Mededeling

Collapse
No announcement yet.

probleem met W32/smalltroj.CVCA

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • probleem met W32/smalltroj.CVCA

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:52:29, on 21-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Norman\Npm\bin\ELOGSVC.EXE
    C:\Norman\Npm\Bin\Zanda.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Norman\Npm\bin\ZLH.EXE
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Norman\NPF\NPFSVICE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\perfs.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\WINDOWS\system32\routing.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Norman\Npm\bin\NJEEVES.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\System32\alg.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\NORMAN\Nvc\BIN\nvcoas.exe
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    D:\programma\utorrent.exe
    C:\Norman\Nvc\bin\cclaw.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Norman\Nvc\BIN\nvcod.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
    O2 - BHO: MySidesearch Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
    O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {F619787D-581C-47DA-99D4-0E60ADE0D4C3} - C:\WINDOWS\system32\avmete.dll
    O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.chello.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096661224421
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploader4.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploader3.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ALEXDE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

    --
    End of file - 10769 bytes

    Komt om de haverklap terug bij dubbelklikken van een programma. Norman laten scannen CCleaner en ad-aware...
    edoch blijft terugkomen...Wat te doen..?

    Alexanderaa

  • #2
    [QUOTE=alexanderaa;323575]Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:52:29, on 21-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Norman\Npm\bin\ELOGSVC.EXE
    C:\Norman\Npm\Bin\Zanda.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Norman\Npm\bin\ZLH.EXE
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Norman\NPF\NPFSVICE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\perfs.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\WINDOWS\system32\routing.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Norman\Npm\bin\NJEEVES.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\System32\alg.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\NORMAN\Nvc\BIN\nvcoas.exe
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    D:\programma\utorrent.exe
    C:\Norman\Nvc\bin\cclaw.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Norman\Nvc\BIN\nvcod.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
    O2 - BHO: MySidesearch Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
    O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {F619787D-581C-47DA-99D4-0E60ADE0D4C3} - C:\WINDOWS\system32\avmete.dll
    O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.chello.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096661224421
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploader4.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploader3.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ALEXDE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

    --
    End of file - 10769 bytes

    Komt om de haverklap terug bij dubbelklikken van een programma. Norman laten scannen CCleaner en ad-aware...
    edoch blijft terugkomen...Wat te doen..?

    Betreft melding:
    Norman virus Control detected a trojan and moved it to the quarantine
    Location: C\windows\system32\avmete.dll
    trjan: W32/smalltroj.CVCA

    Comment


    • #3
      Download: RVAXO.exe
      • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
      • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
        Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
      • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
      • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
        Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
      • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
      • Post de inhoud van de logfile in je volgende bericht.


      Download Combofix (mirror) naar je Bureaublad.
      Dubbelklik op Combofix.exe
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
      Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
      Plaats deze log in je volgende post.

      NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

      Comment


      • #4
        Hoi Smeenk,

        Stuur je hierbij de logfile: RVAXO-results.log..



        --RVAXO.exe Updated: 2008-02-22---first run---
        Files found:
        C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
        C:\WINDOWS\system32\mysidesearch_sidebar.dll
        C:\WINDOWS\system32\dcads-remove.exe
        C:\WINDOWS\system32\superiorads-uninst.exe
        C:\WINDOWS\system32\vbzip11.dll
        C:\WINDOWS\system32\Indt2.sys
        C:\WINDOWS\system32\drmgs.sys
        C:\WINDOWS\system32\perfs.exe
        C:\WINDOWS\system32\routing.exe
        C:\WINDOWS\system32\actskn45.ocx

        Uninstallers:


        Folders Found:

        C:\Program Files\Dcads Games Collection

        Hosts-file was reset, If you use a custom hosts file please replace it...

        --------------RVAXO.exe last run---------------

        Files found:

        Folders Found:

        --------------RVAXO.exe finished----------------






        en stuur het Combofix.txt hierbij..




        ComboFix 08-02-22.2 - a d 2008-02-22 18:01:25.1 - NTFSx86
        Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.105 [GMT 1:00]
        Gestart vanuit: C:\Documents and Settings\a d\Bureaublad\ComboFix.exe
        * Nieuw herstelpunt werd aangemaakt

        WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
        .
        ADS - explorer.exe: deleted 88 bytes in 2 streams.

        (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        C:\Documents and Settings\a d\Application Data\inst.exe
        C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
        C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
        C:\Program Files\iMeshBar
        C:\Program Files\iMeshBar\bar\Cache\00008126
        C:\Program Files\iMeshBar\bar\Cache\000093D3
        C:\Program Files\iMeshBar\bar\Cache\0000A9FB
        C:\Program Files\iMeshBar\bar\Cache\00014783
        C:\Program Files\iMeshBar\bar\Cache\000213DC
        C:\Program Files\iMeshBar\bar\Cache\0002E4F7
        C:\Program Files\iMeshBar\bar\Cache\0003181D
        C:\Program Files\iMeshBar\bar\Cache\0004651F
        C:\Program Files\iMeshBar\bar\Cache\0004B9C7
        C:\Program Files\iMeshBar\bar\Cache\0007C542.bin
        C:\Program Files\iMeshBar\bar\Cache\0007C61C.bmp
        C:\Program Files\iMeshBar\bar\Cache\0007C736.bmp
        C:\Program Files\iMeshBar\bar\Cache\001A45C4
        C:\Program Files\iMeshBar\bar\Cache\008216DB
        C:\Program Files\iMeshBar\bar\Cache\00F0B5B4
        C:\Program Files\iMeshBar\bar\Cache\035AB44E
        C:\Program Files\iMeshBar\bar\Cache\05098B1B
        C:\Program Files\iMeshBar\bar\Cache\0687DC18
        C:\Program Files\iMeshBar\bar\Cache\2479D4DD
        C:\Program Files\iMeshBar\bar\Cache\files.ini
        C:\Program Files\iMeshBar\bar\History\search
        C:\Program Files\iMeshBar\bar\Settings\prevcfg.htm
        C:\Program Files\iMeshBar\desktop.ini
        C:\Program Files\internet explorer\svchost.exe
        C:\Program Files\newdotnet
        C:\Program Files\newdotnet\desktop.ini

        ----- BITS: Mogelijk geïnfecteerde sites -----

        hxxp://au.download.wind
        .
        (((((((((((((((((((( Bestanden Gemaakt van 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))
        .

        2008-02-22 17:58 . 2008-02-22 17:58 <DIR> d-------- C:\Kaula Cocktails
        2008-02-22 17:43 . 2008-02-22 17:54 <DIR> d-------- C:\RVAXO
        2008-02-22 13:18 . 2008-02-22 17:41 538 --a------ C:\hpfr5550.xml
        2008-02-22 13:03 . 2008-02-22 12:17 709,218 --a------ C:\WINDOWS\system32\RVAXO.bat
        2008-02-22 13:03 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
        2008-02-21 22:11 . 2008-02-21 22:11 <DIR> d-------- C:\Nature Wallpapers HD
        2008-02-21 18:51 . 2008-02-21 18:51 <DIR> d-------- C:\Program Files\Trend Micro
        2008-02-21 01:46 . 2008-02-21 01:49 1,374 --a------ C:\WINDOWS\imsins.BAK
        2008-02-20 23:46 . 2008-02-20 23:46 <DIR> d-------- C:\Program Files\SpywareBlaster
        2008-02-20 23:35 . 2008-02-20 23:37 <DIR> d-------- C:\Program Files\Hitman Pro
        2008-02-20 22:41 . 2008-02-20 22:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
        2008-02-20 22:21 . 2008-02-22 17:59 <DIR> d--hs---- C:\Documents and Settings\a d\Onlangs geopend
        2008-02-20 21:54 . 2008-02-20 21:54 <DIR> d-------- C:\Documents and Settings\a d\.limewire
        2008-02-20 21:35 . 2008-02-20 21:53 <DIR> d-------- C:\Program Files\Spyware Doctor
        2008-02-18 17:42 . 2008-02-20 21:53 <DIR> d-------- C:\Program Files\WinAVI Video Converter 9.0
        2008-02-16 11:43 . 2008-02-16 11:43 <DIR> d-------- C:\Documents and Settings\a d\Application Data\nCleaner
        2008-02-16 11:42 . 2008-02-16 11:42 <DIR> d-------- C:\Program Files\NKProds
        2008-02-13 19:02 . 2008-02-13 19:02 <DIR> d-------- C:\Program Files\Sunbelt Software
        2008-02-13 17:49 . 2008-02-13 17:49 34,360 --------- C:\WINDOWS\system32\drivers\sbapifs.sys
        2008-02-11 22:24 . 19,584 C:\WINDOWS\system32\drivers\puzbrbgw.dat
        2008-02-09 23:00 . 2008-02-09 23:35 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
        2008-02-08 23:21 . 2008-02-08 23:22 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
        2008-02-08 23:21 . 2008-02-08 23:21 306,432 --------- C:\WINDOWS\system32\TuneUpDefragService.exe
        2008-02-08 23:21 . 2007-12-20 10:41 29,440 --------- C:\WINDOWS\system32\uxtuneup.dll
        2008-02-05 09:11 . 2008-02-05 09:11 0 --------- C:\WINDOWS\system32\SBRC.dat
        2008-02-05 09:11 . 2008-02-05 09:11 0 --------- C:\WINDOWS\system32\SBFC.dat
        2008-02-05 08:52 . 2008-02-05 08:52 <DIR> d-------- C:\Documents and Settings\a d\Application Data\Sunbelt Software
        2008-02-05 08:46 . 2008-02-21 06:32 <DIR> d-------- C:\Program Files\RogueRemover PRO
        2008-02-05 08:46 . 2008-02-05 08:46 2,013 -r-h----- C:\WINDOWS\system32\drivers\hosts
        2008-02-04 22:03 . 2008-02-20 22:37 <DIR> d-------- C:\Program Files\Spy Cleaner Gold
        2008-02-04 22:03 . 2004-02-01 22:54 569,368 --------- C:\WINDOWS\system32\olelib.tlb
        2008-02-04 22:03 . 2003-05-14 21:07 389,120 --------- C:\WINDOWS\system32\actskn43.ocx
        2008-02-04 22:03 . 1998-12-02 09:11 143,360 --------- C:\WINDOWS\system32\vbuzip10.dll
        2008-02-04 22:03 . 1999-04-17 23:36 10,752 --------- C:\WINDOWS\system32\aamd532.dll
        2008-02-02 22:37 . 2008-02-02 22:37 <DIR> d-------- C:\Program Files\Super Fast Shutdown
        2008-01-31 21:02 . 2008-01-31 21:02 <DIR> d-------- C:\oma 90 best
        2008-01-28 14:10 . 2002-09-11 13:00 84,480 --a------ C:\WINDOWS\system32\avmete.dll
        2008-01-24 19:58 . 2008-01-24 19:58 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
        2008-01-24 19:35 . 2008-01-24 19:35 <DIR> d-------- C:\Program Files\sql2ksp3
        2008-01-23 15:41 . 2008-01-23 15:41 97,216 --------- C:\WINDOWS\system32\drivers\AnyDVD.sys
        2008-01-23 00:01 . 2008-01-23 00:03 253,952 --------- C:\WINDOWS\system32\andt.sys
        2008-01-22 22:56 . 2008-01-24 19:57 <DIR> d-------- C:\Program Files\IZArc
        2008-01-22 22:55 . 2008-01-24 19:57 <DIR> d-------- C:\Program Files\ffdshow
        2008-01-22 22:55 . 2008-01-22 22:55 <DIR> d-------- C:\Program Files\ALO SOFT
        2008-01-22 22:55 . 2006-03-11 04:56 438,272 --------- C:\WINDOWS\system32\Mpeg2DecFilter.ax
        2008-01-22 22:55 . 2005-11-25 23:13 266,240 --------- C:\WINDOWS\system32\cddareader.ax
        2008-01-22 22:55 . 2006-11-06 15:30 262,144 --------- C:\WINDOWS\system32\lame_enc.dll
        2008-01-22 22:55 . 2008-01-15 18:35 60,273 --------- C:\WINDOWS\system32\pthreadGC2.dll
        2008-01-22 22:55 . 2005-05-16 16:27 53,248 --------- C:\WINDOWS\system32\AloFrame.ocx
        2008-01-22 20:40 . 2008-01-22 20:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Ahead

        .
        ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-02-22 12:03 --------- d-----w C:\Documents and Settings\a d\Application Data\uTorrent
        2008-02-20 21:42 --------- d-----w C:\Documents and Settings\a d\Application Data\Lavasoft
        2008-02-20 21:42 --------- d-----r C:\Program Files\Lavasoft
        2008-02-20 21:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
        2008-02-20 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
        2008-02-20 20:54 --------- d-----w C:\Program Files\LimeWire Turbo
        2008-02-20 20:54 --------- d-----w C:\Program Files\LimeWire
        2008-02-20 20:54 --------- d-----w C:\Program Files\HCC Lite
        2008-02-20 20:54 --------- d-----w C:\Program Files\GrabIt
        2008-02-19 19:32 --------- d-----w C:\Documents and Settings\a d\Application Data\Vso
        2008-02-17 20:26 --------- d-----w C:\Documents and Settings\a d\Application Data\LimeWire
        2008-02-13 21:15 --------- d-----w C:\Documents and Settings\a d\Application Data\dvdcss
        2008-02-13 19:17 --------- d-----w C:\Program Files\Common Files\Sonic Shared
        2008-02-13 19:16 --------- d-----r C:\Program Files\Roxio
        2008-02-13 19:12 --------- d-----w C:\Program Files\Common Files\Roxio Shared
        2008-02-13 19:11 --------- d-----r C:\Program Files\InterActual
        2008-02-13 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
        2008-02-13 18:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
        2008-02-13 18:50 --------- d-----r C:\Program Files\CyberLink
        2008-02-13 18:44 --------- d-----w C:\Program Files\SlySoft
        2008-02-13 18:44 --------- d-----w C:\Program Files\ClubDJ Pro
        2008-02-13 18:41 --------- d-----w C:\Program Files\Common Files\Adobe
        2008-02-08 22:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
        2008-02-02 19:01 --------- d-----r C:\Program Files\Spybot - Search & Destroy
        2008-02-02 18:44 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
        2008-02-02 04:43 --------- d-----w C:\Documents and Settings\a d\Application Data\Registry Booster
        2008-02-02 04:38 --------- d-----r C:\Program Files\XoftSpy
        2008-01-29 12:30 --------- d-----w C:\Program Files\XviD
        2008-01-29 12:30 --------- d-----w C:\Program Files\Teletekstbrowser
        2008-01-29 11:55 --------- d-----r C:\Program Files\DVD Shrink
        2008-01-24 19:14 --------- d-----r C:\Program Files\Microsoft Works
        2008-01-24 18:58 --------- d-----w C:\Program Files\UltraISO
        2008-01-24 18:57 --------- d-----w C:\Program Files\DVDFab Decrypter 3
        2008-01-24 18:57 --------- d-----r C:\Program Files\DVDFab Platinum
        2008-01-22 22:54 --------- d-----w C:\Documents and Settings\a d\Application Data\Nero
        2008-01-22 19:13 --------- d-----w C:\Documents and Settings\a d\Application Data\SlySoft
        2008-01-22 18:40 --------- d-----w C:\Program Files\ImTOO
        2008-01-22 16:55 --------- d-----w C:\Program Files\DVD-RB PRO
        2008-01-15 17:35 7,680 ------w C:\WINDOWS\system32\ff_vfw.dll
        2008-01-14 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
        2008-01-01 21:17 --------- d-----w C:\Documents and Settings\a d\Application Data\Corel
        2007-12-28 10:45 17,301 ----a-w C:\Documents and Settings\a d\Application Data\mdb.bin
        2007-12-26 17:16 --------- d-----w C:\Documents and Settings\a d\Application Data\Ahead
        2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
        2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
        2007-12-07 02:18 267,776 ----a-w C:\WINDOWS\system32\iertutil(2).dll
        2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
        2007-11-26 16:22 1,036,800 ----a-w C:\WINDOWS\explorer.exe
        2007-11-03 20:55 746 ----a-w C:\Program Files\register.reg
        2007-08-08 17:16 47,360 -c--a-w C:\Documents and Settings\a d\Application Data\pcouffin.sys
        2007-01-20 19:44 64,512 ---ha-w C:\Documents and Settings\a d\Application Data\dach100.dll
        2006-10-30 21:35 81,920 -c--a-w C:\Documents and Settings\a d\Application Data\ezpinst.exe
        2006-09-26 18:32 119 --sh--w C:\Program Files\Common Files\desktop.ini
        2006-09-26 18:31 119 --sh--w C:\Program Files\desktop.ini
        2005-05-16 07:50 8,320 ----a-w C:\Program Files\INSTALL.LOG
        2005-05-16 07:50 398 ----a-w C:\Program Files\EINST.INF
        2004-11-05 15:01 398,848 ----a-w C:\Program Files\Uninstall.exe
        2004-11-05 14:59 2,543 ----a-w C:\Program Files\ReadMe.txt
        2004-01-16 10:45 238,639 ------w C:\Program Files\Evaluation Agreement.pdf
        1998-08-24 11:09 10,000 -c--a-w C:\WINDOWS\inf\unregpn.exe
        .

        ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        REGEDIT4
        *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5345A7A1-805A-4923-B505-86B2FEBA3FE0}]

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F619787D-581C-47DA-99D4-0E60ADE0D4C3}]
        2002-09-11 13:00 84480 --a------ C:\WINDOWS\system32\avmete.dll

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe" [2006-05-10 20:52 249856]
        "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49 153136]
        "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
        "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:23 221568]
        "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-01-23 18:04 1670080]
        "RogueMonitor"="C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe" [2008-01-08 18:19 433856]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]
        "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 23:26 406016]
        "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
        "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [ ]
        "QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
        "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
        "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 00:33 188416]
        "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360]
        "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

        C:\Documents and Settings\alex deen\Menu Start\Programma's\Opstarten\
        Y'z ToolBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 14:41:00 90112]

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
        Notification Packages REG_MULTI_SZ :\WINDOWS\syste

        [HKLM\~\startupfolder\C:^Documents and Settings^a d^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
        backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

        [HKLM\~\startupfolder\C:^Documents and Settings^a d^Menu Start^Programma's^Opstarten^Registration-InstantCopy.lnk]
        backup=C:\WINDOWS\pss\Registration-InstantCopy.lnkStartup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
        backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
        --a--c--- 2005-07-14 15:09 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anvshell]
        --------- 2002-09-13 13:00 327680 C:\WINDOWS\Anvshell.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
        --a------ 2007-03-12 12:49 153136 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
        C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
        --------- 2004-08-04 00:03 15360 C:\WINDOWS\system32\ctfmon.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExtraFilmHemmaAgent]

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
        --a--c--- 2004-09-13 15:49 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
        -----c--- 2002-12-10 00:33 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hplampc]
        --------- 2002-01-17 09:40 40448 C:\WINDOWS\system32\hplampc.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
        C:\WINDOWS\system32\dumprep 0 -k

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07NXLRD_2949406]

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
        C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
        --a------ 2006-05-10 20:52 249856 C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
        --a------ 2007-03-09 17:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
        --------- 2004-03-10 23:26 406016 C:\WINDOWS\system32\PSDrvCheck.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
        C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
        --a--c--- 2006-11-15 17:02 473600 C:\Program Files\SPAMfighter\SFAgent.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
        --a--c--- 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
        --a--c--- 2006-04-29 14:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
        --a------ 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

        R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
        R0 umgtnjei;umgtnjei;C:\WINDOWS\system32\drivers\puzbrbgw.dat
        R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 13:47]
        R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2006-03-04 13:00]
        R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
        R2 Ndiskio;Ndiskio;c:\norman\nse\bin\ndiskio.sys [2007-01-02 09:55]
        R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:03]
        R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 09:45]
        R3 nvcoas;Norman Virus Control on-access component;C:\NORMAN\Nvc\BIN\nvcoas.exe [2007-12-12 11:45]
        R3 NVCScheduler;Norman Virus Control Scheduler;C:\NORMAN\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
        S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 14:52]
        S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys [2006-11-03 12:02]
        S3 hp4200c;%usbscan.SvcDesc%;C:\WINDOWS\system32\DRIVERS\hp4200c.sys [2001-02-18 09:09]
        S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 08:50]
        S3 nvcfsr;nvcfsr;C:\NORMAN\Nvc\BIN\nvcfsr.sys [2007-01-09 14:25]
        S3 nvcoafl51;nvcoafl51;C:\NORMAN\Nvc\BIN\nvcoafl51.sys [2007-01-09 14:25]
        S3 nvcoaft51;nvcoaft51;C:\NORMAN\Nvc\BIN\nvcoaft51.sys [2007-01-09 14:25]
        S3 nvcoarc51;nvcoarc51;C:\NORMAN\Nvc\BIN\nvcoarc51.sys [2007-01-09 14:25]
        S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-08 23:21]

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
        UxTuneUp

        .
        Inhoud van de 'Gedeelde Taken' map
        "2008-02-20 08:41:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
        - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
        "2008-02-22 17:03:03 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
        - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
        "2008-02-15 21:14:19 C:\WINDOWS\Tasks\Easy Onderhoud.job"
        - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
        "2008-02-22 16:58:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
        - C:\Program Files\Windows Defender\MpCmdRun.exe
        .
        **************************************************************************

        catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-02-22 18:06:30
        Windows 5.1.2600 Service Pack 2 NTFS

        scannen van verborgen processen ...

        scannen van verborgen autostart items ...

        scannen van verborgen bestanden ...

        Scan succesvol afgerond
        verborgen bestanden: 0

        **************************************************************************
        .
        Voltooingstijd: 2008-02-22 18:09:06
        ComboFix-quarantined-files.txt 2008-02-22 17:08:59
        .
        2008-02-22 00:15:01 --- E O F ---


        Helaas blijft de melding komen..
        Wat te doen..??

        Groet, Alexanderaa

        Comment


        • #5
          Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:



          File::
          C:\hpfr5550.xml
          C:\WINDOWS\system32\drivers\puzbrbgw.dat
          C:\WINDOWS\system32\avmete.dll

          Driver::
          umgtnjei

          Registry::
          [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5345A7A1-805A-4923-B505-86B2FEBA3FE0}]
          [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F619787D-581C-47DA-99D4-0E60ADE0D4C3}]




          Sla dit op op je Bureaublad als CFScript.txt

          Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



          Dit zal ComboFix doen herstarten.
          Start opnieuw op als daarom gevraagd wordt,
          en post de inhoud van de Combofix.txt in je volgende antwoord.

          Comment


          • #6
            Hoi Smeenk,
            De comp sloot niet aut. af na maken van combi-fix.txt.
            Hieronder de nieuwe text



            ComboFix 08-02-22.2 - a d 2008-02-22 23:17:42.2 - NTFSx86
            Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.160 [GMT 1:00]
            Gestart vanuit: C:\Documents and Settings\a d\Bureaublad\ComboFix.exe
            Command switches used :: C:\Documents and Settings\a d\Bureaublad\CFScript.txt.doc
            * Nieuw herstelpunt werd aangemaakt

            WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
            .

            (((((((((((((((((((( Bestanden Gemaakt van 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))
            .

            2008-02-22 17:58 . 2008-02-22 17:58 <DIR> d-------- C:\Kaula Cocktails
            2008-02-22 17:43 . 2008-02-22 17:54 <DIR> d-------- C:\RVAXO
            2008-02-22 13:18 . 2008-02-22 18:35 538 --a------ C:\hpfr5550.xml
            2008-02-22 13:03 . 2008-02-22 12:17 709,218 --a------ C:\WINDOWS\system32\RVAXO.bat
            2008-02-22 13:03 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
            2008-02-21 22:11 . 2008-02-21 22:11 <DIR> d-------- C:\Nature Wallpapers HD
            2008-02-21 18:51 . 2008-02-21 18:51 <DIR> d-------- C:\Program Files\Trend Micro
            2008-02-21 01:46 . 2008-02-21 01:49 1,374 --a------ C:\WINDOWS\imsins.BAK
            2008-02-20 23:46 . 2008-02-20 23:46 <DIR> d-------- C:\Program Files\SpywareBlaster
            2008-02-20 23:35 . 2008-02-20 23:37 <DIR> d-------- C:\Program Files\Hitman Pro
            2008-02-20 22:41 . 2008-02-20 22:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
            2008-02-20 22:21 . 2008-02-22 23:15 <DIR> d--hs---- C:\Documents and Settings\a d\Onlangs geopend
            2008-02-20 21:54 . 2008-02-20 21:54 <DIR> d-------- C:\Documents and Settings\a d\.limewire
            2008-02-20 21:35 . 2008-02-20 21:53 <DIR> d-------- C:\Program Files\Spyware Doctor
            2008-02-18 17:42 . 2008-02-20 21:53 <DIR> d-------- C:\Program Files\WinAVI Video Converter 9.0
            2008-02-16 11:43 . 2008-02-16 11:43 <DIR> d-------- C:\Documents and Settings\a d\Application Data\nCleaner
            2008-02-16 11:42 . 2008-02-16 11:42 <DIR> d-------- C:\Program Files\NKProds
            2008-02-13 19:02 . 2008-02-13 19:02 <DIR> d-------- C:\Program Files\Sunbelt Software
            2008-02-13 17:49 . 2008-02-13 17:49 34,360 --------- C:\WINDOWS\system32\drivers\sbapifs.sys
            2008-02-11 22:24 . 19,584 C:\WINDOWS\system32\drivers\puzbrbgw.dat
            2008-02-09 23:00 . 2008-02-09 23:35 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
            2008-02-08 23:21 . 2008-02-08 23:22 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
            2008-02-08 23:21 . 2008-02-08 23:21 306,432 --------- C:\WINDOWS\system32\TuneUpDefragService.exe
            2008-02-08 23:21 . 2007-12-20 10:41 29,440 --------- C:\WINDOWS\system32\uxtuneup.dll
            2008-02-05 09:11 . 2008-02-05 09:11 0 --------- C:\WINDOWS\system32\SBRC.dat
            2008-02-05 09:11 . 2008-02-05 09:11 0 --------- C:\WINDOWS\system32\SBFC.dat
            2008-02-05 08:52 . 2008-02-05 08:52 <DIR> d-------- C:\Documents and Settings\a d\Application Data\Sunbelt Software
            2008-02-05 08:46 . 2008-02-21 06:32 <DIR> d-------- C:\Program Files\RogueRemover PRO
            2008-02-05 08:46 . 2008-02-05 08:46 2,013 -r-h----- C:\WINDOWS\system32\drivers\hosts
            2008-02-04 22:03 . 2008-02-20 22:37 <DIR> d-------- C:\Program Files\Spy Cleaner Gold
            2008-02-04 22:03 . 2004-02-01 22:54 569,368 --------- C:\WINDOWS\system32\olelib.tlb
            2008-02-04 22:03 . 2003-05-14 21:07 389,120 --------- C:\WINDOWS\system32\actskn43.ocx
            2008-02-04 22:03 . 1998-12-02 09:11 143,360 --------- C:\WINDOWS\system32\vbuzip10.dll
            2008-02-04 22:03 . 1999-04-17 23:36 10,752 --------- C:\WINDOWS\system32\aamd532.dll
            2008-02-02 22:37 . 2008-02-02 22:37 <DIR> d-------- C:\Program Files\Super Fast Shutdown
            2008-01-31 21:02 . 2008-01-31 21:02 <DIR> d-------- C:\oma 90 best
            2008-01-28 14:10 . 2002-09-11 13:00 84,480 --a------ C:\WINDOWS\system32\avmete.dll
            2008-01-24 19:58 . 2008-01-24 19:58 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
            2008-01-24 19:35 . 2008-01-24 19:35 <DIR> d-------- C:\Program Files\sql2ksp3
            2008-01-23 15:41 . 2008-01-23 15:41 97,216 --------- C:\WINDOWS\system32\drivers\AnyDVD.sys
            2008-01-23 00:01 . 2008-01-23 00:03 253,952 --------- C:\WINDOWS\system32\andt.sys
            2008-01-22 22:56 . 2008-01-24 19:57 <DIR> d-------- C:\Program Files\IZArc
            2008-01-22 22:55 . 2008-01-24 19:57 <DIR> d-------- C:\Program Files\ffdshow
            2008-01-22 22:55 . 2008-01-22 22:55 <DIR> d-------- C:\Program Files\ALO SOFT
            2008-01-22 22:55 . 2006-03-11 04:56 438,272 --------- C:\WINDOWS\system32\Mpeg2DecFilter.ax
            2008-01-22 22:55 . 2005-11-25 23:13 266,240 --------- C:\WINDOWS\system32\cddareader.ax
            2008-01-22 22:55 . 2006-11-06 15:30 262,144 --------- C:\WINDOWS\system32\lame_enc.dll
            2008-01-22 22:55 . 2008-01-15 18:35 60,273 --------- C:\WINDOWS\system32\pthreadGC2.dll
            2008-01-22 22:55 . 2005-05-16 16:27 53,248 --------- C:\WINDOWS\system32\AloFrame.ocx
            2008-01-22 20:40 . 2008-01-22 20:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Ahead

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2008-02-22 22:15 --------- d-----w C:\Documents and Settings\a d\Application Data\uTorrent
            2008-02-20 21:42 --------- d-----w C:\Documents and Settings\a d\Application Data\Lavasoft
            2008-02-20 21:42 --------- d-----r C:\Program Files\Lavasoft
            2008-02-20 21:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
            2008-02-20 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
            2008-02-20 20:54 --------- d-----w C:\Program Files\LimeWire Turbo
            2008-02-20 20:54 --------- d-----w C:\Program Files\LimeWire
            2008-02-20 20:54 --------- d-----w C:\Program Files\HCC Lite
            2008-02-20 20:54 --------- d-----w C:\Program Files\GrabIt
            2008-02-19 19:32 --------- d-----w C:\Documents and Settings\a d\Application Data\Vso
            2008-02-17 20:26 --------- d-----w C:\Documents and Settings\a d\Application Data\LimeWire
            2008-02-13 21:15 --------- d-----w C:\Documents and Settings\a d\Application Data\dvdcss
            2008-02-13 19:17 --------- d-----w C:\Program Files\Common Files\Sonic Shared
            2008-02-13 19:16 --------- d-----r C:\Program Files\Roxio
            2008-02-13 19:12 --------- d-----w C:\Program Files\Common Files\Roxio Shared
            2008-02-13 19:11 --------- d-----r C:\Program Files\InterActual
            2008-02-13 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
            2008-02-13 18:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
            2008-02-13 18:50 --------- d-----r C:\Program Files\CyberLink
            2008-02-13 18:44 --------- d-----w C:\Program Files\SlySoft
            2008-02-13 18:44 --------- d-----w C:\Program Files\ClubDJ Pro
            2008-02-13 18:41 --------- d-----w C:\Program Files\Common Files\Adobe
            2008-02-08 22:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
            2008-02-02 19:01 --------- d-----r C:\Program Files\Spybot - Search & Destroy
            2008-02-02 18:44 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
            2008-02-02 04:43 --------- d-----w C:\Documents and Settings\a d\Application Data\Registry Booster
            2008-02-02 04:38 --------- d-----r C:\Program Files\XoftSpy
            2008-01-29 12:30 --------- d-----w C:\Program Files\XviD
            2008-01-29 12:30 --------- d-----w C:\Program Files\Teletekstbrowser
            2008-01-29 11:55 --------- d-----r C:\Program Files\DVD Shrink
            2008-01-24 19:14 --------- d-----r C:\Program Files\Microsoft Works
            2008-01-24 18:58 --------- d-----w C:\Program Files\UltraISO
            2008-01-24 18:57 --------- d-----w C:\Program Files\DVDFab Decrypter 3
            2008-01-24 18:57 --------- d-----r C:\Program Files\DVDFab Platinum
            2008-01-22 22:54 --------- d-----w C:\Documents and Settings\a d\Application Data\Nero
            2008-01-22 19:13 --------- d-----w C:\Documents and Settings\a d\Application Data\SlySoft
            2008-01-22 18:40 --------- d-----w C:\Program Files\ImTOO
            2008-01-22 16:55 --------- d-----w C:\Program Files\DVD-RB PRO
            2008-01-15 17:35 7,680 ------w C:\WINDOWS\system32\ff_vfw.dll
            2008-01-14 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
            2008-01-01 21:17 --------- d-----w C:\Documents and Settings\a d\Application Data\Corel
            2007-12-28 10:45 17,301 ----a-w C:\Documents and Settings\a d\Application Data\mdb.bin
            2007-12-26 17:16 --------- d-----w C:\Documents and Settings\a d\Application Data\Ahead
            2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
            2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
            2007-12-07 02:18 267,776 ----a-w C:\WINDOWS\system32\iertutil(2).dll
            2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
            2007-11-26 16:22 1,036,800 ----a-w C:\WINDOWS\explorer.exe
            2007-11-03 20:55 746 ----a-w C:\Program Files\register.reg
            2007-08-08 17:16 47,360 -c--a-w C:\Documents and Settings\a d\Application Data\pcouffin.sys
            2007-01-20 19:44 64,512 ---ha-w C:\Documents and Settings\a d\Application Data\dach100.dll
            2006-10-30 21:35 81,920 -c--a-w C:\Documents and Settings\a d\Application Data\ezpinst.exe
            2006-09-26 18:32 119 --sh--w C:\Program Files\Common Files\desktop.ini
            2006-09-26 18:31 119 --sh--w C:\Program Files\desktop.ini
            2005-05-16 07:50 8,320 ----a-w C:\Program Files\INSTALL.LOG
            2005-05-16 07:50 398 ----a-w C:\Program Files\EINST.INF
            2004-11-05 15:01 398,848 ----a-w C:\Program Files\Uninstall.exe
            2004-11-05 14:59 2,543 ----a-w C:\Program Files\ReadMe.txt
            2004-01-16 10:45 238,639 ------w C:\Program Files\Evaluation Agreement.pdf
            1998-08-24 11:09 10,000 -c--a-w C:\WINDOWS\inf\unregpn.exe
            .

            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5345A7A1-805A-4923-B505-86B2FEBA3FE0}]

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F619787D-581C-47DA-99D4-0E60ADE0D4C3}]
            2002-09-11 13:00 84480 --a------ C:\WINDOWS\system32\avmete.dll

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe" [2006-05-10 20:52 249856]
            "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49 153136]
            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
            "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:23 221568]
            "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-01-23 18:04 1670080]
            "RogueMonitor"="C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe" [2008-01-08 18:19 433856]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]
            "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 23:26 406016]
            "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
            "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [ ]
            "QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
            "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
            "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 00:33 188416]
            "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360]
            "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

            C:\Documents and Settings\a d\Menu Start\Programma's\Opstarten\
            Y'z ToolBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 14:41:00 90112]

            [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
            Notification Packages REG_MULTI_SZ :\WINDOWS\syste

            [HKLM\~\startupfolder\C:^Documents and Settings^a d^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
            backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

            [HKLM\~\startupfolder\C:^Documents and Settings^a d^Menu Start^Programma's^Opstarten^Registration-InstantCopy.lnk]
            backup=C:\WINDOWS\pss\Registration-InstantCopy.lnkStartup

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
            backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
            --a--c--- 2005-07-14 15:09 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anvshell]
            --------- 2002-09-13 13:00 327680 C:\WINDOWS\Anvshell.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
            --a------ 2007-03-12 12:49 153136 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
            C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
            --------- 2004-08-04 00:03 15360 C:\WINDOWS\system32\ctfmon.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExtraFilmHemmaAgent]

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
            --a--c--- 2004-09-13 15:49 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
            -----c--- 2002-12-10 00:33 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hplampc]
            --------- 2002-01-17 09:40 40448 C:\WINDOWS\system32\hplampc.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
            C:\WINDOWS\system32\dumprep 0 -k

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07NXLRD_2949406]

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
            C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
            --a------ 2006-05-10 20:52 249856 C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
            --a------ 2007-03-09 17:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
            --------- 2004-03-10 23:26 406016 C:\WINDOWS\system32\PSDrvCheck.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
            C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
            --a--c--- 2006-11-15 17:02 473600 C:\Program Files\SPAMfighter\SFAgent.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
            --a--c--- 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
            --a--c--- 2006-04-29 14:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
            --a------ 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

            R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
            R0 umgtnjei;umgtnjei;C:\WINDOWS\system32\drivers\puzbrbgw.dat
            R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 13:47]
            R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2006-03-04 13:00]
            R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
            R2 Ndiskio;Ndiskio;c:\norman\nse\bin\ndiskio.sys [2007-01-02 09:55]
            R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:03]
            R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 09:45]
            R3 nvcoas;Norman Virus Control on-access component;C:\NORMAN\Nvc\BIN\nvcoas.exe [2007-12-12 11:45]
            R3 NVCScheduler;Norman Virus Control Scheduler;C:\NORMAN\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
            S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 14:52]
            S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys [2006-11-03 12:02]
            S3 hp4200c;%usbscan.SvcDesc%;C:\WINDOWS\system32\DRIVERS\hp4200c.sys [2001-02-18 09:09]
            S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 08:50]
            S3 nvcfsr;nvcfsr;C:\NORMAN\Nvc\BIN\nvcfsr.sys [2007-01-09 14:25]
            S3 nvcoafl51;nvcoafl51;C:\NORMAN\Nvc\BIN\nvcoafl51.sys [2007-01-09 14:25]
            S3 nvcoaft51;nvcoaft51;C:\NORMAN\Nvc\BIN\nvcoaft51.sys [2007-01-09 14:25]
            S3 nvcoarc51;nvcoarc51;C:\NORMAN\Nvc\BIN\nvcoarc51.sys [2007-01-09 14:25]
            S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-08 23:21]

            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
            UxTuneUp

            .
            Inhoud van de 'Gedeelde Taken' map
            "2008-02-20 08:41:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
            - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
            "2008-02-22 22:03:01 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
            - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
            "2008-02-15 21:14:19 C:\WINDOWS\Tasks\Easy Onderhoud.job"
            - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
            "2008-02-22 17:23:45 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
            - C:\Program Files\Windows Defender\MpCmdRun.exe
            .
            **************************************************************************

            catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-02-22 23:23:34
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            Voltooingstijd: 2008-02-22 23:26:20
            ComboFix-quarantined-files.txt 2008-02-22 22:26:12
            ComboFix2.txt 2008-02-22 18:06:39
            .
            2008-02-22 00:15:01 --- E O F ---


            Venster blijft ook na opnieuw opstarten terugkomen.

            ...?
            Groet, Alexanderaa

            Comment


            • #7
              Je doet blijkbaar iets fout, ik zie een doc-bestand:
              Command switches used :: C:\Documents and Settings\a d\Bureaublad\CFScript.txt.doc
              Download de bijlage maar en sleep die over Combofix.exe
              Bijgevoegde Bestanden

              Comment


              • #8
                Hoi Smeenk,

                Hoe je 't doet doe je 't maar 't werkt!!
                1000x bedankt..en ga de brochure er eens op nakijken om eea te installeren..voorkomen zal wel nooit helemaal. Heb dit ook niet eerder bij de hand gehad..maar hoop dat 't nu zo blijft.
                en anders kom ik bij terug! Reuze zo'n site.

                Groet,
                Alexanderaa

                Comment


                • #9
                  Lijkt allemaal goed gegaan te zijn

                  Doe dit nog:
                  Je Java software is verouderd.
                  Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                  Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                  • Download Java Runtime Environment (JRE) 6u4 en bewaar het naar je Bureaublad.
                  • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                  • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                  • Herhaal dit tot alle oudere versies verdwenen zijn.
                  • Na het verwijderen van alle oudere versies, herstart je pc.
                  • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                  Download ATF cleaner (mirror)(gemaakt door Atribune)

                  Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                  Dubbelklik op ATF cleaner om het programma te starten.
                  Op het tabblad "Main", plaats je een vinkje bij Select All.
                  Klik op de knop Empty Selected.

                  Het volgende doen als je ook FireFox als browser hebt:
                  Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                  Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                  (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                  Klik op de knop Empty Selected.

                  Het volgende doen als je ook Opera als browser hebt:
                  Klik op tabblad "Opera", plaats een vinkje bij Select All.
                  Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                  Klik op de knop Empty Selected.
                  Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                  Ga naar Start - Uitvoeren en geef hier het volgende in:
                  Combofix /U
                  Druk daarna op OK.
                  Let op: Er moet een spatie tussen Combofix en /U zitten.

                  Dit zal Combofix deïnstalleren.

                  Post als laatste nog een nieuw logje van Hijackthis ter controle

                  Comment


                  • #10
                    Hoi Smeenk, hier de log-file:

                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 11:46, on 2008-02-24
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\csrss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\Program Files\Windows Defender\MsMpEng.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Norman\Npm\bin\ELOGSVC.EXE
                    C:\Norman\Npm\Bin\Zanda.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\Norman\Npm\bin\ZLH.EXE
                    C:\Norman\Nvc\BIN\NIP.EXE
                    C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
                    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
                    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
                    C:\Program Files\Norman\NPF\NPFSVICE.EXE
                    C:\WINDOWS\system32\nvsvc32.exe
                    C:\WINDOWS\system32\PSIService.exe
                    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
                    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
                    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Norman\Npm\bin\NJEEVES.EXE
                    C:\NORMAN\Nvc\BIN\nvcoas.exe
                    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
                    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
                    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
                    C:\WINDOWS\System32\alg.exe
                    C:\Norman\Nvc\bin\cclaw.exe
                    C:\WINDOWS\System32\wbem\wmiprvse.exe
                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
                    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
                    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
                    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
                    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
                    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
                    O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
                    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
                    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
                    O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
                    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
                    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
                    O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
                    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
                    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                    O15 - Trusted Zone: http://www.chello.nl
                    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
                    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096661224421
                    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploader4.cab
                    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploader3.cab
                    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
                    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
                    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
                    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
                    O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
                    O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
                    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
                    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
                    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
                    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
                    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
                    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
                    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
                    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

                    --
                    End of file - 9905 bytes

                    Groet, Alexanderaa

                    Comment


                    • #11
                      Logje ziet er weer schoon uit

                      Comment


                      • #12
                        Bedankt

                        Bedankt Smeenk!
                        Ik kom af en toe eens neuzen op jullie site!:

                        Comment


                        • #13
                          Graag gedaan hoor

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X