Mededeling

Collapse
No announcement yet.

Malware verwijderen;

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Malware verwijderen;

    Beste,

    Ik heb de richtlijnen gevolgd en hier is het resultaat.
    Ik wacht op verdere inl.
    Lobe;

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:03:31, on 10/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seniorennet.be/Pages/Moppen/mop.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ContextAdvisor - {87E68009-29A8-D669-F7C2-B31D08635C50} - C:\Program Files\ContextAdvisor\ContextAdvisor-2.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [CHotKey] mHotkey.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173192613345
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179740119968
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader4.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://colruyt.fujiprint.be/Colruyt/UserControls/Part/Upload/ImageUploader3.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{128A4C7C-167D-4149-9E4E-101F040F3DCF}: NameServer = 195.238.2.21 195.238.2.22
    O17 - HKLM\System\CS1\Services\Tcpip\..\{128A4C7C-167D-4149-9E4E-101F040F3DCF}: NameServer = 195.238.2.21 195.238.2.22
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    --
    End of file - 9654 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      Oorspronkelijk geplaatst door smeenk Bekijk Berichten
      Download: [url=http://home.hetnet.nl/~stefsmeenk/RVAXO.exe]RVAXO.exe
      • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
      • Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus.
      • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
        Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
      • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
      • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
        Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
      • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
      • Post de inhoud van de logfile in je volgende bericht.
      Download [url=http://www.techsupportforum.com/sectools/Deckard/dss.exe]Deckard's System Scanner naar je Bureaublad.
      • Sluit alle toepassingen en vensters.
      • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
      • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
      • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

      Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
      - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
      Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
      Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)
      ANTWOORD:
      Ik had de RVAXO RESULTS, maar ben ze verloren bij het herstarten.
      Moet ik de ganse procedure terug doen?

      Comment


      • #4
        Dubbelklik RVAXO nog maar een keer, als het goed is verschijnen ze opnieuw

        Comment


        • #5
          blokeren,

          Oorspronkelijk geplaatst door smeenk Bekijk Berichten
          Dubbelklik RVAXO nog maar een keer, als het goed is verschijnen ze opnieuw
          ---RVAXO.exe Updated: 2008-03-10---first run---
          Uninstallers:

          Files found:
          C:\WINDOWS\system32\WinNB58.dll
          C:\WINDOWS\system32\actskn45.ocx

          Folders Found:
          C:\Program Files\PlayMP3z
          C:\Program Files\FBrowsingAdvisor
          C:\Program Files\ContextAdvisor
          C:\Program Files\FBrowserAdvisor

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------
          Not deleted items:

          --------------RVAXO.exe finished----------------

          Comment


          • #6
            Post ook main.txt
            Dat is het logje van Deckard's System Scanner

            Comment


            • #7
              Oorspronkelijk geplaatst door smeenk Bekijk Berichten
              Post ook main.txt
              Dat is het logje van Deckard's System Scanner

              Deckard's System Scanner v20071014.68
              Run by Beeckmans Louis on 2008-03-11 13:49:46
              Computer is in Normal Mode.
              --------------------------------------------------------------------------------

              -- System Restore --------------------------------------------------------------

              Successfully created a Deckard's System Scanner Restore Point.


              -- Last 5 Restore Point(s) --
              92: 2008-03-11 12:50:06 UTC - RP491 - Deckard's System Scanner Restore Point
              91: 2008-03-10 16:58:15 UTC - RP490 - Removed Ulead Photo Explorer
              90: 2008-03-10 09:54:41 UTC - RP489 - Controlepunt van systeem
              89: 2008-03-09 09:02:38 UTC - RP488 - Controlepunt van systeem
              88: 2008-03-08 02:02:46 UTC - RP487 - Software Distribution Service 3.0


              -- First Restore Point --
              1: 2007-12-21 19:37:46 UTC - RP400 - Controlepunt van systeem


              Backed up registry hives.
              Performed disk cleanup.

              Total Physical Memory: 256 MiB (512 MiB recommended).


              -- HijackThis (run as Beeckmans Louis.exe) -------------------------------------

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 13:53:12, on 11/03/2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16608)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
              C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
              C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
              C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\WINDOWS\System32\nvsvc32.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\mHotkey.exe
              C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
              C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
              C:\WINDOWS\Mixer.exe
              C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
              C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
              C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
              C:\WINDOWS\system32\RUNDLL32.EXE
              C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe
              C:\Program Files\iTunes\iTunesHelper.exe
              C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\MSN Messenger\MsnMsgr.Exe
              C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
              C:\Program Files\Google\Google Updater\GoogleUpdater.exe
              C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\Documents and Settings\Beeckmans Louis\Bureaublad\dss.exe
              C:\PROGRA~1\TRENDM~1\HIJACK~1\Beeckmans Louis.exe

              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seniorennet.be/Pages/Moppen/mop.php
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
              R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
              O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
              O4 - HKLM\..\Run: [CHotKey] mHotkey.exe
              O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
              O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
              O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
              O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
              O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
              O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
              O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
              O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe"
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
              O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
              O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
              O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
              O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173192613345
              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179740119968
              O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader4.cab
              O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://colruyt.fujiprint.be/Colruyt/UserControls/Part/Upload/ImageUploader3.cab
              O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
              O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
              O17 - HKLM\System\CCS\Services\Tcpip\..\{128A4C7C-167D-4149-9E4E-101F040F3DCF}: NameServer = 195.238.2.21 195.238.2.22
              O17 - HKLM\System\CS1\Services\Tcpip\..\{128A4C7C-167D-4149-9E4E-101F040F3DCF}: NameServer = 195.238.2.21 195.238.2.22
              O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
              O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
              O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

              --
              End of file - 9340 bytes

              -- File Associations -----------------------------------------------------------

              All associations okay.


              -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

              R3 alcan5wn (Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; THOMSON multimedia; SpeedTouch USB>
              R3 alcaudsl (Alcatel Speed Touch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; THOMSON multimedia; SpeedTouch USB>


              -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

              R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


              -- Device Manager: Disabled ----------------------------------------------------

              Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
              Description: USB-controller
              Device ID: PCI\VEN_1033&DEV_00E0&SUBSYS_20011758&REV_04\4&3AB31F7F&0&0AF0
              Manufacturer:
              Name: USB-controller
              PNP Device ID: PCI\VEN_1033&DEV_00E0&SUBSYS_20011758&REV_04\4&3AB31F7F&0&0AF0
              Service:

              Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
              Description: PCI Simple Communications-controller
              Device ID: PCI\VEN_1813&DEV_4000&SUBSYS_000216BE&REV_02\4&3AB31F7F&0&18F0
              Manufacturer:
              Name: PCI Simple Communications-controller
              PNP Device ID: PCI\VEN_1813&DEV_4000&SUBSYS_000216BE&REV_02\4&3AB31F7F&0&18F0
              Service:


              -- Scheduled Tasks -------------------------------------------------------------

              2008-03-04 18:43:09 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


              -- Files created between 2008-02-11 and 2008-03-11 -----------------------------

              2008-03-11 11:51:35 0 d-------- C:\RVAXO
              2008-03-11 11:49:15 731219 --a------ C:\WINDOWS\system32\RVAXO.bat
              2008-03-11 11:49:15 69632 --a------ C:\WINDOWS\system32\remove.exe
              2008-03-10 23:54:19 0 d-------- C:\Program Files\RVAXO
              2008-03-10 23:52:06 409600 --a------ C:\Program Files\RVAXO.exe
              2008-03-10 21:02:47 0 d-------- C:\Program Files\Trend Micro
              2008-03-10 18:10:04 68954 --a------ C:\WINDOWS\system32\drivers\jl2005c.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
              2008-03-10 18:10:04 0 d-------- C:\Program Files\JL2005C
              2008-03-06 13:18:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
              2008-03-04 12:54:54 0 dr-h----- C:\$VAULT$.AVG
              2008-03-02 20:43:36 0 d-------- C:\Documents and Settings\Beeckmans Louis\Application Data\AVG7
              2008-03-02 20:41:54 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
              2008-03-02 20:20:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
              2008-02-26 19:14:40 0 d-------- C:\Program Files\iPod
              2008-02-26 19:12:53 0 d-------- C:\Program Files\iTunes
              2008-02-26 19:05:22 0 d-------- C:\Program Files\QuickTime
              2008-02-26 02:09:54 100203 --a------ C:\Program Files\PLAY_MP3.exe
              2008-02-24 21:35:59 0 d-------- C:\Documents and Settings\Beeckmans Louis\Application Data\LimeWire
              2008-02-24 21:35:17 0 d-------- C:\Program Files\LimeWire


              -- Find3M Report ---------------------------------------------------------------

              2008-03-10 17:58:25 0 d-------- C:\Program Files\Common Files
              2008-03-07 09:59:47 0 dr------- C:\Program Files\Program Files
              2008-02-28 13:10:39 0 d--h----- C:\Program Files\InstallShield Installation Information
              2008-02-28 13:07:34 0 d-------- C:\Program Files\Gamenext
              2008-02-28 13:06:32 0 d-------- C:\Program Files\NCH Swift Sound
              2008-02-24 19:16:45 0 d-------- C:\Documents and Settings\Beeckmans Louis\Application Data\BearShare
              2008-02-20 11:16:16 367286 --a------ C:\WINDOWS\system32\perfh013.dat
              2008-02-20 11:16:16 54464 --a------ C:\WINDOWS\system32\perfc013.dat
              2008-02-19 03:07:58 0 d-------- C:\Program Files\Microsoft Works
              2008-02-10 23:41:09 0 d-------- C:\Program Files\ExtraFilm PhotoAssistant
              2008-02-03 15:15:35 1444364 --a------ C:\Program Files\Natuurpunt.001 pdf.pdf
              2008-02-03 15:15:11 518950 --a------ C:\Program Files\Natuurpunt.pdf


              -- Registry Dump ---------------------------------------------------------------

              *Note* empty entries & legit default entries are not shown


              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "CHotKey"="mHotkey.exe" [30/08/2000 17:55 C:\WINDOWS\mHotkey.exe]
              "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [12/11/2002 11:02]
              "HotKey"="C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe" [06/01/2004 13:02]
              "C-Media Mixer"="Mixer.exe" [25/09/2001 09:39 C:\WINDOWS\Mixer.exe]
              "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [17/08/2001 04:41]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
              "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [12/12/2001 01:40]
              "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [01/04/2005 15:16]
              "nwiz"="nwiz.exe" [01/04/2005 15:16 C:\WINDOWS\system32\nwiz.exe]
              "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [01/04/2005 15:16]
              "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
              "ExtraFilmHemmaAgent"="C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe" [03/10/2006 09:40]
              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [31/01/2008 23:13]
              "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 13:10]
              "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [06/03/2008 13:22]

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 09:03]
              "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [31/03/2007 23:36]
              "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 11:54]
              "Gadwin PrintScreen 3.5"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [08/07/2006 09:57]

              [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
              "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [7/03/2007 14:37:13]
              Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [30/06/2000 0:15:10]

              [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
              "Notification Packages"= :\WINDOWS\syste

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
              @="Service"

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
              @="Volume shadow copy"




              -- End of Deckard's System Scanner: finished at 2008-03-11 13:54:22 ------------

              Comment


              • #8
                Dit bestand opzoeken en verwijderen:
                [b]C:\Program Files\PLAY_MP3.exe

                Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regel:
                R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
                Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

                Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                Dit zal alles van RVAXO doen verwijderen.


                Je Java software is verouderd.
                Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                • Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
                • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                • Herhaal dit tot alle oudere versies verdwenen zijn.
                • Na het verwijderen van alle oudere versies, herstart je pc.
                • Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Post als laatste nog een nieuw logje van Hijackthis ter controle

                Comment


                • #9
                  blokeren,

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 16:35:49, on 11/03/2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                  C:\WINDOWS\System32\nvsvc32.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\mHotkey.exe
                  C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
                  C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
                  C:\WINDOWS\Mixer.exe
                  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
                  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
                  C:\WINDOWS\system32\RUNDLL32.EXE
                  C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe
                  C:\Program Files\iTunes\iTunesHelper.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                  C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\MSN Messenger\MsnMsgr.Exe
                  C:\Program Files\Google\Google Updater\GoogleUpdater.exe
                  C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
                  C:\Program Files\iPod\bin\iPodService.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seniorennet.be/Pages/Moppen/mop.php
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
                  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
                  O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                  O4 - HKLM\..\Run: [CHotKey] mHotkey.exe
                  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
                  O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
                  O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
                  O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
                  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
                  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
                  O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
                  O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe"
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
                  O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                  O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
                  O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
                  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173192613345
                  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179740119968
                  O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader4.cab
                  O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://colruyt.fujiprint.be/Colruyt/UserControls/Part/Upload/ImageUploader3.cab
                  O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
                  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                  O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                  O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

                  --
                  End of file - 8925 bytes

                  Comment


                  • #10
                    Deze regel mag je nog verwijderen met Hijackthis:
                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

                    Logje lijkt me verder schoon

                    Zijn er nog problemen?

                    Comment


                    • #11
                      blokeren,

                      Momenteel schijnt alles te werken. Wel vind ik dat mijn PC geregeld de verbinding met het internet moet herstellen, maar dat was ervoor al.

                      Mijn dank ontbreekt hier nog, maar dat is met deze met VEEL plezier gedaan.

                      Ik ga nu nog eens lezen hoe ik mijn PC proper hou op deze site.

                      Nogmaals dank; Lobe;

                      Comment


                      • #12
                        Graag gedaan hoor

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X