Mededeling

Collapse
No announcement yet.

Ongevraagde popups

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Ongevraagde popups

    Hallo allemaal,
    IE opent ongevraagd veel pagina`s met allerlei reclame.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:16:32, on 14-1-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\RALINK\Common\RaUI.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Bash knob] "C:\ProgramData\BurnWaveWave.brto5w"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 7727 bytes
    Labels: Geen
    • Citaat
  • #2
    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
    • Citaat

    Comment

    • #3
      ComboFix 08-01-16.4 - Corien 2008-01-16 18:37:33.1 - NTFSx86
      Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1043.18.319 [GMT 1:00]
      Gestart vanuit: C:\Users\Corien\Desktop\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))
      .

      2008-01-16 18:36 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
      2008-01-14 21:28 . 2008-01-16 11:38 <DIR> d-------- C:\Downloads
      2008-01-14 21:24 . 2008-01-14 21:24 <DIR> d-------- C:\Program Files\BitComet
      2008-01-14 20:53 . 2008-01-14 21:16 <DIR> d-------- C:\HJT
      2008-01-14 20:47 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
      2008-01-14 19:54 . 2008-01-14 21:03 <DIR> d-a------ C:\Users\All Users\TEMP
      2008-01-14 19:54 . 2008-01-14 21:03 <DIR> d-a------ C:\ProgramData\TEMP
      2008-01-14 11:34 . 2008-01-16 10:41 <DIR> d-------- C:\Program Files\SPAMfighter
      2008-01-14 11:34 . 2008-01-14 11:34 <DIR> d-------- C:\Program Files\Common Files\Application
      2008-01-14 11:34 . 2008-01-14 11:34 <DIR> d-------- C:\Program Files\Common Files\Ankiro
      2008-01-12 15:59 . 2008-01-16 10:47 <DIR> d-------- C:\Users\All Users\Memo save stupid creative
      2008-01-12 15:59 . 2008-01-16 10:47 <DIR> d-------- C:\Users\All Users\Blue flaw wipe
      2008-01-12 15:59 . 2008-01-16 10:47 <DIR> d-------- C:\ProgramData\Memo save stupid creative
      2008-01-12 15:59 . 2008-01-16 10:47 <DIR> d-------- C:\ProgramData\Blue flaw wipe
      2008-01-11 13:44 . 2008-01-12 16:40 <DIR> d-------- C:\ds spellen
      2008-01-10 13:38 . 2008-01-10 13:38 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
      2008-01-10 13:38 . 2008-01-10 13:38 216,760 --a------ C:\Windows\System32\drivers\netio.sys
      2008-01-10 13:38 . 2008-01-10 13:38 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
      2008-01-10 13:38 . 2008-01-10 13:38 24,064 --a------ C:\Windows\System32\netcfg.exe
      2008-01-10 13:38 . 2008-01-10 13:38 22,016 --a------ C:\Windows\System32\netiougc.exe
      2008-01-10 13:37 . 2008-01-10 13:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-01-10 13:37 . 2008-01-10 13:37 1,686,016 --a------ C:\Windows\System32\gameux.dll
      2008-01-10 13:37 . 2008-01-10 13:37 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
      2008-01-10 13:37 . 2008-01-10 13:37 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
      2008-01-10 13:37 . 2008-01-10 13:37 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
      2008-01-10 13:37 . 2008-01-10 13:37 110,136 --a------ C:\Windows\System32\drivers\ataport.sys
      2008-01-10 13:37 . 2008-01-10 13:37 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
      2008-01-10 13:37 . 2008-01-10 13:37 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
      2008-01-10 13:37 . 2008-01-10 13:37 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
      2008-01-10 13:36 . 2008-01-10 13:36 11,776 --a------ C:\Windows\System32\sbunattend.exe
      2008-01-06 21:13 . 2008-01-06 21:13 <DIR> d-------- C:\My Downloads
      2008-01-06 21:13 . 2006-11-12 11:39 483,328 --a------ C:\Windows\System32\actskn45.ocx
      2007-12-27 19:48 . 2007-12-27 19:48 <DIR> d-------- C:\Users\All Users\CyberLink
      2007-12-27 19:48 . 2007-12-27 19:48 <DIR> d-------- C:\ProgramData\CyberLink
      2007-12-27 19:48 . 2008-01-16 10:40 <DIR> d-------- C:\MDT
      2007-12-27 14:56 . 2007-12-27 14:56 108,144 --a------ C:\Windows\System32\CmdLineExt.dll
      2007-12-27 14:51 . 2007-12-27 14:51 <DIR> d-------- C:\Program Files\Electronic Arts

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-14 19:47 --------- d-----w C:\ProgramData\Grisoft
      2008-01-13 13:20 --------- d-----w C:\ProgramData\Roxio
      2008-01-10 12:44 --------- d-----w C:\Program Files\Windows Sidebar
      2008-01-10 12:44 --------- d-----w C:\Program Files\Windows Mail
      2008-01-10 12:37 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-01-10 12:37 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-01-10 12:37 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-01-10 12:37 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2007-12-21 09:06 55,304 ----a-w C:\Windows\system32\drivers\avgwfp.sys
      2007-12-12 18:18 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
      2007-12-12 18:18 223,232 ----a-w C:\Windows\System32\WMASF.DLL
      2007-12-12 18:18 1,327,104 ----a-w C:\Windows\System32\quartz.dll
      2007-12-12 18:17 824,832 ----a-w C:\Windows\System32\wininet.dll
      2007-12-12 18:17 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2007-12-12 18:17 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2007-12-12 18:17 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2007-12-12 18:16 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
      2007-12-12 18:16 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
      2007-12-12 18:16 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
      2007-12-12 18:16 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
      2007-12-12 18:15 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
      2007-12-12 18:15 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
      2007-12-12 17:59 --------- d-----w C:\Program Files\Disney's Sneeuwwitje in Het Toverboekspel
      2007-12-12 17:56 --------- d-----w C:\Program Files\Disney's Keizer Kuzco
      2007-12-09 16:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2007-12-09 16:51 --------- d-----w C:\Program Files\Disney Interactive
      2007-12-04 16:49 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
      2007-12-04 16:45 --------- d-----w C:\Program Files\Atari
      2007-11-30 19:04 --------- d-----w C:\Program Files\Common Files\SWF Studio
      2007-11-29 10:10 --------- d-----w C:\Program Files\LimewirePlus
      2007-11-28 20:05 --------- d-----w C:\Program Files\LimeWire
      2007-11-28 20:01 --------- d-----w C:\Program Files\CCleaner
      2007-11-15 09:59 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
      2007-11-15 09:59 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
      2007-11-15 09:59 542,720 ----a-w C:\Windows\System32\sysmain.dll
      2007-11-15 09:59 502,784 ----a-w C:\Windows\System32\wlansvc.dll
      2007-11-15 09:59 47,104 ----a-w C:\Windows\System32\wlanapi.dll
      2007-11-15 09:59 297,984 ----a-w C:\Windows\System32\wlansec.dll
      2007-11-15 09:59 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
      2007-11-15 09:59 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
      2007-11-15 09:59 2,923,520 ----a-w C:\Windows\explorer.exe
      2007-11-15 09:59 2,027,008 ----a-w C:\Windows\System32\win32k.sys
      2007-11-15 09:57 8,704 ----a-w C:\Windows\System32\hcrstco.dll
      2007-11-15 09:57 8,704 ----a-w C:\Windows\System32\hccoin.dll
      2007-11-07 17:19 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
      2007-08-30 08:08 174 --sha-w C:\Program Files\desktop.ini
      2007-08-23 16:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.da t
      2007-08-23 16:04 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      2007-08-23 16:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09 460784]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 13:36 1232896]
      "Bash knob"="C:\ProgramData\BurnWaveWave.5r9w1" [2008-01-16 10:46 401424]
      "stupid creative poll axis"="C:\ProgramData\Plan Test Anti.qyy2xk" [2008-01-16 10:47 294928]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-16 12:15 1006264]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-03-15 14:32 4390912 C:\Windows\RtHDVCpl.exe]
      "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-03-15 14:41 90192]
      "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-03-15 14:41 8429568]
      "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-03-15 14:41 81920]
      "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-08-16 04:31 77824]
      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920]
      "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22 221184]
      "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 17:23 118784]
      "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 11:50 17920]
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-16 04:42 1862144]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 10:06 579072]
      "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
      "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-07 18:19 219136]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
      Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-08-23 16:47:00]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
      avgwlntf.dll 2007-11-07 18:19 9216 C:\Windows\System32\avgwlntf.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bash knob]
      --a------ 2008-01-12 15:59 327696 C:\ProgramData\BurnWaveWave.13qbl7

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
      --a------ 2003-07-07 08:29 729088 C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
      --a------ 2003-05-08 10:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stupid creative poll axis]
      C:\ProgramData\BOOB ATOM MAGS.vjy6dhq

      R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
      R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2007-12-21 10:06]
      R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr61.sys [2006-08-25 18:55]
      S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
      LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
      LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a96ce2f-4ba7-11dc-9665-806e6f6e6963}]
      \shell\AutoRun\command - E:\BBCAuto.exe

      *Newly Created Service* - PROCEXP90
      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-01-16 15:54:27 C:\Windows\Tasks\User_Feed_Synchronization-{3748B0CB-9112-4DB9-AC5E-4A872024DCAC}.job"
      - C:\Windows\system32\msfeedssync.exe
      .
      • Citaat

      Comment

      • #4
        Download de bijlage: CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord.

        Post ook een nieuw logje van Hijackthis en vertel of je nog problemen ondervindt
        Bijgevoegde Bestanden
        • Citaat

        Comment

        • #5
          ComboFix 08-01-16.4 - Corien 2008-01-16 19:11:01.2 - NTFSx86
          Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1043.18.290 [GMT 1:00]
          Gestart vanuit: C:\Users\Corien\Desktop\ComboFix.exe
          Command switches used :: C:\Users\Corien\Desktop\cfscript.txt
          * Nieuw herstelpunt werd aangemaakt



          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 19:20, on 2008-01-16
          Platform: Windows Vista (WinNT 6.00.1904)
          MSIE: Internet Explorer v7.00 (7.00.6000.16575)
          Boot mode: Normal

          Running processes:
          C:\Windows\system32\Dwm.exe
          C:\Windows\Explorer.EXE
          C:\Windows\system32\taskeng.exe
          C:\Program Files\Windows Defender\MSASCui.exe
          C:\Windows\RtHDVCpl.exe
          C:\Program Files\Java\jre1.6.0\bin\jusched.exe
          C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
          C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
          C:\Windows\System32\rundll32.exe
          C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
          C:\Program Files\Grisoft\AVG7\avgcc.exe
          C:\Program Files\SPAMfighter\SFAgent.exe
          C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
          C:\Program Files\DellSupport\DSAgnt.exe
          C:\Program Files\Windows Sidebar\sidebar.exe
          C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          C:\Program Files\RALINK\Common\RaUI.exe
          C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
          C:\Program Files\WinRAR\WinRAR.exe
          C:\Windows\System32\mobsync.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
          C:\HJT\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=4070816
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
          O1 - Hosts: ::1 localhost
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
          O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
          O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
          O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
          O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
          O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
          O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
          O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
          O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
          O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
          O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
          O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
          O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
          O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
          O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
          O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
          O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
          O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
          O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
          O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
          O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
          O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
          O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
          O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
          O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
          O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
          O13 - Gopher Prefix:
          O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
          O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
          O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
          O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
          O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
          O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
          O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
          O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
          O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
          O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

          --
          End of file - 7569 bytes


          Op het eerste gezicht geen ongevraagde pagina`s die worden weergeven.
          Er bevind zich wel opeens iets nieuws op de desktop:

          Een rarbestand genaamt "catch me" met daarin 16 Curb.exe en 16 Curb.exe1
          • Citaat

          Comment

          • #6
            Verwijder dat bestand op je desktop maar.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Download Combofix maar even opnieuw en probeer een nieuw logje hiermee te maken.
            Post dat in je volgende bericht.
            • Citaat

            Comment

            • #7
              ComboFix 08-01-16.4 - Corien 2008-01-16 19:31:49.3 - NTFSx86
              Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1043.18.344 [GMT 1:00]
              Gestart vanuit: C:\Users\Corien\Desktop\ComboFix.exe
              .

              (((((((((((((((((((( Bestanden Gemaakt van 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))
              .

              2008-01-16 19:31 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
              2008-01-16 19:02 . 2008-01-16 19:02 <DIR> d-------- C:\Program Files\SC
              2008-01-14 21:28 . 2008-01-16 11:38 <DIR> d-------- C:\Downloads
              2008-01-14 21:24 . 2008-01-14 21:24 <DIR> d-------- C:\Program Files\BitComet
              2008-01-14 20:53 . 2008-01-16 19:20 <DIR> d-------- C:\HJT
              2008-01-14 19:54 . 2008-01-14 21:03 <DIR> d-a------ C:\Users\All Users\TEMP
              2008-01-14 19:54 . 2008-01-14 21:03 <DIR> d-a------ C:\ProgramData\TEMP
              2008-01-14 11:34 . 2008-01-16 19:17 <DIR> d-------- C:\Program Files\SPAMfighter
              2008-01-14 11:34 . 2008-01-14 11:34 <DIR> d-------- C:\Program Files\Common Files\Application
              2008-01-14 11:34 . 2008-01-14 11:34 <DIR> d-------- C:\Program Files\Common Files\Ankiro
              2008-01-11 13:44 . 2008-01-12 16:40 <DIR> d-------- C:\ds spellen
              2008-01-10 13:38 . 2008-01-10 13:38 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
              2008-01-10 13:38 . 2008-01-10 13:38 216,760 --a------ C:\Windows\System32\drivers\netio.sys
              2008-01-10 13:38 . 2008-01-10 13:38 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
              2008-01-10 13:38 . 2008-01-10 13:38 24,064 --a------ C:\Windows\System32\netcfg.exe
              2008-01-10 13:38 . 2008-01-10 13:38 22,016 --a------ C:\Windows\System32\netiougc.exe
              2008-01-10 13:37 . 2008-01-10 13:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
              2008-01-10 13:37 . 2008-01-10 13:37 1,686,016 --a------ C:\Windows\System32\gameux.dll
              2008-01-10 13:37 . 2008-01-10 13:37 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
              2008-01-10 13:37 . 2008-01-10 13:37 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
              2008-01-10 13:37 . 2008-01-10 13:37 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
              2008-01-10 13:37 . 2008-01-10 13:37 110,136 --a------ C:\Windows\System32\drivers\ataport.sys
              2008-01-10 13:37 . 2008-01-10 13:37 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
              2008-01-10 13:37 . 2008-01-10 13:37 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
              2008-01-10 13:37 . 2008-01-10 13:37 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
              2008-01-10 13:36 . 2008-01-10 13:36 11,776 --a------ C:\Windows\System32\sbunattend.exe
              2008-01-06 21:13 . 2008-01-06 21:13 <DIR> d-------- C:\My Downloads
              2008-01-06 21:13 . 2006-11-12 11:39 483,328 --a------ C:\Windows\System32\actskn45.ocx
              2007-12-27 19:48 . 2007-12-27 19:48 <DIR> d-------- C:\Users\All Users\CyberLink
              2007-12-27 19:48 . 2007-12-27 19:48 <DIR> d-------- C:\ProgramData\CyberLink
              2007-12-27 19:48 . 2008-01-16 19:15 <DIR> d-------- C:\MDT
              2007-12-27 14:56 . 2007-12-27 14:56 108,144 --a------ C:\Windows\System32\CmdLineExt.dll
              2007-12-27 14:51 . 2007-12-27 14:51 <DIR> d-------- C:\Program Files\Electronic Arts

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-01-14 19:47 --------- d-----w C:\ProgramData\Grisoft
              2008-01-13 13:20 --------- d-----w C:\ProgramData\Roxio
              2008-01-10 12:44 --------- d-----w C:\Program Files\Windows Sidebar
              2008-01-10 12:44 --------- d-----w C:\Program Files\Windows Mail
              2008-01-10 12:37 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
              2008-01-10 12:37 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
              2008-01-10 12:37 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
              2008-01-10 12:37 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
              2007-12-21 09:06 55,304 ----a-w C:\Windows\system32\drivers\avgwfp.sys
              2007-12-12 18:18 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
              2007-12-12 18:18 223,232 ----a-w C:\Windows\System32\WMASF.DLL
              2007-12-12 18:18 1,327,104 ----a-w C:\Windows\System32\quartz.dll
              2007-12-12 18:17 824,832 ----a-w C:\Windows\System32\wininet.dll
              2007-12-12 18:17 56,320 ----a-w C:\Windows\System32\iesetup.dll
              2007-12-12 18:17 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
              2007-12-12 18:17 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
              2007-12-12 18:16 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
              2007-12-12 18:16 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
              2007-12-12 18:16 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
              2007-12-12 18:16 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
              2007-12-12 18:15 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
              2007-12-12 18:15 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
              2007-12-12 17:59 --------- d-----w C:\Program Files\Disney's Sneeuwwitje in Het Toverboekspel
              2007-12-12 17:56 --------- d-----w C:\Program Files\Disney's Keizer Kuzco
              2007-12-09 16:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
              2007-12-09 16:51 --------- d-----w C:\Program Files\Disney Interactive
              2007-12-04 16:49 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
              2007-12-04 16:45 --------- d-----w C:\Program Files\Atari
              2007-11-30 19:04 --------- d-----w C:\Program Files\Common Files\SWF Studio
              2007-11-29 10:10 --------- d-----w C:\Program Files\LimewirePlus
              2007-11-28 20:05 --------- d-----w C:\Program Files\LimeWire
              2007-11-28 20:01 --------- d-----w C:\Program Files\CCleaner
              2007-11-15 09:59 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
              2007-11-15 09:59 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
              2007-11-15 09:59 542,720 ----a-w C:\Windows\System32\sysmain.dll
              2007-11-15 09:59 502,784 ----a-w C:\Windows\System32\wlansvc.dll
              2007-11-15 09:59 47,104 ----a-w C:\Windows\System32\wlanapi.dll
              2007-11-15 09:59 297,984 ----a-w C:\Windows\System32\wlansec.dll
              2007-11-15 09:59 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
              2007-11-15 09:59 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
              2007-11-15 09:59 2,923,520 ----a-w C:\Windows\explorer.exe
              2007-11-15 09:59 2,027,008 ----a-w C:\Windows\System32\win32k.sys
              2007-11-15 09:57 8,704 ----a-w C:\Windows\System32\hcrstco.dll
              2007-11-15 09:57 8,704 ----a-w C:\Windows\System32\hccoin.dll
              2007-11-07 17:19 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
              2007-08-30 08:08 174 --sha-w C:\Program Files\desktop.ini
              2007-08-23 16:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.da t
              2007-08-23 16:04 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
              2007-08-23 16:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
              .

              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09 460784]
              "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 13:36 1232896]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-16 12:15 1006264]
              "RtHDVCpl"="RtHDVCpl.exe" [2007-03-15 14:32 4390912 C:\Windows\RtHDVCpl.exe]
              "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-03-15 14:41 90192]
              "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-03-15 14:41 8429568]
              "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-03-15 14:41 81920]
              "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-08-16 04:31 77824]
              "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920]
              "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22 221184]
              "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 17:23 118784]
              "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 11:50 17920]
              "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-16 04:42 1862144]
              "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 10:06 579072]
              "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
              "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-07 18:19 219136]

              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
              Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
              Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-08-23 16:47:00]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
              avgwlntf.dll 2007-11-07 18:19 9216 C:\Windows\System32\avgwlntf.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
              "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
              --a------ 2003-07-07 08:29 729088 C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
              --a------ 2003-05-08 10:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

              R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
              R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2007-12-21 10:06]
              R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr61.sys [2006-08-25 18:55]
              S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
              LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
              LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
              LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a96ce2f-4ba7-11dc-9665-806e6f6e6963}]
              \shell\AutoRun\command - E:\BBCAuto.exe

              .
              Inhoud van de 'Gedeelde Taken' map
              "2008-01-16 18:15:47 C:\Windows\Tasks\At1.job"
              - C:\Windows\system32\cmd.exe
              "2008-01-16 15:54:27 C:\Windows\Tasks\User_Feed_Synchronization-{3748B0CB-9112-4DB9-AC5E-4A872024DCAC}.job"
              - C:\Windows\system32\msfeedssync.exe
              .
              • Citaat

              Comment

              • #8
                Het ziet er goed uit

                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Ga naar Start - Uitvoeren en geef hier het volgende in:
                Combofix /U
                Druk daarna op OK.
                Let op: Er moet een spatie tussen Combofix en /U zitten.

                Dit zal Combofix deïnstalleren.

                Dan denk ik dat we klaar zijn
                • Citaat

                Comment

                • #9
                  He top, hartstikke bedankt voor de hulp
                  • Citaat

                  Comment

                  • #10
                    Graag gedaan hoor
                    • Citaat

                    Comment

                    Vorige template Volgende
                    Sorry, you are not authorized to view this page
                    Working...
                    X