Mededeling

Collapse
No announcement yet.

Trojan

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Trojan

    Heb via msn een virus opgelopen en heb in de veilige modus mijn scanner laten scannen (avast) en daarna spybot en ad-aware maar telkens als ik mijn pc opstart dan slaat mijn scanner aan en zegt dat er noch een deel van het virus aanwezig is dit doet hij telkens twee keer en plaats het dan in de kluis en verder is alles goed heb ook gescant met avg anti spyware maar helpt ook niet het is een deel van Win32:Small-JMH [trj]
    heb een logje gemaakt net na het opstarten met hijackthis
    Ik hoop dat iemand me kan helpen hiermee.
    bvd schijndel100

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 10:21:29, on 2/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Babylon\Babylon.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Support.com\bin\tgcmd.exe
    D:\program files hans\QuickTime\QTTask.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    D:\program files hans\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\program files hans\AVG Anti-Spyware 7.5\guard.exe
    D:\program files hans\KeePass Password Safe\KeePass.exe
    D:\program files hans\PrintScreen\PrintScreen.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    D:\program files hans\MSGTAG\MSGTAG.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
    D:\program files hans\birthday\Birthday.exe
    D:\program files hans\PopTray 3.03\PopTray.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    D:\program files hans\Hijack This\HiJackThis_v2.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kliknieuws.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kliknieuws.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.;localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: De Telefoongids - {790C1F44-C559-434B-BE18-13C042555D8E} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [KPN SMS mail] "D:\program files hans\KPN SMS mail\eSMS Executive Windows.exe Silent"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\program files hans\Adobe\Acrobat 8.1.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\program files hans\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\program files hans\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\program files hans\Nokia div\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [KeePass Password Safe] D:\program files hans\KeePass Password Safe\KeePass.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] D:\program files hans\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSGTAG] "D:\program files hans\MSGTAG\MSGTAG.exe" /startup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Birthday.lnk = D:\program files hans\birthday\Birthday.exe
    O4 - Startup: PopTray.lnk = D:\program files hans\PopTray 3.03\PopTray.exe
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
    O9 - Extra 'Tools' menuitem: De Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
    O15 - Trusted Zone: http://public.service.citroen.com
    O15 - Trusted Zone: http://service.citroen.com
    O15 - Trusted Zone: http://estim.citroen.inetpsa.com
    O15 - Trusted Zone: http://estim.peugeot.inetpsa.com
    O15 - Trusted Zone: http://networkservice.citroen.inetpsa.com
    O15 - Trusted Zone: http://public.service.citroen.inetpsa.com
    O15 - Trusted Zone: http://public.servicebox.peugeot.inetpsa.com
    O15 - Trusted Zone: http://service.citroen.inetpsa.com
    O15 - Trusted Zone: http://servicebox.peugeot.inetpsa.com
    O15 - Trusted Zone: http://public.servicebox.peugeot.com
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://krasje1946.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161974450496
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129998810056
    O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5811/PageDive5.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4881/mcfscan.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\program files hans\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 12047 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Post dan maar een nieuw logje van Hijackthis

    Comment


    • #3
      trojan

      Hallo smeenk bedankt dat je me wilt helpen
      Ik heb gedaan wat je me vraagde
      en doe je hierbij het logje wat ik met RVAXO gemaakt heb

      ---RVAXO.exe Updated: 2008-04-02---first run---
      Uninstallers:

      Files found:
      C:\Documents and Settings\hans\Local Settings\Temp\vaan‚‚œ'œ'%''msn'Š%'fix''.exe

      Folders Found:
      C:\WINDOWS\system32\UpMedia

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:
      C:\WINDOWS\system32\UpMedia

      --------------RVAXO.exe finished----------------
      en je vraagt om een hijackthis logje
      Logfile of Trend Micro HijackThis v2.0.0 (BETA)
      Scan saved at 20:49:20, on 2/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      D:\program files hans\AVG Anti-Spyware 7.5\guard.exe
      D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
      C:\WINDOWS\system32\inetsrv\inetinfo.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\System32\snmp.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Babylon\Babylon.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Support.com\bin\tgcmd.exe
      D:\program files hans\QuickTime\QTTask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      D:\program files hans\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\ctfmon.exe
      D:\program files hans\KeePass Password Safe\KeePass.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      D:\program files hans\PrintScreen\PrintScreen.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      D:\program files hans\MSGTAG\MSGTAG.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      D:\program files hans\birthday\Birthday.exe
      D:\program files hans\PopTray 3.03\PopTray.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      D:\program files hans\Hijack This\HiJackThis_v2.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kliknieuws.nl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kliknieuws.nl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.;localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O3 - Toolbar: De Telefoongids - {790C1F44-C559-434B-BE18-13C042555D8E} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
      O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [KPN SMS mail] "D:\program files hans\KPN SMS mail\eSMS Executive Windows.exe Silent"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\program files hans\Adobe\Acrobat 8.1.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "D:\program files hans\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\program files hans\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\program files hans\Nokia div\Nokia PC Suite 6\LaunchApplication.exe -startup
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [KeePass Password Safe] D:\program files hans\KeePass Password Safe\KeePass.exe
      O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] D:\program files hans\PrintScreen\PrintScreen.exe /nosplash
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [MSGTAG] "D:\program files hans\MSGTAG\MSGTAG.exe" /startup
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Birthday.lnk = D:\program files hans\birthday\Birthday.exe
      O4 - Startup: PopTray.lnk = D:\program files hans\PopTray 3.03\PopTray.exe
      O4 - Global Startup: AutorunsDisabled
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
      O9 - Extra 'Tools' menuitem: De Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
      O15 - Trusted Zone: http://public.service.citroen.com
      O15 - Trusted Zone: http://service.citroen.com
      O15 - Trusted Zone: http://estim.citroen.inetpsa.com
      O15 - Trusted Zone: http://estim.peugeot.inetpsa.com
      O15 - Trusted Zone: http://networkservice.citroen.inetpsa.com
      O15 - Trusted Zone: http://public.service.citroen.inetpsa.com
      O15 - Trusted Zone: http://public.servicebox.peugeot.inetpsa.com
      O15 - Trusted Zone: http://service.citroen.inetpsa.com
      O15 - Trusted Zone: http://servicebox.peugeot.inetpsa.com
      O15 - Trusted Zone: http://public.servicebox.peugeot.com
      O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://krasje1946.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161974450496
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129998810056
      O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5811/PageDive5.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4881/mcfscan.cab
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
      O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\program files hans\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

      --
      End of file - 11892 bytes
      Ik hoop je voldoende stof te hebben gegeven

      BVD dank voor je hulp

      gr schijndel100

      Comment


      • #4
        Vink de volgende regel aan bij Hijackthis:
        F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
        Sluit alle openstaande vensters(behalve HijackThis) en klik op "Fix checked".

        Herstart je computer.

        Open de map RVAXO en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO verwijderen.

        Post na de herstart een nieuw logje van Hijackthis ter controle

        Comment


        • #5
          Trojan

          Hallo Smeenk

          Ik heb gedaan wat je me vroeg en een nieuw logje gemaakt maar het was niet weg en heb het toen noch maar een keer gedaan en dat is deze log maar het is niet weg.
          Logfile of Trend Micro HijackThis v2.0.0 (BETA)
          Scan saved at 23:25:35, on 2/04/2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\savedump.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Babylon\Babylon.exe
          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          C:\WINDOWS\system32\LVCOMSX.EXE
          C:\Program Files\Support.com\bin\tgcmd.exe
          D:\program files hans\Adobe\Acrobat 8.1.0\Reader\Reader_sl.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          D:\program files hans\QuickTime\QTTask.exe
          C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
          C:\WINDOWS\system32\ctfmon.exe
          D:\program files hans\KeePass Password Safe\KeePass.exe
          D:\program files hans\PrintScreen\PrintScreen.exe
          C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
          D:\program files hans\MSGTAG\MSGTAG.exe
          C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
          D:\program files hans\birthday\Birthday.exe
          C:\WINDOWS\system32\inetsrv\inetinfo.exe
          D:\program files hans\PopTray 3.03\PopTray.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\WINDOWS\System32\snmp.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\WINDOWS\system32\wuauclt.exe
          D:\program files hans\Hijack This\HiJackThis_v2.exe
          C:\Program Files\Alwil Software\Avast4\setup\avast.setup

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kliknieuws.nl
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kliknieuws.nl
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.;localhost
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O3 - Toolbar: De Telefoongids - {790C1F44-C559-434B-BE18-13C042555D8E} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
          O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
          O4 - HKLM\..\Run: [KPN SMS mail] "D:\program files hans\KPN SMS mail\eSMS Executive Windows.exe Silent"
          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
          O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\program files hans\Adobe\Acrobat 8.1.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [QuickTime Task] "D:\program files hans\QuickTime\QTTask.exe" -atboottime
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\program files hans\Nokia div\Nokia PC Suite 6\LaunchApplication.exe -startup
          O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.exe
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [KeePass Password Safe] D:\program files hans\KeePass Password Safe\KeePass.exe
          O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] D:\program files hans\PrintScreen\PrintScreen.exe /nosplash
          O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
          O4 - HKCU\..\Run: [MSGTAG] "D:\program files hans\MSGTAG\MSGTAG.exe" /startup
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O4 - Startup: Birthday.lnk = D:\program files hans\birthday\Birthday.exe
          O4 - Startup: PopTray.lnk = D:\program files hans\PopTray 3.03\PopTray.exe
          O4 - Global Startup: AutorunsDisabled
          O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra button: Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
          O9 - Extra 'Tools' menuitem: De Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
          O15 - Trusted Zone: http://public.service.citroen.com
          O15 - Trusted Zone: http://service.citroen.com
          O15 - Trusted Zone: http://estim.citroen.inetpsa.com
          O15 - Trusted Zone: http://estim.peugeot.inetpsa.com
          O15 - Trusted Zone: http://networkservice.citroen.inetpsa.com
          O15 - Trusted Zone: http://public.service.citroen.inetpsa.com
          O15 - Trusted Zone: http://public.servicebox.peugeot.inetpsa.com
          O15 - Trusted Zone: http://service.citroen.inetpsa.com
          O15 - Trusted Zone: http://servicebox.peugeot.inetpsa.com
          O15 - Trusted Zone: http://public.servicebox.peugeot.com
          O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://krasje1946.spaces.live.com//PhotoUpload/MsnPUpld.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161974450496
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129998810056
          O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5811/PageDive5.cab
          O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
          O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4881/mcfscan.cab
          O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
          O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
          O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
          O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
          O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
          O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

          --
          End of file - 11432 bytes

          Gr. schijndel100

          Comment


          • #6
            Download The Avenger en plaats het op je bureaublad: http://swandog46.geekstogo.com/avenger2/download.php
            Unzip het.
            Start het programma door op avenger.exe te klikken.
            In het venster "Input Script here", plak je het volgende (vetgedrukte):


            Folders to delete:
            C:\DOCUME~1\hans\LOCALS~1\Temp


            Klik daarna op de knop "Execute".
            Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
            Na reboot opent een logfile (avenger .txt). Post de inhoud van de logfile.

            Post ook een nieuw logje van Hijackthis en vertel of je nog problemen ondervindt
            Last edited by smeenk; 03-04-08, 00:39.

            Comment


            • #7
              Trojan

              heb het geprobeert wat je vertelde maar het gaat niet helemaal goed krijg deze melding in een venster als ik op execute druk

              Error: Invalid script. A valid script must begin with a command dirctive.
              Abortingexecution


              gr schijndel100

              Comment


              • #8
                Probeer het nog een keer.

                Alle vetgedrukte regels kopieeren:


                Folders to delete:
                C:\WINDOWS\system32\UpMedia
                C:\DOCUME~1\hans\LOCALS~1\Temp
                Last edited by smeenk; 03-04-08, 11:47.

                Comment


                • #9
                  Trojan

                  Het lukt me niet blijft hetzelfde als de eerste keer

                  schijndel100

                  Comment


                  • #10
                    Probeer het eens met de volgende regels:



                    Files to delete:
                    C:\DOCUME~1\hans\LOCALS~1\Temp\VAAN''~1.EXE

                    Folders to delete:
                    C:\WINDOWS\system32\UpMedia

                    Comment


                    • #11
                      trojan

                      Nee het blijft hetzelfde

                      schijndel100

                      Comment


                      • #12
                        Het zal wel door de infectie komen

                        Download SDFix naar je bureaublad.
                        • Dubbelklikken op SDFix.exe om het uit te pakken.
                        • Print onderstaande instrukties uit of kopieer ze naar een .txt bestand.
                        • Start op in Veilige modus
                        • Open de uitgepakte SDFix folder (meestal hier te vinden: C:\SDFix) en dubbelklik RunThis.bat om het script te starten.
                        • Typ Y om de fix te beginnen en volg de instructie's. Druk op een toets als het nodig is.
                        • De computer zal herstarten. Dit duurt langer dan gewoonlijk.
                        • SDFix zal verder gaan met het verwijderen. Wacht tot er wordt gevraagt om op een toets te drukken.
                        • Het Bureaublad zal verschijnen en er zal een logje openen.
                        • Post de inhoud van dat logje

                        Comment


                        • #13
                          trojan

                          Ik heb gedaan wat u gevraagd heeft en dit ging zonder problemen
                          hierbij het gevraagde logje


                          SDFix: Version 1.165

                          Run by Administrator on do 03-04-2008 at 15:50

                          Microsoft Windows XP [versie 5.1.2600]
                          Running From: C:\SDFix

                          Checking Services :


                          Restoring Windows Registry Values
                          Restoring Windows Default Hosts File

                          Rebooting


                          Checking Files :

                          Trojan Files Found:

                          C:\WINDOWS\system32\real.txt - Deleted





                          Removing Temp Files

                          ADS Check :



                          Final Check :

                          catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                          Rootkit scan 2008-04-03 15:58:14
                          Windows 5.1.2600 Service Pack 2 NTFS

                          scanning hidden processes ...

                          C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.exe [1828] 0x8604E7C8

                          scanning hidden services & system hive ...

                          scanning hidden registry entries ...

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x20229~\2]
                          "3140110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"

                          scanning hidden files ...


                          scan completed successfully
                          hidden processes: 1
                          hidden services: 0
                          hidden files: 1052


                          Remaining Services :



                          Authorized Application Key Export:

                          [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
                          "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
                          "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
                          "C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
                          "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
                          "D:\\program files hans\\iTunes.exe"="D:\\program files hans\\iTunes.exe:*:Enabled:iTunes"
                          "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
                          "D:\\program files hans\\Bluetoot-infrarood adapter\\BlueSoleil.exe"="D:\\program files hans\\Bluetoot-infrarood adapter\\BlueSoleil.exe:*:Enabled:BlueSoleil"
                          "D:\\program files hans\\LimeWire\\LimeWire.exe"="D:\\program files hans\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
                          "D:\\program files hans\\MSGTAG\\MSGTAG.exe"="D:\\program files hans\\MSGTAG\\MSGTAG.exe:*:Enabled:MSGTAG"
                          "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Een DLL-bestand als toepassing starten"
                          "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
                          "D:\\program files hans\\MSN WINKS\\winks01\\mcoinstall.exe"="D:\\program files hans\\MSN WINKS\\winks01\\mcoinstall.exe:*:Enabled:mcoinstall"
                          "D:\\program files hans\\MSN WINKS\\moods\\mcoinstall.exe"="D:\\program files hans\\MSN WINKS\\moods\\mcoinstall.exe:*:Enabled:mcoinstall"
                          "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
                          "C:\\Program Files\\Outlook Express\\msimn.exe"="C:\\Program Files\\Outlook Express\\msimn.exe:*:Enabled:Outlook Express"
                          "D:\\program files hans\\PopTray 3.03\\PopTray.exe"="D:\\program files hans\\PopTray 3.03\\PopTray.exe:*:Enabled:PopTray"
                          "D:\\program files hans\\SPAMfighter\\SPAMCFG.exe"="D:\\program files hans\\SPAMfighter\\SPAMCFG.exe:*:Enabled:SPAMCFG"
                          "D:\\program files hans\\SPAMfighter\\SFAgent.exe"="D:\\program files hans\\SPAMfighter\\SFAgent.exe:*:Enabled:SFAgent"
                          "D:\\program files hans\\GIMP-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"="D:\\program files hans\\GIMP-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe:*:Enabled:script-fu"
                          "C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
                          "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
                          "D:\\program files hans\\Shareaza\\Shareaza.exe"="D:\\program files hans\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
                          "C:\\Program Files\\support.com\\KPN\\hcenter.exe"="C:\\Program Files\\support.com\\KPN\\hcenter.exe:*:Enabled:Starten ADSL Support Wizard"
                          "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
                          "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:MSI starter"
                          "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupXu.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"
                          "C:\\Documents and Settings\\hans\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\hans\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"
                          "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
                          "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
                          "C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe:*:Enabled:Nero MediaHome (1)"
                          "C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe:*:Enabled:Nero MediaHome (2)"
                          "D:\\program files hans\\Foto Story 3 voor Windows\\PhotoStory3.exe"="D:\\program files hans\\Foto Story 3 voor Windows\\PhotoStory3.exe:*:Enabled:Photo Story 3 for Windows"
                          "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
                          "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
                          "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC-toepassingen delen"
                          "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
                          "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
                          "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
                          "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
                          "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
                          "C:\\DOCUME~1\\hans\\LOCALS~1\\Temp\\vaan‚‚œ'œ'%''msn'Š%'fix''.exe"="C:\\DOCUME~1\\hans\\LOCALS~1\\T emp\\vaan‚‚œ'œ'%''msn'Š%'fix''.exe:*:Enabled:Flash Media"

                          [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
                          "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
                          "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
                          "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
                          "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
                          "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

                          Remaining Files :


                          File Backups: - C:\SDFix\backups\backups.zip

                          Files with Hidden Attributes :

                          Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
                          Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
                          Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
                          Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
                          Tue 27 Sep 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
                          Wed 21 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
                          Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\hans\Application Data\U3\temp\Launchpad Removal.exe"
                          Fri 14 Oct 2005 400 A.SH. --- "C:\Documents and Settings\hans\Mijn documenten\Mijn muziek\Back-up van licentie\drmv2key.bak"

                          Finished!

                          gr schijndel100

                          Comment


                          • #14
                            Start Hijackthis en verwijder de volgende regels:
                            F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
                            O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.exe


                            Download RVAXO eens opnieuw en laat die eens lopen.

                            Post nadien opnieuw de logjes van RVAXO en Hijackthis

                            Comment


                            • #15
                              trojan

                              heb geprobeerd te doen wat je vraagt maar ik zie de regel 04 niet in het log van hijackthis om het te verwijderen

                              hierbij het logje
                              Logfile of Trend Micro HijackThis v2.0.0 (BETA)
                              Scan saved at 16:27:40, on 3/04/2008
                              Platform: Windows XP SP2 (WinNT 5.01.2600)
                              Boot mode: Normal

                              Running processes:
                              C:\WINDOWS\System32\smss.exe
                              C:\WINDOWS\system32\winlogon.exe
                              C:\WINDOWS\system32\services.exe
                              C:\WINDOWS\system32\lsass.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                              C:\Program Files\Alwil Software\Avast4\ashServ.exe
                              C:\WINDOWS\Explorer.EXE
                              C:\WINDOWS\system32\spoolsv.exe
                              C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                              C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
                              D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
                              C:\WINDOWS\system32\inetsrv\inetinfo.exe
                              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                              C:\WINDOWS\System32\snmp.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                              C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                              C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                              C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                              C:\WINDOWS\system32\LVCOMSX.EXE
                              C:\Program Files\Support.com\bin\tgcmd.exe
                              D:\program files hans\QuickTime\QTTask.exe
                              C:\Program Files\iTunes\iTunesHelper.exe
                              C:\Program Files\Babylon\Babylon.exe
                              C:\WINDOWS\system32\ctfmon.exe
                              D:\program files hans\KeePass Password Safe\KeePass.exe
                              D:\program files hans\PrintScreen\PrintScreen.exe
                              C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
                              D:\program files hans\MSGTAG\MSGTAG.exe
                              C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                              D:\program files hans\birthday\Birthday.exe
                              D:\program files hans\PopTray 3.03\PopTray.exe
                              C:\Program Files\iPod\bin\iPodService.exe
                              C:\Program Files\Mozilla Firefox\firefox.exe
                              D:\program files hans\Hijack This\HiJackThis_v2.exe

                              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kliknieuws.nl
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kliknieuws.nl
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
                              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.;localhost
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                              F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
                              O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                              O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                              O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
                              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                              O3 - Toolbar: De Telefoongids - {790C1F44-C559-434B-BE18-13C042555D8E} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
                              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                              O4 - HKLM\..\Run: [KPN SMS mail] "D:\program files hans\KPN SMS mail\eSMS Executive Windows.exe Silent"
                              O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                              O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
                              O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
                              O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
                              O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
                              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\program files hans\Adobe\Acrobat 8.1.0\Reader\Reader_sl.exe"
                              O4 - HKLM\..\Run: [QuickTime Task] "D:\program files hans\QuickTime\QTTask.exe" -atboottime
                              O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                              O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\program files hans\Nokia div\Nokia PC Suite 6\LaunchApplication.exe -startup
                              O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
                              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                              O4 - HKCU\..\Run: [KeePass Password Safe] D:\program files hans\KeePass Password Safe\KeePass.exe
                              O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] D:\program files hans\PrintScreen\PrintScreen.exe /nosplash
                              O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
                              O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                              O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                              O4 - HKCU\..\Run: [MSGTAG] "D:\program files hans\MSGTAG\MSGTAG.exe" /startup
                              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                              O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
                              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                              O4 - Startup: Birthday.lnk = D:\program files hans\birthday\Birthday.exe
                              O4 - Startup: PopTray.lnk = D:\program files hans\PopTray 3.03\PopTray.exe
                              O4 - Global Startup: AutorunsDisabled
                              O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                              O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O9 - Extra button: Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
                              O9 - Extra 'Tools' menuitem: De Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
                              O15 - Trusted Zone: http://public.service.citroen.com
                              O15 - Trusted Zone: http://service.citroen.com
                              O15 - Trusted Zone: http://estim.citroen.inetpsa.com
                              O15 - Trusted Zone: http://estim.peugeot.inetpsa.com
                              O15 - Trusted Zone: http://networkservice.citroen.inetpsa.com
                              O15 - Trusted Zone: http://public.service.citroen.inetpsa.com
                              O15 - Trusted Zone: http://public.servicebox.peugeot.inetpsa.com
                              O15 - Trusted Zone: http://service.citroen.inetpsa.com
                              O15 - Trusted Zone: http://servicebox.peugeot.inetpsa.com
                              O15 - Trusted Zone: http://public.servicebox.peugeot.com
                              O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
                              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://krasje1946.spaces.live.com//PhotoUpload/MsnPUpld.cab
                              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161974450496
                              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129998810056
                              O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5811/PageDive5.cab
                              O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
                              O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4881/mcfscan.cab
                              O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
                              O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
                              O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
                              O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                              O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                              O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
                              O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
                              O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                              O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                              O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
                              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                              O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                              O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
                              O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

                              --
                              End of file - 11135 bytes

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X