Mededeling

Collapse
No announcement yet.

Veel virusen? Pc supertraag!

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Veel virusen? Pc supertraag!

    hoi, dze pc van een vriend van me duurt ongeveer 13 min met opstarten en als je dan een programma wilt openen duurt dat nog 10 min...dus volgens mij zit er een virus op maar in iedergeval kunnen jullie helpen

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:08:04, on 22/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
    F3 - REG:win.ini: load=??????????
    F3 - REG:win.ini: run=??????????
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: qedixdry - {538B7879-848E-1177-B84A-7E9FF5AC3D75} - C:\WINDOWS\System32\qedixdry.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Body Fork Free - {A65BA30C-96A0-40B6-13B3-357E68C70529} - C:\PROGRA~1\FunkTons\Settings dash.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
    O3 - Toolbar: bolt active meta - {08AA8153-7692-00F1-8067-267EE8C7881A} - C:\PROGRA~1\FunkTons\Settings dash.dll (file missing)
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
    O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} - http://www.advnt01.com/dialer/olanda_ver3.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
    O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/install/US/altpmtscab.cab
    O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
    O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://webwork.rochdale.nl/vdesk/terminal/InstallerControl.cab#version=6020,2007,1213,2012
    O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://webwork.rochdale.nl/vdesk/terminal/f5InspectionHost.cab#version=6020,2007,1213,2006
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095262570347
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://webwork.rochdale.nl/vdesk/terminal/urTermProxy.cab#version=6020,2007,1213,2004
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190817383042
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.5/Installer.exe
    O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://webwork.rochdale.nl/vdesk/terminal/urxshost.cab#version=6020,2007,1213,2008
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O16 - DPF: {D84C4D49-A63A-4432-B319-718ECA705773} - https://webwork.rochdale.nl/policy/download_binary.php/win32/f5syschk.cab#Version=5500,0,50830,1
    O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://webwork.rochdale.nl/vdesk/terminal/urxhost.cab#version=6020,2007,1213,2007
    O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://webwork.rochdale.nl/policy/download_binary.php/win32/f5syschk.cab#Version=6020,2007,1001,2143
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: pavwait.dll tÛº
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O24 - Desktop Component 1: Intelligent Explorer[ieplugin.com] OnScreen Portal - http://active.ieplugin.com/active/?17275966

    --
    End of file - 15055 bytes

  • #2
    Ik zie twee anti virusscanners, NOD32 en Symantec. Verwijder één van de twee via configuratiescherm --> software.

    Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
    F3 - REG:win.ini: load=??????????
    F3 - REG:win.ini: run=??????????
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O2 - BHO: qedixdry - {538B7879-848E-1177-B84A-7E9FF5AC3D75} - C:\WINDOWS\System32\qedixdry.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Body Fork Free - {A65BA30C-96A0-40B6-13B3-357E68C70529} - C:\PROGRA~1\FunkTons\Settings dash.dll (file missing)
    O3 - Toolbar: bolt active meta - {08AA8153-7692-00F1-8067-267EE8C7881A} - C:\PROGRA~1\FunkTons\Settings dash.dll (file missing)
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} - http://www.advnt01.com/dialer/olanda_ver3.CAB
    O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/in...altpmtscab.cab

    Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

    Herstart je PC en post een Hijackthis logje ter controle.
    Groet,
    Pimmerd

    Comment


    • #3
      Oorspronkelijk geplaatst door Pimmerd Bekijk Berichten
      Ik zie twee anti virusscanners, NOD32 en Symantec. Verwijder één van de twee via configuratiescherm --> software.

      Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
      R3 - URLSearchHook: (no name) - - (no file)
      R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
      F3 - REG:win.ini: load=??????????
      F3 - REG:win.ini: run=??????????
      F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
      O2 - BHO: qedixdry - {538B7879-848E-1177-B84A-7E9FF5AC3D75} - C:\WINDOWS\System32\qedixdry.dll (file missing)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Body Fork Free - {A65BA30C-96A0-40B6-13B3-357E68C70529} - C:\PROGRA~1\FunkTons\Settings dash.dll (file missing)
      O3 - Toolbar: bolt active meta - {08AA8153-7692-00F1-8067-267EE8C7881A} - C:\PROGRA~1\FunkTons\Settings dash.dll (file missing)
      O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
      O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} - http://www.advnt01.com/dialer/olanda_ver3.CAB
      O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/in...altpmtscab.cab

      Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

      Herstart je PC en post een Hijackthis logje ter controle.
      Ik zal dit morgen doen, dan ga ik wel weer bij hem langs.. iniedergeval bedankt voor je reactie

      Comment


      • #4
        Prima dan hoor ik het morgen wel
        Groet,
        Pimmerd

        Comment


        • #5
          Hoi pimmerd er zit verbetering maar de pc is nog steeds wel traag:S

          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\System32\GEARSec.exe
          C:\Program Files\Norton Ghost\Agent\VProSvc.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
          C:\WINDOWS\System32\snmp.exe
          C:\Program Files\SPAMfighter\sfus.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
          C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          C:\WINDOWS\SOUNDMAN.EXE
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\WINDOWS\system32\RUNDLL32.EXE
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\Program Files\Norton Ghost\Agent\GhostTray.exe
          C:\Program Files\Logitech\Video\LogiTray.exe
          C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
          C:\Program Files\SPAMfighter\SFAgent.exe
          C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
          C:\WINDOWS\system32\LVComS.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
          C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
          C:\Program Files\Logitech\SetPoint\SetPoint.exe
          C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
          C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
          O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
          O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
          O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
          O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
          O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
          O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
          O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
          O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
          O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
          O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
          O4 - Global Startup: hp psc 1000 series.lnk = ?
          O4 - Global Startup: hpoddt01.exe.lnk = ?
          O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
          O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
          O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
          O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
          O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://webwork.rochdale.nl/vdesk/terminal/InstallerControl.cab#version=6020,2007,1213,2012
          O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://webwork.rochdale.nl/vdesk/terminal/f5InspectionHost.cab#version=6020,2007,1213,2006
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095262570347
          O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
          O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://webwork.rochdale.nl/vdesk/terminal/urTermProxy.cab#version=6020,2007,1213,2004
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190817383042
          O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.5/Installer.exe
          O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://webwork.rochdale.nl/vdesk/terminal/urxshost.cab#version=6020,2007,1213,2008
          O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
          O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
          O16 - DPF: {D84C4D49-A63A-4432-B319-718ECA705773} - https://webwork.rochdale.nl/policy/download_binary.php/win32/f5syschk.cab#Version=5500,0,50830,1
          O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://webwork.rochdale.nl/vdesk/terminal/urxhost.cab#version=6020,2007,1213,2007
          O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://webwork.rochdale.nl/policy/download_binary.php/win32/f5syschk.cab#Version=6020,2007,1001,2143
          O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
          O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
          O20 - AppInit_DLLs: pavwait.dll tÛº
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
          O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
          O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
          O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
          O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
          O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
          O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
          O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          O24 - Desktop Component 1: Intelligent Explorer[ieplugin.com] OnScreen Portal - http://active.ieplugin.com/active/?17275966

          --
          End of file - 13119 bytes

          Comment


          • #6
            Oorspronkelijk geplaatst door Toine123 Bekijk Berichten
            Hoi pimmerd er zit verbetering maar de pc is nog steeds wel traag:S

            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16574)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\System32\GEARSec.exe
            C:\Program Files\Norton Ghost\Agent\VProSvc.exe
            C:\WINDOWS\System32\nvsvc32.exe
            C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
            C:\WINDOWS\System32\snmp.exe
            C:\Program Files\SPAMfighter\sfus.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
            C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
            C:\WINDOWS\SOUNDMAN.EXE
            C:\Program Files\Common Files\Symantec Shared\ccApp.exe
            C:\WINDOWS\system32\RUNDLL32.EXE
            C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
            C:\Program Files\Norton Ghost\Agent\GhostTray.exe
            C:\Program Files\Logitech\Video\LogiTray.exe
            C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
            C:\Program Files\SPAMfighter\SFAgent.exe
            C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
            C:\WINDOWS\system32\LVComS.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
            C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
            C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
            C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
            C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
            C:\Program Files\Logitech\SetPoint\SetPoint.exe
            C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
            C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
            C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
            C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
            C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
            C:\Program Files\MSN Messenger\msnmsgr.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
            O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
            O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
            O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
            O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
            O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
            O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
            O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
            O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
            O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
            O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
            O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
            O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
            O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
            O4 - Global Startup: hp psc 1000 series.lnk = ?
            O4 - Global Startup: hpoddt01.exe.lnk = ?
            O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
            O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
            O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
            O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
            O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
            O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://webwork.rochdale.nl/vdesk/terminal/InstallerControl.cab#version=6020,2007,1213,2012
            O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://webwork.rochdale.nl/vdesk/terminal/f5InspectionHost.cab#version=6020,2007,1213,2006
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095262570347
            O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
            O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://webwork.rochdale.nl/vdesk/terminal/urTermProxy.cab#version=6020,2007,1213,2004
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190817383042
            O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
            O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
            O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.5/Installer.exe
            O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://webwork.rochdale.nl/vdesk/terminal/urxshost.cab#version=6020,2007,1213,2008
            O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
            O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
            O16 - DPF: {D84C4D49-A63A-4432-B319-718ECA705773} - https://webwork.rochdale.nl/policy/download_binary.php/win32/f5syschk.cab#Version=5500,0,50830,1
            O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://webwork.rochdale.nl/vdesk/terminal/urxhost.cab#version=6020,2007,1213,2007
            O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://webwork.rochdale.nl/policy/download_binary.php/win32/f5syschk.cab#Version=6020,2007,1001,2143
            O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
            O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
            O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
            O20 - AppInit_DLLs: pavwait.dll tÛº
            O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
            O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
            O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
            O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
            O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
            O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
            O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
            O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
            O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
            O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
            O24 - Desktop Component 1: Intelligent Explorer[ieplugin.com] OnScreen Portal - http://active.ieplugin.com/active/?17275966

            --
            End of file - 13119 bytes
            Waarvoor staan eigelijk al die sites in het logje? van faforieten of zo?

            Comment


            • #7
              Dat zijn ActiveX objecten

              Download Combofix naar je bureaublad

              Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

              OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

              Dubbelklik op combofix.exe
              Kies voor "Continue" door 1 te typen gevolgd door ENTER.
              Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

              Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
              Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log.
              Groet,
              Pimmerd

              Comment


              • #8
                ik heb het overgelaten aan mijn vriend maar die doet het waarschijnlijk niet zijn eigen keus:S maja dom want heeft virussen op z'n pc.:S

                Comment


                • #9
                  Tja inderdaad...
                  Kan ik deze sluiten of moet ik hem open laten?
                  Groet,
                  Pimmerd

                  Comment


                  • #10
                    laat hem nog mar open, ik zal het nog ff tgen hem zegen.. maar tegen mij zij hij ok dat combofix geen log gef en niet was terug te vinden onder C:/combofix.txt

                    Comment


                    • #11
                      Deinstalleer Combofix:
                      Ga naar start --> uitvoeren en typ daar: combofix /u
                      Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

                      Download Combofix opnieuw en maak daarmee een logje.
                      Mocht dat niet lukken, plaats een nieuw Hijackthis logje.
                      Groet,
                      Pimmerd

                      Comment


                      • #12
                        hoi, combofix werkte niet, kwam niet met een log en stond ook niet c:/combofix.txt hier hjt log.

                        Logfile of Trend Micro HijackThis v2.0.2
                        Scan saved at 15:45, on 2008-02-05
                        Platform: Windows XP SP2 (WinNT 5.01.2600)
                        MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                        Boot mode: Normal

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\system32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\WINDOWS\System32\GEARSec.exe
                        C:\Program Files\Norton Ghost\Agent\VProSvc.exe
                        C:\WINDOWS\System32\nvsvc32.exe
                        C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                        C:\WINDOWS\System32\snmp.exe
                        C:\Program Files\SPAMfighter\sfus.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
                        C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                        C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
                        C:\WINDOWS\SOUNDMAN.EXE
                        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                        C:\Program Files\Norton Ghost\Agent\GhostTray.exe
                        C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
                        C:\Program Files\SPAMfighter\SFAgent.exe
                        C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                        C:\WINDOWS\system32\ctfmon.exe
                        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                        C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
                        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
                        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
                        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
                        C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
                        C:\Program Files\Logitech\SetPoint\SetPoint.exe
                        C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
                        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
                        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
                        C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
                        C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
                        C:\WINDOWS\system32\msiexec.exe
                        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                        R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
                        R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
                        O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
                        O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
                        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
                        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                        O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
                        O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
                        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
                        O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
                        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
                        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
                        O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
                        O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
                        O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
                        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
                        O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
                        O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
                        O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
                        O4 - HKLM\..\Run: [SpeedOptimizer] "C:\Program Files\SpeedOptimizer\SPO.exe"
                        O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
                        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                        O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                        O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                        O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
                        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
                        O4 - Global Startup: hp psc 1000 series.lnk = ?
                        O4 - Global Startup: hpoddt01.exe.lnk = ?
                        O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                        O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
                        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
                        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
                        O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
                        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                        O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                        O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
                        O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
                        O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://webwork.rochdale.nl/vdesk/terminal/InstallerControl.cab#version=6020,2008,0122,2009
                        O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://webwork.rochdale.nl/vdesk/terminal/f5InspectionHost.cab#version=6020,2008,0122,2004
                        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095262570347
                        O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
                        O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://webwork.rochdale.nl/vdesk/terminal/urTermProxy.cab#version=6020,2008,0122,2001
                        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190817383042
                        O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
                        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                        O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.5/Installer.exe
                        O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://webwork.rochdale.nl/vdesk/terminal/urxshost.cab#version=6020,2008,0122,2005
                        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                        O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
                        O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
                        O16 - DPF: {D84C4D49-A63A-4432-B319-718ECA705773} - https://webwork.rochdale.nl/policy/download_binary.php/win32/f5syschk.cab#Version=5500,0,50830,1
                        O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://webwork.rochdale.nl/vdesk/terminal/urxhost.cab#version=6020,2008,0122,2004
                        O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://webwork.rochdale.nl/policy/download_binary.php/win32/f5syschk.cab#Version=6020,2008,0122,2007
                        O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
                        O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
                        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
                        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                        O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                        O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
                        O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
                        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                        O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                        O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                        O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                        O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
                        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                        O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
                        O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
                        O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
                        O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                        O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
                        O24 - Desktop Component 1: Intelligent Explorer[ieplugin.com] OnScreen Portal - http://active.ieplugin.com/active/?17275966

                        --
                        End of file - 14031 bytes

                        Comment


                        • #13
                          nog 2x geprobeerd 2x deed ie het wel

                          ComboFix 08-02.05.3 - Hoogland 2008-02-05 16:40:43.4 - NTFSx86
                          Gestart vanuit: C:\Documents and Settings\Hoogland\Bureaublad\ComboFix.exe

                          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                          .

                          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-05 to 2008-02-05 ))))))))))))))))))))))))))))))
                          .

                          2008-02-05 15:08 . 2008-02-05 15:34 <DIR> dr-h----- C:\Documents and Settings\Hoogland\Onlangs geopend
                          2008-02-03 21:29 . 2008-02-03 21:29 <DIR> d-------- C:\Program Files\Belastingdienst
                          2008-02-02 14:26 . 2008-02-02 14:26 <DIR> d-------- C:\Program Files\SpeedOptimizer
                          2008-02-02 14:26 . 2008-02-02 14:26 <DIR> d-------- C:\Program Files\AskPBar
                          2008-02-02 14:15 . 2008-02-05 15:26 <DIR> d-------- C:\Program Files\SpeedBit Video Accelerator
                          2008-02-02 14:11 . 2008-02-02 14:35 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
                          2008-02-02 14:10 . 2008-02-02 14:10 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
                          2008-01-30 12:43 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
                          2008-01-30 12:43 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
                          2008-01-30 12:43 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
                          2008-01-24 16:45 . 2008-01-24 16:45 272 --a------ C:\WINDOWS\_delis32.ini
                          2008-01-24 16:32 . 2008-01-24 16:33 <DIR> d-------- C:\Program Files\CCleaner
                          2008-01-22 14:04 . 2008-01-22 14:04 <DIR> d-------- C:\Program Files\Trend Micro
                          2008-01-21 18:39 . 2008-01-21 18:43 <DIR> d-------- C:\WINDOWS\system32\nl-nl
                          2008-01-21 17:39 . 2007-10-11 00:53 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
                          2008-01-21 17:39 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
                          2008-01-21 17:39 . 2007-07-01 04:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
                          2008-01-21 17:39 . 2007-10-11 00:53 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
                          2008-01-21 17:39 . 2007-10-11 00:53 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
                          2008-01-21 17:39 . 2007-10-11 00:53 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
                          2008-01-21 17:39 . 2007-10-11 00:53 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
                          2008-01-21 17:39 . 2007-10-11 00:53 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
                          2008-01-21 17:39 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
                          2008-01-20 19:52 . 2008-01-22 13:35 <DIR> d-------- C:\Program Files\Norton 360
                          2008-01-20 19:05 . 2008-01-20 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
                          2008-01-18 17:57 . 2008-01-18 17:57 <DIR> d--hs---- C:\found.001
                          2008-01-05 11:29 . 2008-01-11 13:04 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory

                          .
                          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          2008-02-05 14:43 --------- d-----w C:\Program Files\Java
                          2008-02-05 14:26 --------- d-----w C:\Program Files\SPAMfighter
                          2008-02-05 13:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
                          2008-02-02 14:14 --------- d-----w C:\Program Files\PokerStars
                          2008-02-02 10:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
                          2008-01-24 15:52 --------- d-----w C:\Program Files\Zylom Games
                          2008-01-24 15:51 --------- d-----w C:\Program Files\Yahoo!
                          2008-01-24 15:50 --------- d-----w C:\Program Files\MSN Games
                          2008-01-24 15:48 --------- d-----w C:\Documents and Settings\Hoogland\Application Data\PPStream
                          2008-01-24 15:47 --------- d-----w C:\Program Files\Common Files\Logitech
                          2008-01-24 15:44 --------- d-----w C:\Program Files\Logitech
                          2008-01-24 15:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
                          2008-01-24 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                          2008-01-22 18:49 --------- d-----w C:\Program Files\Van Groot Gewicht
                          2008-01-22 12:35 --------- d-----w C:\Program Files\Google
                          2008-01-20 21:34 --------- d-----w C:\Documents and Settings\Hoogland\Application Data\Symantec
                          2008-01-20 20:25 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
                          2008-01-20 20:25 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
                          2008-01-20 20:25 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
                          2008-01-20 20:25 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
                          2008-01-20 20:25 --------- d-----w C:\Program Files\Symantec
                          2008-01-17 17:27 --------- d-----w C:\Documents and Settings\Hoogland\Application Data\Screenshot Sender
                          2008-01-11 14:57 --------- d-----w C:\Program Files\Postbank Blue World Sjoelspel
                          2007-12-30 12:31 --------- d-----w C:\Program Files\Teletekstbrowser
                          2007-12-18 16:59 --------- d-----w C:\Program Files\Wolters
                          2007-12-08 20:28 --------- d-----w C:\Documents and Settings\Hoogland\Application Data\vlc
                          2007-12-08 19:03 --------- d-----w C:\Program Files\VideoLAN
                          2007-12-08 18:42 --------- d-----w C:\Documents and Settings\Hoogland\Application Data\SopCast
                          2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
                          2007-05-21 16:35 21,224 ----a-w C:\Documents and Settings\Hoogland\Application Data\GDIPFONTCACHEV1.DAT
                          2005-12-19 15:06 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
                          2005-09-09 18:56 7,480,856 -c--a-w C:\Program Files\NGhost10.msi
                          2005-09-09 18:56 4,588,970 -c--a-w C:\Program Files\setup.exe
                          2005-09-09 18:56 37,926,517 -c--a-w C:\Program Files\Data1.cab
                          2005-09-09 18:56 35 -c--a-w C:\Program Files\SCSSDist.ini
                          2003-08-21 20:13 0 -c-ha-w C:\Documents and Settings\Hoogland\hpothb07.dat
                          2003-08-21 20:11 189 ---ha-w C:\Documents and Settings\Hoogland\Application Data\hpothb07.dat
                          2004-08-27 21:08 32 -csha-w C:\WINDOWS\{A54D049B-1797-4D9C-9A4E-A6BCFE496816}.dat
                          2004-08-27 21:08 32 -csha-w C:\WINDOWS\system32\{84FD2F6C-ED59-418E-8EC8-6E7FFACAFEF1}.dat
                          .

                          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          .
                          REGEDIT4
                          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
                          "{08AA8153-7692-00F1-8067-267EE8C7881A}"= C:\PROGRA~1\FunkTons\Settings dash.dll [ ]

                          [HKEY_CLASSES_ROOT\clsid\{08aa8153-7692-00f1-8067-267ee8c7881a}]
                          [HKEY_CLASSES_ROOT\chin.JunkSoap.1]
                          [HKEY_CLASSES_ROOT\chin.JunkSoap]

                          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\qe dixdry]
                          @={E1478AD9-B0E2-5F80-4F9D-96E0520F1D57}

                          [HKEY_CLASSES_ROOT\CLSID\{E1478AD9-B0E2-5F80-4F9D-96E0520F1D57}]
                          C:\WINDOWS\System32\qedixdry.dll

                          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-26 20:02 67128]
                          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
                          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-26 20:23 68856]

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 11:50 155648]
                          "nwiz"="nwiz.exe" [2005-02-24 06:32 1495040 C:\WINDOWS\system32\nwiz.exe]
                          "SoundMan"="SOUNDMAN.EXE" [2002-08-02 12:00 46592 C:\WINDOWS\SOUNDMAN.EXE]
                          "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
                          "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-02-24 06:32 5537792]
                          "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-02-24 06:32 86016]
                          "Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2005-09-09 19:09 1537648]
                          "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 13:46 28160 C:\WINDOWS\KHALMNPR.Exe]
                          "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [ ]
                          "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
                          "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
                          "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-11-01 17:15 308880]
                          "SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-02-02 14:15 2283120]
                          "SpeedOptimizer"="C:\Program Files\SpeedOptimizer\SPO.exe" [2008-02-02 14:26 853488]
                          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

                          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
                          "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2007-09-26 11:47 492912]
                          "Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52 218232]

                          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                          Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
                          Enable Wireless Keyboard Driver.lnk - C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe [2003-06-14 15:13:50 188416]
                          HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
                          hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 20:08:34 147456]
                          hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 19:56:10 40960]
                          Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-26 20:02:23 67128]
                          Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-09-13 14:08:34 450560]
                          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]


                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]


                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus2]
                          C:\Program Files\Messenger Plus! 2\MsgPlus.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
                          "MDM"=2 (0x2)

                          R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2001-11-27 14:07]
                          R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-02-02 14:15]
                          R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-11-01 17:15]
                          R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe -start
                          R3 NtApm;NT Apm/Legacy-interfacestuurprogramma;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2002-09-11 13:00]
                          S2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys [2003-02-05 11:03]
                          S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2003-02-05 11:03]
                          S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys

                          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e133e20-a282-11dc-b5d1-0002446f315b}]
                          \Shell\AutoRun\command - F:\ClickMe.exe

                          *Newly Created Service* - COMHOST
                          .
                          **************************************************************************

                          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                          Rootkit scan 2008-02-05 16:48:16
                          Windows 5.1.2600 Service Pack 2 NTFS

                          scannen van verborgen processen ...

                          scannen van verborgen autostart items ...

                          scannen van verborgen bestanden ...

                          Scan succesvol afgerond
                          verborgen bestanden: 0

                          **************************************************************************
                          .
                          Voltooingstijd: 2008-02-05 16:51:25
                          .
                          2008-01-22 14:56:24 --- E O F ---

                          Comment


                          • #14
                            Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

                            File::
                            C:\WINDOWS\_delis32.ini

                            Folder::
                            C:\found.001
                            C:\Program Files\FunkTons

                            Registry::
                            [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
                            "{08AA8153-7692-00F1-8067-267EE8C7881A}"=-
                            [-HKEY_CLASSES_ROOT\clsid\{08aa8153-7692-00f1-8067-267ee8c7881a}]
                            [-HKEY_CLASSES_ROOT\chin.JunkSoap.1]
                            [-HKEY_CLASSES_ROOT\chin.JunkSoap]
                            [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\qe dixdry]
                            [-HKEY_CLASSES_ROOT\CLSID\{E1478AD9-B0E2-5F80-4F9D-96E0520F1D57}]
                            [-HKEY_CLASSES_ROOT\CLSID\{E1478AD9-B0E2-5F80-4F9D-96E0520F1D57}]


                            Sla dit op op je Bureaublad als CFScript.txt

                            Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                            Dit zal ComboFix doen herstarten.
                            Start opnieuw op als daarom gevraagd wordt,
                            en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
                            Groet,
                            Pimmerd

                            Comment


                            • #15
                              Excuses voor de late reactie, had het druk

                              Combofix log

                              Combofix log

                              ComboFix 08-02-14.2 - Hoogland 2008-02-14 15:23:36.5 - NTFSx86
                              Gestart vanuit: C:\Documents and Settings\Hoogland\Bureaublad\ComboFix.exe
                              Command switches used :: C:\Documents and Settings\Hoogland\Bureaublad\CFScript.txt
                              * Nieuw herstelpunt werd aangemaakt

                              WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

                              FILE
                              C:\WINDOWS\_delis32.ini
                              .

                              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                              .

                              C:\found.001
                              C:\found.001\file0000.chk
                              C:\WINDOWS\_delis32.ini

                              .
                              (((((((((((((((((((( Bestanden Gemaakt van 2008-01-14 to 2008-02-14 ))))))))))))))))))))))))))))))
                              .

                              2008-02-13 22:33 . 2008-02-13 22:35 1,374 --a------ C:\WINDOWS\imsins.BAK
                              2008-02-09 21:30 . 2008-02-09 21:31 <DIR> d-------- C:\Program Files\TVAnts
                              2008-02-08 18:27 . 2008-02-08 18:27 <DIR> d-------- C:\Program Files\Cheat Engine
                              2008-02-08 18:27 . 2005-09-04 00:48 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
                              2008-02-08 18:27 . 2005-09-04 00:48 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
                              2008-02-05 15:10 . 2004-08-04 09:03 399,360 --a------ C:\kmd.exe
                              2008-02-05 15:08 . 2008-02-14 15:21 <DIR> dr-h----- C:\Documents and Settings\Hoogland\Onlangs geopend
                              2008-02-03 21:29 . 2008-02-03 21:29 <DIR> d-------- C:\Program Files\Belastingdienst
                              2008-02-02 14:26 . 2008-02-02 14:26 <DIR> d-------- C:\Program Files\AskPBar
                              2008-02-02 14:11 . 2008-02-02 14:35 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
                              2008-02-02 14:10 . 2008-02-02 14:10 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
                              2008-01-30 12:43 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
                              2008-01-30 12:43 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
                              2008-01-30 12:43 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
                              2008-01-24 16:32 . 2008-01-24 16:33 <DIR> d-------- C:\Program Files\CCleaner
                              2008-01-22 14:04 . 2008-01-22 14:04 <DIR> d-------- C:\Program Files\Trend Micro
                              2008-01-21 18:39 . 2008-01-21 18:43 <DIR> d-------- C:\WINDOWS\system32\nl-nl
                              2008-01-21 17:39 . 2007-12-07 03:18 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
                              2008-01-21 17:39 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
                              2008-01-21 17:39 . 2007-07-01 04:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
                              2008-01-21 17:39 . 2007-12-07 03:18 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
                              2008-01-21 17:39 . 2007-12-07 03:18 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
                              2008-01-21 17:39 . 2007-12-07 03:18 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
                              2008-01-21 17:39 . 2007-12-07 03:18 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
                              2008-01-21 17:39 . 2007-12-07 03:18 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
                              2008-01-21 17:39 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
                              2008-01-20 19:52 . 2008-01-22 13:35 <DIR> d-------- C:\Program Files\Norton 360
                              2008-01-20 19:05 . 2008-01-20 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files

                              .
                              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              2008-02-14 14:01 --------- d-----w C:\Program Files\SPAMfighter
                              2008-02-13 22:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
                              2008-02-05 14:43 --------- d-----w C:\Program Files\Java
                              2008-02-02 14:14 --------- d-----w C:\Program Files\PokerStars
                              2008-02-02 10:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
                              2008-01-24 15:52 --------- d-----w C:\Program Files\Zylom Games
                              2008-01-24 15:51 --------- d-----w C:\Program Files\Yahoo!
                              2008-01-24 15:50 --------- d-----w C:\Program Files\MSN Games
                              2008-01-24 15:48 --------- d-----w C:\Documents and Settings\Hoogland\Application Data\PPStream
                              2008-01-24 15:47 --------- d-----w C:\Program Files\Common Files\Logitech
                              2008-01-24 15:44 --------- d-----w C:\Program Files\Logitech
                              2008-01-24 15:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
                              2008-01-24 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                              2008-01-22 18:49 --------- d-----w C:\Program Files\Van Groot Gewicht
                              2008-01-22 12:35 --------- d-----w C:\Program Files\Google
                              2008-01-20 21:34 --------- d-----w C:\Documents and Settings\Hoogland\Application Data\Symantec
                              2008-01-20 20:25 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
                              2008-01-20 20:25 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
                              2008-01-20 20:25 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
                              2008-01-20 20:25 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
                              2008-01-20 20:25 --------- d-----w C:\Program Files\Symantec
                              2008-01-17 17:27 --------- d-----w C:\Documents and Settings\Hoogland\Application Data\Screenshot Sender
                              2008-01-11 14:57 --------- d-----w C:\Program Files\Postbank Blue World Sjoelspel
                              2008-01-11 12:04 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
                              2007-12-30 12:31 --------- d-----w C:\Program Files\Teletekstbrowser
                              2007-12-18 16:59 --------- d-----w C:\Program Files\Wolters
                              2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
                              2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
                              2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
                              2007-05-21 16:35 21,224 ----a-w C:\Documents and Settings\Hoogland\Application Data\GDIPFONTCACHEV1.DAT
                              2005-12-19 15:06 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
                              2005-09-09 18:56 7,480,856 -c--a-w C:\Program Files\NGhost10.msi
                              2005-09-09 18:56 4,588,970 -c--a-w C:\Program Files\setup.exe
                              2005-09-09 18:56 37,926,517 -c--a-w C:\Program Files\Data1.cab
                              2005-09-09 18:56 35 -c--a-w C:\Program Files\SCSSDist.ini
                              2003-08-21 20:13 0 -c-ha-w C:\Documents and Settings\Hoogland\hpothb07.dat
                              2003-08-21 20:11 189 ---ha-w C:\Documents and Settings\Hoogland\Application Data\hpothb07.dat
                              2004-08-27 21:08 32 -csha-w C:\WINDOWS\{A54D049B-1797-4D9C-9A4E-A6BCFE496816}.dat
                              2004-08-27 21:08 32 -csha-w C:\WINDOWS\system32\{84FD2F6C-ED59-418E-8EC8-6E7FFACAFEF1}.dat
                              .

                              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              .
                              REGEDIT4
                              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-26 20:02 67128]
                              "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
                              "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-26 20:23 68856]

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 11:50 155648]
                              "nwiz"="nwiz.exe" [2005-02-24 06:32 1495040 C:\WINDOWS\system32\nwiz.exe]
                              "SoundMan"="SOUNDMAN.EXE" [2002-08-02 12:00 46592 C:\WINDOWS\SOUNDMAN.EXE]
                              "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
                              "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-02-24 06:32 5537792]
                              "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-02-24 06:32 86016]
                              "Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2005-09-09 19:09 1537648]
                              "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 13:46 28160 C:\WINDOWS\KHALMNPR.Exe]
                              "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [ ]
                              "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
                              "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
                              "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-11-01 17:15 308880]
                              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

                              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                              "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
                              "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2007-09-26 11:47 492912]
                              "Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52 218232]

                              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                              Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
                              Enable Wireless Keyboard Driver.lnk - C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe [2003-06-14 15:13:50 188416]
                              HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
                              hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 20:08:34 147456]
                              hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 19:56:10 40960]
                              Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-26 20:02:23 67128]
                              Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-09-13 14:08:34 450560]
                              Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]


                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]


                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus2]
                              C:\Program Files\Messenger Plus! 2\MsgPlus.exe

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
                              "MDM"=2 (0x2)

                              R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2001-11-27 14:07]
                              R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-11-01 17:15]
                              R3 NtApm;NT Apm/Legacy-interfacestuurprogramma;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2002-09-11 13:00]
                              S2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys [2003-02-05 11:03]
                              S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2003-02-05 11:03]
                              S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys

                              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e133e20-a282-11dc-b5d1-0002446f315b}]
                              \Shell\AutoRun\command - F:\ClickMe.exe

                              *Newly Created Service* - COMHOST
                              .
                              **************************************************************************

                              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                              Rootkit scan 2008-02-14 15:29:50
                              Windows 5.1.2600 Service Pack 2 NTFS

                              scannen van verborgen processen ...

                              scannen van verborgen autostart items ...

                              scannen van verborgen bestanden ...

                              Scan succesvol afgerond
                              verborgen bestanden: 0

                              **************************************************************************
                              .
                              Voltooingstijd: 2008-02-14 15:32:33
                              ComboFix-quarantined-files.txt 2008-02-14 14:32:29
                              ComboFix2.txt 2008-02-05 15:51:26
                              .
                              2008-02-13 21:42:36 --- E O F ---
                              Hijackthis log

                              Logfile of Trend Micro HijackThis v2.0.2
                              Scan saved at 15:40:34, on 14/02/2008
                              Platform: Windows XP SP2 (WinNT 5.01.2600)
                              MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                              Boot mode: Normal

                              Running processes:
                              C:\WINDOWS\System32\smss.exe
                              C:\WINDOWS\system32\winlogon.exe
                              C:\WINDOWS\system32\services.exe
                              C:\WINDOWS\system32\lsass.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                              C:\WINDOWS\system32\spoolsv.exe
                              C:\WINDOWS\System32\GEARSec.exe
                              C:\Program Files\Norton Ghost\Agent\VProSvc.exe
                              C:\WINDOWS\SOUNDMAN.EXE
                              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                              C:\Program Files\Norton Ghost\Agent\GhostTray.exe
                              C:\WINDOWS\System32\nvsvc32.exe
                              C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                              C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
                              C:\Program Files\SPAMfighter\SFAgent.exe
                              C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                              C:\WINDOWS\system32\ctfmon.exe
                              C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                              C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
                              C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
                              C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
                              C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
                              C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
                              C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                              C:\Program Files\Logitech\SetPoint\SetPoint.exe
                              C:\WINDOWS\System32\snmp.exe
                              C:\Program Files\SPAMfighter\sfus.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
                              C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
                              C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
                              C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                              C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
                              C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
                              C:\WINDOWS\explorer.exe
                              C:\Program Files\internet explorer\iexplore.exe
                              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                              R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
                              R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
                              O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
                              O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
                              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                              O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
                              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                              O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
                              O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
                              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
                              O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
                              O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
                              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                              O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                              O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
                              O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
                              O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
                              O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
                              O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
                              O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
                              O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
                              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                              O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                              O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                              O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                              O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
                              O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
                              O4 - Global Startup: hp psc 1000 series.lnk = ?
                              O4 - Global Startup: hpoddt01.exe.lnk = ?
                              O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                              O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
                              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                              O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
                              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                              O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                              O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
                              O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
                              O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://webwork.rochdale.nl/vdesk/terminal/InstallerControl.cab#version=6020,2008,0122,2009
                              O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://webwork.rochdale.nl/vdesk/terminal/f5InspectionHost.cab#version=6020,2008,0122,2004
                              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095262570347
                              O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
                              O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://webwork.rochdale.nl/vdesk/terminal/urTermProxy.cab#version=6020,2008,0122,2001
                              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190817383042
                              O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
                              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                              O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.5/Installer.exe
                              O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://webwork.rochdale.nl/vdesk/terminal/urxshost.cab#version=6020,2008,0122,2005
                              O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                              O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
                              O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
                              O16 - DPF: {D84C4D49-A63A-4432-B319-718ECA705773} - https://webwork.rochdale.nl/policy/download_binary.php/win32/f5syschk.cab#Version=5500,0,50830,1
                              O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://webwork.rochdale.nl/vdesk/terminal/urxhost.cab#version=6020,2008,0122,2004
                              O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://webwork.rochdale.nl/policy/download_binary.php/win32/f5syschk.cab#Version=6020,2008,0122,2007
                              O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
                              O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                              O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
                              O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                              O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
                              O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                              O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                              O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
                              O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
                              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                              O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                              O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                              O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                              O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
                              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                              O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
                              O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
                              O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
                              O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                              O24 - Desktop Component 1: Intelligent Explorer[ieplugin.com] OnScreen Portal - http://active.ieplugin.com/active/?17275966

                              --
                              End of file - 13548 bytes
                              Last edited by Toine123; 14-02-08, 15:41.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X