-08 17:44]
"ccApp"="-"
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-24 12:03]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-24 11:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yebbvatl]
dhcpcsvcw.dll 2007-12-26 09:31 84992 C:\WINDOWS\system32\dhcpcsvcw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^DVD Check.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\DVD Check.lnk
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

R0 imlcdeib;imlcdeib;C:\WINDOWS\system32\drivers\koyuhtax.dat
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 17:26]
S2 jxfjpkba;IP in IP Tunnel Controller;C:\WINDOWS\System32\svchost.exe [2007-11-16 20:28]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
jxfjpkba

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 14:02:19
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????9?1?6?3??????? ???B???????????????B? ??????

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-27 14:02:55

Heb geen last meer van die meldingen met avg. Dus probleem lijkt me opgelost.
Ik plaats straks nog eens een hijack logje

Alvast Bedankt voor de hulp!!! Prettige eindejaarsfeesten en een prachtig 2008 toegewenst!

Kreeg je nog een logje van RVAXO? C:\RVAXO-results.log
Post deze ook eens

Download de bijlage: CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.
Post ook een nieuw logje van Hijackthis

logje RVAXO (sorry, glad vergeten)

----------------RVAXO.exe first run-------------

Files found:


Uninstallers Rogue scanners:


Folders Found:


Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

Folders Found:

--------------RVAXO.exe finished----------------

Combofix.txt
ComboFix 07-12-27.1 - Administrator 2007-12-27 14:58:14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.201 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Bureaublad\cfscript.txt

FILE
C:\WINDOWS\system32\d3dpmeshk.dll
C:\WINDOWS\system32\dhcpcsvcw.dll
C:\WINDOWS\system32\dhcpcsvcw.dll.bak
C:\WINDOWS\system32\drivers\koyuhtax.dat
C:\WINDOWS\system32\emaqvlju.dat
C:\WINDOWS\system32\kamrtgrh.dat
C:\WINDOWS\system32\sanooioo.dat
C:\WINDOWS\system32\sbvokdxj.dat
C:\WINDOWS\system32\vbmtdgeq.dat
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\AppCert
C:\WINDOWS\system32\AppCert\filter.drv
C:\WINDOWS\system32\AppCert\options.dat
C:\WINDOWS\system32\AppCert\prx93f.dll
C:\WINDOWS\system32\AppCert\wsil32.dll
C:\WINDOWS\system32\d3dpmeshk.dll
C:\WINDOWS\system32\dhcpcsvcw.dll
C:\WINDOWS\system32\dhcpcsvcw.dll.bak
C:\WINDOWS\system32\drivers\koyuhtax.dat
C:\WINDOWS\system32\emaqvlju.dat
C:\WINDOWS\system32\kamrtgrh.dat
C:\WINDOWS\system32\sanooioo.dat
C:\WINDOWS\system32\sbvokdxj.dat
C:\WINDOWS\system32\vbmtdgeq.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IMLCDEIB
-------\LEGACY_JXFJPKBA
-------\imlcdeib
-------\jxfjpkba


(((((((((((((((((((( Bestanden Gemaakt van 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))
.

2007-12-27 14:12 . 2007-12-27 15:01 <DIR> d-------- C:\RVAXO
2007-12-27 11:15 . 2007-12-27 12:15 572,339 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-12-27 11:15 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-12-27 10:56 . 2007-12-27 10:56 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-24 12:01 . 2007-12-27 14:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-12-24 11:59 . 2007-12-24 11:59 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-24 11:58 . 2007-12-24 11:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 11:58 . 2007-12-24 12:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-24 11:47 . 2007-12-24 11:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-24 11:29 . 2007-12-24 11:29 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-24 11:29 . 2007-12-24 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-24 11:28 . 2007-12-24 11:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-16 20:45 . 2007-12-16 20:45 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2007-12-16 20:45 . 2007-12-16 20:45 246,545 --a------ C:\WINDOWS\system32\libssl32.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-16 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-21 13:16]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-21 13:11]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 12:20 C:\WINDOWS\AGRSMMSG.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 11:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2005-06-10 21:27]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 00:05]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 19:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 19:38]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 15:28]
"hpWirelessAssistant"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 16:23]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2004-12-08 17:44]
"ccApp"="-"
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-24 12:03]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-24 11:59]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^DVD Check.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\DVD Check.lnk
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 17:26]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
jxfjpkba

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 15:01:41
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????9?1?6?3??????? ???B???????????????B? ??????

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-27 15:02:16 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-27 14:02

Hijacklogje

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04:41, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "&#37;ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://10.20.147.2/msrdp.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6154 bytes


Nogmaals van harte bedankt om na te kijken!!!

mapje C:/Qoobox mag dit verwijderd worden?

Zou je de volgende 2 bestanden nog even willen uploaden bij VirusTotal( http://www.virustotal.com/ ) om te laten scannen:
C:\WINDOWS\system32\libeay32.dll
C:\WINDOWS\system32\libssl32.dll

Wacht geduldig op de resultaten van de scans en kopieer deze nadien naar je volgende post.

Bestand libssl32.dll ontvangen op 2007.12.27 15:18:54 (CET)
Resultaat: 0/32 (0%)

Antivirus Versie Laatst geüpdatet Resultaat
AhnLab-V3 2007.12.27.10 2007.12.26 -
AntiVir 7.6.0.46 2007.12.27 -
Authentium 4.93.8 2007.12.27 -
Avast 4.7.1098.0 2007.12.26 -
AVG 7.5.0.516 2007.12.26 -
BitDefender 7.2 2007.12.27 -
CAT-QuickHeal 9.00 2007.12.27 -
ClamAV 0.91.2 2007.12.27 -
DrWeb 4.44.0.09170 2007.12.27 -
eSafe 7.0.15.0 2007.12.26 -
eTrust-Vet 31.3.5406 2007.12.27 -
Ewido 4.0 2007.12.27 -
FileAdvisor 1 2007.12.27 -
Fortinet 3.14.0.0 2007.12.27 -
F-Prot 4.4.2.54 2007.12.26 -
F-Secure 6.70.13030.0 2007.12.27 -
Ikarus T3.1.1.15 2007.12.27 -
Kaspersky 7.0.0.125 2007.12.27 -
McAfee 5193 2007.12.26 -
Microsoft 1.3109 2007.12.27 -
NOD32v2 2750 2007.12.27 -
Norman 5.80.02 2007.12.27 -
Panda 9.0.0.4 2007.12.26 -
Prevx1 V2 2007.12.27 -
Rising 20.24.32.00 2007.12.27 -
Sophos 4.24.0 2007.12.27 -
Sunbelt 2.2.907.0 2007.12.27 -
Symantec 10 2007.12.27 -
TheHacker 6.2.9.170 2007.12.26 -
VBA32 3.12.2.5 2007.12.26 -
VirusBuster 4.3.26:9 2007.12.26 -
Webwasher-Gateway 6.6.2 2007.12.27 -
Extra informatie
File size: 246545 bytes
MD5: b6a1121e63e5c9c7a62844373a06e2ff
SHA1: 0981dcb314b65b71657d0b01966cb256add37557
PEiD: -


EN

Bestand libeay32.dll ontvangen op 2007.12.27 15:15:53 (CET)


Resultaat: 0/32 (0%)


Antivirus Versie Laatst geüpdatet Resultaat
AhnLab-V3 2007.12.27.10 2007.12.26 -
AntiVir 7.6.0.46 2007.12.27 -
Authentium 4.93.8 2007.12.27 -
Avast 4.7.1098.0 2007.12.26 -
AVG 7.5.0.516 2007.12.26 -
BitDefender 7.2 2007.12.27 -
CAT-QuickHeal 9.00 2007.12.27 -
ClamAV 0.91.2 2007.12.27 -
DrWeb 4.44.0.09170 2007.12.27 -
eSafe 7.0.15.0 2007.12.26 -
eTrust-Vet 31.3.5406 2007.12.27 -
Ewido 4.0 2007.12.27 -
FileAdvisor 1 2007.12.27 -
Fortinet 3.14.0.0 2007.12.27 -
F-Prot 4.4.2.54 2007.12.26 -
F-Secure 6.70.13030.0 2007.12.27 -
Ikarus T3.1.1.15 2007.12.27 -
Kaspersky 7.0.0.125 2007.12.27 -
McAfee 5193 2007.12.26 -
Microsoft 1.3109 2007.12.27 -
NOD32v2 2750 2007.12.27 -
Norman 5.80.02 2007.12.27 -
Panda 9.0.0.4 2007.12.26 -
Prevx1 V2 2007.12.27 -
Rising 20.24.32.00 2007.12.27 -
Sophos 4.24.0 2007.12.27 -
Sunbelt 2.2.907.0 2007.12.27 -
Symantec 10 2007.12.27 -
TheHacker 6.2.9.170 2007.12.26 -
VBA32 3.12.2.5 2007.12.26 -
VirusBuster 4.3.26:9 2007.12.26 -
Webwasher-Gateway 6.6.2 2007.12.27 -
Extra informatie
File size: 1188375 bytes
MD5: 1f495134ec94669eb71fb966d18b8748
SHA1: 6ee791ef7aacf6179d608c766de26b174e6e86d2
PEiD: -
packers: ZIP

Niets gevonden lijkt me?

Mag de map C:\QooBox verwijderd worden?

Dan zullen die wel OK zijn

Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
Dit zal alles van RVAXO doen verwijderen.

Verwijder de volgende map:
C:\Qoobox

Maak dan je prullenbak leeg.

Je Java software is verouderd. oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

• Download Java Runtime Environment (JRE) 6.3 en bewaar het naar je Bureaublad.
• Sluit alle programma's die eventueel open zijn - Zeker je web browser!
• Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
• Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
• Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
• Herhaal dit tot alle oudere versies verdwenen zijn.
• Na het verwijderen van alle oudere versies, herstart je pc.
• Dubbelklik vervolgens op jre-6u3-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Post als laatste nog een nieuw logje van Hijackthis ter controle

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00:01, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "&#37;ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://10.20.147.2/msrdp.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6208 bytes

En ziet dit er goed uit?
Vormt dit enig probleem?
O4 - HKLM\..\Run: [ccApp] -

Alvast van harte bedankt voor de hulp!!! Vader zal heel tevreden zijn!
Prettige eindejaarsfeesten!

Graag gedaan hoor

deze: O4 - HKLM\..\Run: [ccApp] -
lijkt mij een restantje van Norton te zijn.

Mag wel weg

Ok, Bedankt!

Ik plaats hem als opgelost!