Mededeling

Collapse
No announcement yet.

Bij AVG scan komt downloader.agent.acl steeds weer terug

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Bij AVG scan komt downloader.agent.acl steeds weer terug

    Op de pc van mijn zoon heb ik nu 2x een AVG scan gedaan deze week en er waren de eerste keer 2 threats met hoog risico gevonden: trojan.inject.du en downloader.agent.acl. Deze heb ik in quarantaine laten plaatsen. Vandaag weer een scan gedaan en blijkt die downloader.agent.acl weer naar voren te komen. Waar ligt dat aan en kan ik hier iets aan doen (voor altijd verwijderen, bedoel ik)?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:31:52, on 3-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\PC-TV\DigitalTV\7049\Agent.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\PC-TV\WinManager\WinManager.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spelle.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F3 - REG:win.ini: run=
    O1 - Hosts: 65.75.216.6 www.winmx.com err.winmx.com
    O1 - Hosts: 205.238.40.54 www.winmx.com err.winmx.com
    O1 - Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
    O1 - Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
    O1 - Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com
    O1 - Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com
    O1 - Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com
    O1 - Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
    O1 - Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
    O1 - Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
    O1 - Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
    O1 - Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
    O1 - Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
    O1 - Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
    O1 - Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
    O1 - Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
    O1 - Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
    O1 - Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
    O1 - Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
    O1 - Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
    O1 - Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
    O1 - Hosts: 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
    O1 - Hosts: 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
    O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
    O1 - Hosts: 65.75.216.6 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
    O1 - Hosts: 205.238.40.54 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
    O1 - Hosts: 65.75.216.6 test0.winmxgroup.net test5.winmxgroup.net
    O1 - Hosts: 65.75.216.7 test1.winmxgroup.net test6.winmxgroup.net
    O1 - Hosts: 82.43.229.238 test2.winmxgroup.net
    O1 - Hosts: 205.238.40.1 test3.winmxgroup.net
    O1 - Hosts: 205.238.40.2 test4.winmxgroup.net
    O1 - Hosts: 65.75.216.6 cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net
    O1 - Hosts: 65.75.216.7 cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net
    O1 - Hosts: 82.43.229.238 cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net
    O1 - Hosts: 205.238.40.1 cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net
    O1 - Hosts: 205.238.40.2 cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: 7049.lnk = C:\Program Files\PC-TV\DigitalTV\7049\Agent.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168371449125
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-nl.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{206C3371-A3EB-468E-A909-E8394455627F}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{206C3371-A3EB-468E-A909-E8394455627F}: NameServer = 192.168.1.1
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 15413 bytes
    Paula

  • #2
    C:\System Volume Information\_restore{FB0C3750-ADB0-49A4-B1AA-E06B36F0B425}\RP508\A0071523.sys
    Dit is waar die downloader.agent.acl in gevonden wordt door AVG
    Paula

    Comment


    • #3
      HijackThis log na verwijdering Hitmanpro en draaien Ad-Aware + Spybot

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:14:25, on 9-1-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\ATKKBService.exe
      C:\Program Files\MSI\Live Update 3\LMonitor.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\WINDOWS\System32\PAStiSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\PC-TV\DigitalTV\7049\Agent.exe
      C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      C:\Program Files\PC-TV\WinManager\WinManager.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\WINDOWS\system32\wisptis.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spelle.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      F3 - REG:win.ini: run=
      O1 - Hosts: 65.75.216.6 www.winmx.com err.winmx.com
      O1 - Hosts: 205.238.40.54 www.winmx.com err.winmx.com
      O1 - Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
      O1 - Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
      O1 - Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com
      O1 - Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com
      O1 - Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com
      O1 - Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
      O1 - Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
      O1 - Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
      O1 - Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
      O1 - Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
      O1 - Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
      O1 - Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
      O1 - Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
      O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
      O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
      O1 - Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
      O1 - Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
      O1 - Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
      O1 - Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
      O1 - Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
      O1 - Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
      O1 - Hosts: 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
      O1 - Hosts: 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
      O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
      O1 - Hosts: 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
      O1 - Hosts: 65.75.216.6 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
      O1 - Hosts: 205.238.40.54 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
      O1 - Hosts: 65.75.216.6 test0.winmxgroup.net test5.winmxgroup.net
      O1 - Hosts: 65.75.216.7 test1.winmxgroup.net test6.winmxgroup.net
      O1 - Hosts: 82.43.229.238 test2.winmxgroup.net
      O1 - Hosts: 205.238.40.1 test3.winmxgroup.net
      O1 - Hosts: 205.238.40.2 test4.winmxgroup.net
      O1 - Hosts: 65.75.216.6 cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net
      O1 - Hosts: 65.75.216.7 cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net
      O1 - Hosts: 82.43.229.238 cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net
      O1 - Hosts: 205.238.40.1 cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net
      O1 - Hosts: 205.238.40.2 cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
      O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: 7049.lnk = C:\Program Files\PC-TV\DigitalTV\7049\Agent.exe
      O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O15 - Trusted Zone: http://www.msi.com.tw
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168371449125
      O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
      O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-nl.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
      O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{206C3371-A3EB-468E-A909-E8394455627F}: NameServer = 192.168.1.1
      O17 - HKLM\System\CS1\Services\Tcpip\..\{206C3371-A3EB-468E-A909-E8394455627F}: NameServer = 192.168.1.1
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
      O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
      O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
      O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

      --
      End of file - 15825 bytes
      Paula

      Comment


      • #4
        Hoi Paula,

        1. Download HostsXpert 4.0
        • 1. Unzip het programma naar je Bureaublad of een permanente map op je harde schijf.
          2. Open de map en dubbelklik op HostsXpert.exe
          3. Klik op "Restore Microsofts Original Hosts File"
          4. Klik op "OK" en sluit het programma.


        2. Download Combofix naar je bureaublad

        Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

        OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

        Dubbelklik op combofix.exe
        Kies voor "Continue" door 1 te typen gevolgd door ENTER.
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

        Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
        Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log.
        Groet,
        Pimmerd

        Comment


        • #5
          Hoi Pimmerd, ben een weekendje weggeweest vandaar dat ik zo laat reageer.
          Ik heb gedaan zoals je gezegd hebt bij 1. Wanneer ik echter klik op 'Restore Microsofts Original Hosts File' dan krijg ik een foutmelding: Error: Cannot create file C:\WINDOWS\system32\DRIVERS\ETC\hosts. Ik ben toen natuurlijk niet doorgegaan met 2.
          Paula

          Comment


          • #6
            Sla stap 1 dan maar even over en post het combofix logje, samen met een Hijackthis logje
            Groet,
            Pimmerd

            Comment


            • #7
              Combofixlogje:

              ComboFix 08-01-15.4 - Feli 2008-01-15 10:15:17.1 - NTFSx86
              Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.123 [GMT 1:00]
              Gestart vanuit: C:\Documents and Settings\Feli\Bureaublad\ComboFix.exe
              * Nieuw herstelpunt werd aangemaakt

              WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
              .

              (((((((((((((((((((( Bestanden Gemaakt van 2007-12-15 to 2008-01-15 ))))))))))))))))))))))))))))))
              .

              2008-01-15 10:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
              2008-01-14 21:39 . 2008-01-14 21:39 <DIR> dr-h----- C:\Documents and Settings\Feli\Onlangs geopend
              2008-01-14 15:47 . 2008-01-14 15:47 268 --ah----- C:\sqmdata14.sqm
              2008-01-14 15:47 . 2008-01-14 15:47 244 --ah----- C:\sqmnoopt14.sqm
              2008-01-14 15:46 . 2008-01-14 15:46 268 --ah----- C:\sqmdata13.sqm
              2008-01-14 15:46 . 2008-01-14 15:46 244 --ah----- C:\sqmnoopt13.sqm
              2008-01-09 13:55 . 2008-01-15 10:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
              2008-01-09 13:55 . 2008-01-09 13:55 1,409 --a------ C:\WINDOWS\QTFont.for
              2008-01-03 22:22 . 2008-01-03 22:22 <DIR> d-------- C:\Program Files\Lavasoft
              2008-01-03 22:22 . 2008-01-03 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
              2008-01-03 22:18 . 2008-01-03 22:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
              2008-01-03 21:29 . 2008-01-03 21:29 <DIR> d-------- C:\Program Files\Trend Micro
              2008-01-03 18:04 . 2008-01-03 18:04 304,160 --a------ C:\StiImg.dat
              2008-01-03 18:02 . 2008-01-03 18:02 <DIR> dr-h----- C:\Documents and Settings\LocalService\Onlangs geopend
              2008-01-03 18:02 . 2008-01-03 18:02 <DIR> dr------- C:\Documents and Settings\LocalService\Mijn documenten
              2008-01-02 23:19 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
              2008-01-02 23:18 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
              2008-01-02 23:16 . 2005-01-14 09:32 53,248 --a------ C:\WINDOWS\system32\PAStiSvc.exe
              2008-01-02 23:12 . 2008-01-02 23:12 <DIR> d-------- C:\WINDOWS\PixArt
              2008-01-02 23:12 . 2008-01-02 23:12 <DIR> d-------- C:\Program Files\Trust
              2008-01-02 23:12 . 2008-01-02 23:12 <DIR> d-------- C:\Program Files\Common Files\PCCamera
              2008-01-02 23:11 . 2008-01-02 23:11 <DIR> d-------- C:\WINDOWS\Downloaded Installations
              2008-01-02 23:11 . 2008-01-02 23:11 <DIR> d-------- C:\download
              2007-12-31 13:51 . 2007-12-31 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
              2007-12-31 12:17 . 2007-12-31 12:17 <DIR> d-------- C:\Documents and Settings\Feli\Application Data\Apple Computer
              2007-12-27 21:58 . 2007-12-27 21:58 <DIR> d-------- C:\Program Files\Alcohol Soft
              2007-12-27 21:50 . 2007-12-27 21:50 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
              2007-12-25 18:55 . 2007-12-25 18:56 <DIR> d-------- C:\Program Files\QuickTime
              2007-12-25 18:55 . 2007-12-25 18:55 <DIR> d-------- C:\Program Files\Apple Software Update
              2007-12-25 18:55 . 2007-12-25 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
              2007-12-25 18:55 . 2007-12-25 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
              2007-12-15 11:06 . 2007-12-15 11:06 268 --ah----- C:\sqmdata12.sqm
              2007-12-15 11:06 . 2007-12-15 11:06 244 --ah----- C:\sqmnoopt12.sqm

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-01-15 09:07 --------- d-----w C:\Program Files\Mozilla Thunderbird
              2008-01-03 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
              2008-01-03 21:05 --------- d-----w C:\Program Files\Hitman Pro
              2008-01-03 21:03 --------- d-----w C:\Documents and Settings\Feli\Application Data\Lavasoft
              2008-01-02 22:30 --------- d-----w C:\Documents and Settings\Feli\Application Data\Arcsoft
              2008-01-02 22:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
              2008-01-02 22:18 --------- d-----w C:\Program Files\ArcSoft
              2007-12-28 23:01 --------- d-----w C:\Program Files\dvdSanta
              2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
              2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
              2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
              2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
              2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
              1765-03-27 19:11 4,263 --sh--w C:\WINDOWS\windllreg1c.sys
              .

              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
              "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
              "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-12 15:12 68856]
              "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:20 222080]
              "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
              "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
              "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
              "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
              "SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
              "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
              "LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2007-01-17 16:01 496640]
              "DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]
              "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
              "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              7049.lnk - C:\Program Files\PC-TV\DigitalTV\7049\Agent.exe [2006-08-17 15:34:49]
              Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 03:33:46]
              Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56]
              WinManager.lnk - C:\Program Files\PC-TV\WinManager\WinManager.exe [2006-08-17 15:34:35]

              R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 18:06]
              R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
              R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 19:56]
              S3 cel90xbe;cel90xbe;C:\DOCUME~1\Feli\LOCALS~1\Temp\cel90xbe.sys
              S3 UDTT7049A;DTV-DVB 7049A DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\UDTT7049A.sys [2006-02-16 10:23]

              .
              Inhoud van de 'Gedeelde Taken' map
              "2007-12-25 17:55:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
              - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
              "2007-12-30 12:04:54 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
              - C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registr ation_7.5.30.2.sxt [email protected]
              "2008-01-15 09:24:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
              - C:\Program Files\Windows Defender\MpCmdRun.exe
              .
              **************************************************************************

              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-01-15 10:22:36
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************
              .
              Voltooingstijd: 2008-01-15 10:28:31 - machine was rebooted
              ComboFix-quarantined-files.txt 2008-01-15 09:28:26
              .
              2008-01-14 14:51:16 --- E O F ---
              Paula

              Comment


              • #8
                HijackThislogje:

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 10:54:57, on 15-1-2008
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\Program Files\Windows Defender\MsMpEng.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                C:\Program Files\Alwil Software\Avast4\ashServ.exe
                C:\WINDOWS\Explorer.EXE
                C:\WINDOWS\system32\spoolsv.exe
                C:\WINDOWS\ATKKBService.exe
                C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                C:\WINDOWS\system32\nvsvc32.exe
                C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
                C:\WINDOWS\System32\PAStiSvc.exe
                C:\WINDOWS\system32\svchost.exe
                C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
                C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                C:\Program Files\Windows Defender\MSASCui.exe
                C:\WINDOWS\system32\RUNDLL32.EXE
                C:\WINDOWS\SOUNDMAN.EXE
                C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                C:\Program Files\QuickTime\qttask.exe
                C:\WINDOWS\system32\rundll32.exe
                C:\Program Files\MSI\Live Update 3\LMonitor.exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                C:\Program Files\PC-TV\DigitalTV\7049\Agent.exe
                C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
                C:\Program Files\PC-TV\WinManager\WinManager.exe
                C:\Program Files\MSN Messenger\usnsvc.exe
                C:\WINDOWS\system32\notepad.exe
                C:\PROGRA~1\MOZILL~1\THUNDE~1.EXE
                C:\Program Files\Internet Explorer\IEXPLORE.EXE
                C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spelle.nl/
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
                O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
                O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
                O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
                O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
                O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
                O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
                O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                O4 - Global Startup: 7049.lnk = C:\Program Files\PC-TV\DigitalTV\7049\Agent.exe
                O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
                O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
                O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O15 - Trusted Zone: http://www.msi.com.tw
                O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
                O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
                O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
                O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
                O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168371449125
                O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab
                O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
                O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
                O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-nl.cab
                O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
                O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
                O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
                O17 - HKLM\System\CCS\Services\Tcpip\..\{206C3371-A3EB-468E-A909-E8394455627F}: NameServer = 192.168.1.1
                O17 - HKLM\System\CS1\Services\Tcpip\..\{206C3371-A3EB-468E-A909-E8394455627F}: NameServer = 192.168.1.1
                O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
                O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
                O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
                O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
                O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
                O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
                O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
                O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
                O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

                --
                End of file - 11041 bytes
                Paula

                Comment


                • #9
                  Start Hijackthis, kies hier voor 'Open the misc tools section '.
                  Klik nu op Delete an NT service. Er opent een popup venster.
                  Kopieer/plak of typ dikgedrukt onderstaande tekst in de popup:

                  NOD32krn
                  Klik vervolgens op OK.

                  Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                  Kijk hier hoe je je systeemherstel moet uitschakelen.
                  Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                  In het systeemherstel bevond de trojan zich ook, deze is nu verwijderd
                  Hoe is het met je problemen inmiddels?
                  Groet,
                  Pimmerd

                  Comment


                  • #10
                    Ik heb gedaan wat je zei, maar krijg weer een foutbericht: the service NOD32krn is enabled and/or running. Disable it first, using HijackThis itself (from the scan results) or the services.msc window.
                    Moet ik die 023 NOD32krn aanvinken en fixen in de HTlog?
                    Paula

                    Comment


                    • #11
                      Ga naar start --> uitvoeren en typ daar:services.msc
                      Zoek in de lijst naar NOD32 Kernel Service

                      Dubbelklik hierop en stop de service. Zet het opstarttype op uitgeschakeld. Klik vervolgens op toepassen en daarna op Ok.

                      Reset nu je systeemherstel via bovenstaande instructies.

                      De Java software op je computer is verouderd.
                      Oudere versies hebben lekken die malware de kans geeft om zich te installeren.
                      Voer eerst onderstaane stappen uit om Java te deïnstalleren en de nieuwste versie te installeren:
                      Download Java Runtime Environment (JRE) 6u4.
                      • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u4".
                      • Klik op de "Download" knop aan de rechterkant.
                      • In het uitklapmenu rechts naast Platform, selecteer Windows
                      • Vink aan: "[b]I agree to the Java SE Runtime Environment 6 License Agreement[/i]", en klik op Continue.
                      • De pagina zal herladen.
                      • Klik op de jre-6u4-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
                      • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                      • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                      • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                      • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                      • Herhaal dit tot alle oudere versies verdwenen zijn.
                      • Na het verwijderen van alle oudere versies, herstart je pc.
                      • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                      Post een Hijackthis logfile ter controle.
                      Hoe is het met de problemen?
                      Groet,
                      Pimmerd

                      Comment


                      • #12
                        Alles gedaan zoals je gezegd hebt. Vraag me alleen af of ik nog die NOD32krn moet verwijderen met de Delete an NT service? Ik heb met deze pc (van mijn zoon) verder geen problemen, vind hem traag in vergelijking met mijn pc (als die het zou doen, want die ligt op dit moment helemaal plat), maar dat heeft ws meer met hoeveelheid geheugen te maken en niet zozeer met spy/malware.

                        Logfile of Trend Micro HijackThis v2.0.2
                        Scan saved at 19:15:29, on 19-1-2008
                        Platform: Windows XP SP2 (WinNT 5.01.2600)
                        MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                        Boot mode: Normal

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\system32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\Program Files\Windows Defender\MsMpEng.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                        C:\Program Files\Alwil Software\Avast4\ashServ.exe
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\WINDOWS\ATKKBService.exe
                        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                        C:\WINDOWS\system32\nvsvc32.exe
                        C:\WINDOWS\System32\PAStiSvc.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
                        C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                        C:\Program Files\Windows Defender\MSASCui.exe
                        C:\WINDOWS\system32\RUNDLL32.EXE
                        C:\WINDOWS\SOUNDMAN.EXE
                        C:\Program Files\QuickTime\qttask.exe
                        C:\Program Files\MSI\Live Update 3\LMonitor.exe
                        C:\WINDOWS\system32\rundll32.exe
                        C:\WINDOWS\system32\ctfmon.exe
                        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                        C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                        C:\Program Files\PC-TV\DigitalTV\7049\Agent.exe
                        C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
                        C:\Program Files\PC-TV\WinManager\WinManager.exe
                        C:\Program Files\MSN Messenger\usnsvc.exe
                        C:\WINDOWS\system32\msiexec.exe
                        C:\Program Files\Internet Explorer\IEXPLORE.EXE
                        C:\PROGRA~1\MOZILL~1\THUNDE~1.EXE
                        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spelle.nl/
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                        O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
                        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
                        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
                        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                        O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                        O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
                        O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
                        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
                        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
                        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                        O4 - Global Startup: 7049.lnk = C:\Program Files\PC-TV\DigitalTV\7049\Agent.exe
                        O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
                        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                        O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
                        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                        O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
                        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                        O15 - Trusted Zone: http://www.msi.com.tw
                        O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
                        O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
                        O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                        O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                        O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
                        O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
                        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168371449125
                        O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab
                        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                        O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
                        O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
                        O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-nl.cab
                        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                        O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
                        O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
                        O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
                        O17 - HKLM\System\CCS\Services\Tcpip\..\{206C3371-A3EB-468E-A909-E8394455627F}: NameServer = 192.168.1.1
                        O17 - HKLM\System\CS1\Services\Tcpip\..\{206C3371-A3EB-468E-A909-E8394455627F}: NameServer = 192.168.1.1
                        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                        O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
                        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
                        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                        O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
                        O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
                        O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
                        O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
                        O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

                        --
                        End of file - 10536 bytes
                        Paula

                        Comment


                        • #13
                          Heb nog een vraagje. Ik zie: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe staan maar dat zou eigenlijk met Hitmanpro verwijderd moeten zijn. Heb helemaal niets meer met Spy Sweeper op deze pc. Staat niet bij de software of ergens anders. Kan ik die nog verwijderen?

                          En wat is dit: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)?
                          En deze: O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
                          O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
                          O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

                          En in het combofix logje stond dit nog (de emoticon heb jij er ws achter gezet?):
                          S3 cel90xbe;cel90xbe;C:\DOCUME~1\Feli\LOCALS~1\Temp\cel90xbe.sys
                          Last edited by Aluap; 19-01-08, 19:34.
                          Paula

                          Comment


                          • #14
                            De traagheid van je PC komt mede doordat er nu twee virusscanners stonden, NOD32 en Avast.
                            NOD32 was een restje van Hitman Pro, dat is nu verwijderd. Verder zie ik nog twee realtime scanners draaien, de kans is groot dat deze de traagheid veroorzaken, Teatimer en Windows Defender. Maak dus een keuze tussen deze en verwijder de andere of laat deze niet realtime draaien.

                            SpySweeper moet je normaal gezien kunnen verwijderen via software. Anders kan je het best Spysweeper even opnieuw
                            downloaden en installeren. Deze dan wel verwijderen via software.

                            O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)?
                            Is een loze regel van Windows Live Call, kan je fixen met Hijackthis.

                            En deze: O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
                            O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
                            O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
                            Mogelijk zijn de (file missing) bestanden erachter foutjes van Hijackthis. Indien je Spyware Doctor niet meer
                            hebt geinstalleerd, kan je het beste de volgende services uitschakelen via services.msc
                            Spyware Doctor Service
                            Spyware Doctor Auxiliary Service


                            Normaal gezien kan je dan deze map verwijderen: C:\Program Files\Spyware Doctor
                            Mocht dit niet lukken, kan je deze het beste in veilige modus even verwijderen.

                            S3 cel90xbe;cel90xbe;C:\DOCUME~1\Feli\LOCALS~1\Temp\cel90xbe.sys
                            Die smile komt door de forumsoftware, die parst automatisch tekens om naar smilies.
                            Die file is gewoon legiem
                            Groet,
                            Pimmerd

                            Comment


                            • #15
                              Teatimer ken ik niet, zie het ook niet staan: heeft het misschien een andere naam? Heb het via zoekfunctie gevonden: is van Spybot Search & Destroy. Dus heb ik Windows defender verwijderd van de pc.

                              Ik had via services.msc spyware doctor uitgeschakeld (beiden), maar toen wilde internet explorer niet meer opstarten. Heb ze daarna weer ingeschakeld en toen kon ik weer op internet. Wat kan ik hieraan doen?
                              Last edited by Aluap; 19-01-08, 20:39.
                              Paula

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X