Mededeling

Collapse
No announcement yet.

Windows Live Messenger worm

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Windows Live Messenger worm

    Hey iedereen,
    Kheb dus een heel vervelend probleem.
    Mijn broer is dus zo dom geweest om zo een worm binnen te krijgen via messenger. Het zit zo: nu is het dus ook bij ons dat als we ons aanmelden bij messenger, we zonder te weten en zonder dat we het kunnen zien een soort van tekst sturen naar al onze online contactpersonen met een bijlage derbij die een worm bevat. Zo is die worm bij ons binnengeraakt want mijn broer heeft die bijlage geopend
    Dan staat er zo bv: i found ur pic on hotornot.com en dan nog met een attachment.
    Kheb spybot gerund en alle spyware weggedaan en kheb ook mn antivirus gerund. Hier is ook mijn HiJackThis logje na de scan. Kan er iemand miss zien of die worm nog op mn pc staat want ik wil messenger niet installeren voordat die worm helemaal weg is?

    Dank je wel,
    Lollerd

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:49:36, on 23/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
    C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\Twain_32\GiGiCam\GiGiSrv.exe
    C:\Programs\D-Tools\daemon.exe
    C:\Programs\FarStone\VirtualDrive\VHD\RDTask.exe
    C:\Programs\FarStone\VirtualDrive\VDTask.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Programs\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Programs\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program Files\QuickTime\QTTask.exe
    C:\Programs\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\szaizg.exe
    C:\games\valve\steam\steam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Programs\Spybot - Search & Destroy\TeaTimer.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Programs\Microsoft Office\Office12\ONENOTEM.EXE
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Programs\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ig?hl=nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/mypcchoice
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programs\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programs\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
    O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [GiGiSrv] C:\WINDOWS\Twain_32\GiGiCam\GiGiSrv.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programs\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [RAMDrive] "C:\Programs\FarStone\VirtualDrive\VHD\RDTask.exe"
    O4 - HKLM\..\Run: [VirtualDrive] "C:\Programs\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programs\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programs\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programs\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [szaizg] C:\WINDOWS\system32\szaizg.exe
    O4 - HKCU\..\Run: [Steam] "c:\games\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programs\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Programs\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Programs\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programs\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programs\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programs\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189631052477
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196890534828
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jonnyd004.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206270835_fe2d75fbf13ed8d261f4ecbbab91f31c&GroupName=JSC&BHost=javadl.sun.com&File Path=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F0B7ED12-D7C8-4DA0-880B-C17FD67E3443}: NameServer = 195.238.2.21 195.238.2.22
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programs\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CommServer (jawocaa3ofluiopk) - Unknown owner - C:\WINDOWS\system32\iazadd.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programs\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
    O23 - Service: Advanced Networking Service (zd90oe9ouzg) - Unknown owner - C:\WINDOWS\system32\szaizg.exe

    --
    End of file - 16059 bytes
    Last edited by Lollerd; 23-04-08, 20:05.

  • #2
    Deïnstalleer de versie van Messenger die je gebruikt.

    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O23 - Service: CommServer (jawocaa3ofluiopk) - Unknown owner - C:\WINDOWS\system32\iazadd.exe
    O23 - Service: Advanced Networking Service (zd90oe9ouzg) - Unknown owner - C:\WINDOWS\system32\szaizg.exe


    Klik daarna op "Fix checked" en sluit HijackThis af.

    Herstart de computer.

    Start HijackThis opnieuw, maak een nieuwe log en post deze.

    Comment


    • #3
      Hier is mijn logje, maar ik heb windows messenger niet weggedaan want dat is de standaard messenger die je bij windows krijgt. Mijn andere messenger die ik gebruik, windows live messenger, is al weg:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:27:42, on 23/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\windows\system\hpsysdrv.exe
      C:\WINDOWS\system32\hphmon06.exe
      C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
      C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\WINDOWS\Twain_32\GiGiCam\GiGiSrv.exe
      C:\Programs\D-Tools\daemon.exe
      C:\Programs\FarStone\VirtualDrive\VHD\RDTask.exe
      C:\Programs\FarStone\VirtualDrive\VDTask.exe
      C:\Program Files\McAfee.com\VSO\mcvsshld.exe
      c:\progra~1\mcafee.com\vso\mcvsescn.exe
      C:\Program Files\McAfee.com\VSO\oasclnt.exe
      c:\program files\mcafee.com\agent\mcagent.exe
      C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
      C:\Programs\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
      C:\Programs\Alcatel\SpeedTouch USB\Dragdiag.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\HP\KBD\KBD.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\ALCWZRD.EXE
      C:\Program Files\QuickTime\QTTask.exe
      C:\Programs\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\szaizg.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\Programs\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Programs\Microsoft Office\Office12\ONENOTEM.EXE
      c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      c:\program files\mcafee.com\agent\mcdetect.exe
      c:\PROGRA~1\mcafee.com\vso\mcshield.exe
      c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\PROGRA~1\McAfee.com\Agent\mcupdui.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Programs\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ig?hl=nl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/mypcchoice
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programs\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programs\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
      O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
      O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
      O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
      O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
      O4 - HKLM\..\Run: [GiGiSrv] C:\WINDOWS\Twain_32\GiGiCam\GiGiSrv.exe
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programs\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [RAMDrive] "C:\Programs\FarStone\VirtualDrive\VHD\RDTask.exe"
      O4 - HKLM\..\Run: [VirtualDrive] "C:\Programs\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
      O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
      O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
      O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
      O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
      O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
      O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programs\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programs\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
      O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Programs\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [szaizg] C:\WINDOWS\system32\szaizg.exe
      O4 - HKCU\..\Run: [Steam] "c:\games\valve\steam\steam.exe" -silent
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programs\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
      O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Programs\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Programs\MICROS~1\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programs\MICROS~1\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programs\MICROS~1\Office12\ONBttnIE.dll
      O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
      O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programs\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MICROS~1\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
      O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189631052477
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
      O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196890534828
      O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
      O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jonnyd004.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206270835_fe2d75fbf13ed8d261f4ecbbab91f31c&GroupName=JSC&BHost=javadl.sun.com&File Path=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{F0B7ED12-D7C8-4DA0-880B-C17FD67E3443}: NameServer = 195.238.2.21 195.238.2.22
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programs\Microsoft Office\Office12\GrooveSystemServices.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: CommServer (jawocaa3ofluiopk) - Unknown owner - C:\WINDOWS\system32\iazadd.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
      O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
      O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
      O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programs\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
      O23 - Service: Advanced Networking Service (zd90oe9ouzg) - Unknown owner - C:\WINDOWS\system32\szaizg.exe

      --
      End of file - 16001 bytes

      Is het denk je al veilig om messenger terug te installeren of moet ik nog iets doen?
      Btw, bedankt voor je hulp

      Comment


      • #4
        Wacht nog even met een nieuwe installatie tot de infectie weg is.

        Open een kladblokbestand.
        Kopieer onderstaande code in dit kladblokbestand.
        Ga naar Bestand - Opslaan als.
        Bij "Opslaan in" kies je: Bureaublad
        Bij "Bestandsnaam" zet je: fix.bat
        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
        Klik op de knop Opslaan.
        Code:
        SC STOP zd90oe9ouzg
        SC DELETE zd90oe9ouzg
        SC STOP awocaa3ofluiopk
        SC DELETE awocaa3ofluiopk
        Dubbelklik op fix.bat.


        Sluit alle open vensters.
        Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

        O4 - HKLM\..\Run: [szaizg] C:\WINDOWS\system32\szaizg.exe

        Klik daarna op "Fix checked" en sluit HijackThis af.

        Als je een melding krijgt van TeaTimer, dan sta je deze toe.

        Herstart de computer.


        Start HijackThis opnieuw, maak een nieuwe log en post deze.

        Comment


        • #5
          Hier is mijn laatste logje:

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 21:07:45, on 23/04/2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16640)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\SYSTEM32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\Explorer.EXE
          C:\windows\system\hpsysdrv.exe
          C:\WINDOWS\system32\hphmon06.exe
          C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
          C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
          C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
          C:\WINDOWS\Twain_32\GiGiCam\GiGiSrv.exe
          C:\Programs\D-Tools\daemon.exe
          C:\Programs\FarStone\VirtualDrive\VHD\RDTask.exe
          C:\Programs\FarStone\VirtualDrive\VDTask.exe
          C:\Program Files\McAfee.com\VSO\mcvsshld.exe
          C:\Program Files\McAfee.com\VSO\oasclnt.exe
          c:\progra~1\mcafee.com\vso\mcvsescn.exe
          c:\program files\mcafee.com\agent\mcagent.exe
          C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
          C:\Programs\Microsoft Office\Office12\GrooveMonitor.exe
          C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
          C:\Programs\Alcatel\SpeedTouch USB\Dragdiag.exe
          C:\WINDOWS\system32\RUNDLL32.EXE
          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
          C:\HP\KBD\KBD.EXE
          C:\WINDOWS\SOUNDMAN.EXE
          C:\WINDOWS\ALCWZRD.EXE
          C:\Program Files\QuickTime\QTTask.exe
          C:\Programs\iTunes\iTunesHelper.exe
          C:\games\valve\steam\steam.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          C:\Program Files\Windows Media Player\WMPNSCFG.exe
          C:\Programs\Spybot - Search & Destroy\TeaTimer.exe
          c:\Program Files\Common Files\LightScribe\LSSrvc.exe
          c:\program files\mcafee.com\agent\mcdetect.exe
          c:\PROGRA~1\mcafee.com\vso\mcshield.exe
          C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
          C:\Programs\Microsoft Office\Office12\ONENOTEM.EXE
          c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\wscntfy.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Programs\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ig?hl=nl
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/mypcchoice
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programs\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
          O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Spybot - Search & Destroy\SDHelper.dll
          O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programs\Microsoft Office\Office12\GrooveShellExtensions.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
          O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
          O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
          O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
          O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
          O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
          O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
          O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
          O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
          O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
          O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
          O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
          O4 - HKLM\..\Run: [GiGiSrv] C:\WINDOWS\Twain_32\GiGiCam\GiGiSrv.exe
          O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programs\D-Tools\daemon.exe" -lang 1033
          O4 - HKLM\..\Run: [RAMDrive] "C:\Programs\FarStone\VirtualDrive\VHD\RDTask.exe"
          O4 - HKLM\..\Run: [VirtualDrive] "C:\Programs\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
          O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
          O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
          O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
          O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
          O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
          O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
          O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
          O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programs\Microsoft Office\Office12\GrooveMonitor.exe"
          O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
          O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programs\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
          O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
          O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
          O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Programs\iTunes\iTunesHelper.exe"
          O4 - HKCU\..\Run: [Steam] "c:\games\valve\steam\steam.exe" -silent
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
          O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programs\Spybot - Search & Destroy\TeaTimer.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
          O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Programs\Microsoft Office\Office12\ONENOTEM.EXE
          O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Programs\MICROS~1\Office12\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programs\MICROS~1\Office12\ONBttnIE.dll
          O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programs\MICROS~1\Office12\ONBttnIE.dll
          O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
          O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
          O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programs\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MICROS~1\Office12\REFIEBAR.DLL
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\Spybot - Search & Destroy\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\Spybot - Search & Destroy\SDHelper.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
          O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
          O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
          O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
          O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189631052477
          O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
          O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196890534828
          O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
          O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
          O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jonnyd004.spaces.live.com/PhotoUpload/MsnPUpld.cab
          O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206270835_fe2d75fbf13ed8d261f4ecbbab91f31c&GroupName=JSC&BHost=javadl.sun.com&File Path=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
          O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{F0B7ED12-D7C8-4DA0-880B-C17FD67E3443}: NameServer = 195.238.2.21 195.238.2.22
          O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programs\Microsoft Office\Office12\GrooveSystemServices.dll
          O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
          O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: CommServer (jawocaa3ofluiopk) - Unknown owner - C:\WINDOWS\system32\iazadd.exe
          O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
          O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
          O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
          O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
          O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
          O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
          O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programs\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe

          --
          End of file - 15799 bytes

          Nog een vraagje, in mijn Hijackthis logje zit er zon bestand wat te maken heeft met mijn messenger (windows live messenger), mag ik dat weg doen voor de zekerheid?

          Comment


          • #6
            Die sleutel mag eventueel weg.

            Voer een onlinescan uit met de ESET Online Scanner.
            Vink aan: YES, I accept the Terms Of Use.
            Klik op de knop Start.
            Klik daarna op de knop Install.
            Klik op Start.

            De scanner zal nu initialiseren en updaten.
            Vink Remove found threats NIET aan, tenzij dit gevraagd wordt.
            Klik op de knop Scan.

            Wacht geduldig af tot de scan voltooid is, dit kan een tijdje duren.
            Wanneer de scan klaar is, klik je op de tab Details.
            Kopiëer en plak de inhoud van dit venster in je volgende post.
            (Je vindt dit ook terug als C:\Program Files\EsetOnlineScanner\log.txt)

            Comment


            • #7
              Mn scan is eindelijk klaar, hier zijn de resultaten:

              probably a variant of Win32/Agent trojan
              C:\Documents and Settings\HP_Eigenaar\Bureaublad\Jonny's Documents\Jon\wormsworldpartysp1nocdpatchmorglum.zip>>ZIP>>wwp-patch.exe

              probably a variant of Win32/Agent trojan
              C:\Documents and Settings\HP_Eigenaar\Bureaublad\Jonny's Documents\Jon\wormsworldpartysp1nocdpatchmorglum.zip

              Dat is alles wat er stond

              Comment


              • #8
                Hier is de tekst uit het logje:

                # version=4
                # OnlineScanner.ocx=1.0.0.635
                # OnlineScannerDLLA.dll=1, 0, 0, 79
                # OnlineScannerDLLW.dll=1, 0, 0, 78
                # OnlineScannerUninstaller.exe=1, 0, 0, 49
                # vers_standard_module=3050 (20080423)
                # vers_arch_module=1.064 (20080214)
                # vers_adv_heur_module=1.064 (20070717)
                # EOSSerial=c252143fa3fb52498ebac61719c1fceb
                # end=finished
                # remove_checked=false
                # unwanted_checked=true
                # utc_time=2008-04-23 11:07:20
                # local_time=2008-04-24 01:07:20 (+0100, Romance (standaardtijd))
                # country="Belgium"
                # osver=5.1.2600 NT Service Pack 2
                # scanned=790733
                # found=2
                # scan_time=11575
                C:\Documents and Settings\HP_Eigenaar\Bureaublad\Jonny's Documents\Jon\wormsworldpartysp1nocdpatchmorglum.zip probably a variant of Win32/Agent trojan 174636500B16940A32F13519B90E8D1F
                C:\Documents and Settings\HP_Eigenaar\Bureaublad\Jonny's Documents\Jon\wormsworldpartysp1nocdpatchmorglum.zip »ZIP »wwp-patch.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000

                Comment


                • #9
                  Open een kladblokbestand.
                  Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                  @ECHO OFF
                  IF EXIST log.txt DEL log.txt
                  ECHO Deleting files>>log.txt
                  FOR %%g in (
                  "C:\Documents and Settings\HP_Eigenaar\Bureaublad\Jonny's Documents\Jon\wormsworldpartysp1nocdpatchmorglum.zip") DO (
                  IF EXIST %%g (
                  ATTRIB -r -s -h %%g
                  DEL %%g
                  IF EXIST %%g (
                  ECHO %%g not deleted>>log.txt
                  ) ELSE (
                  ECHO %%g deleted successfully>>log.txt)
                  ) ELSE (
                  ECHO %%g not found>>log.txt))
                  START NOTEPAD.EXE log.txt

                  Ga naar Bestand - Opslaan als.
                  Bij "Opslaan in" kies je: Bureaublad
                  Bij "Bestandsnaam" zet je: del.bat
                  Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                  Klik op de knop Opslaan.

                  Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                  Comment


                  • #10
                    Hier is wat er stond:

                    Deleting files
                    "C:\Documents and Settings\HP_Eigenaar\Bureaublad\Jonny's Documents\Jon\wormsworldpartysp1nocdpatchmorglum.zip" deleted successfully

                    Moet ik nog iets doen of mag ik messenger terug installeren?

                    Comment


                    • #11
                      Installer Messenger maar.
                      Herstart daarna de computer , maak een nieuwe hijackthislog.
                      Meldt ook of er nog problemen zijn.

                      Comment


                      • #12
                        Hier is mijn logje van Hijackthis:

                        Logfile of Trend Micro HijackThis v2.0.2
                        Scan saved at 20:00:46, on 24/04/2008
                        Platform: Windows XP SP2 (WinNT 5.01.2600)
                        MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                        Boot mode: Normal

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\SYSTEM32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                        C:\Program Files\Bonjour\mDNSResponder.exe
                        C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\WINDOWS\System32\svchost.exe
                        C:\windows\system\hpsysdrv.exe
                        C:\WINDOWS\system32\hphmon06.exe
                        C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
                        C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
                        C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                        C:\WINDOWS\Twain_32\GiGiCam\GiGiSrv.exe
                        C:\Programs\D-Tools\daemon.exe
                        C:\Programs\FarStone\VirtualDrive\VHD\RDTask.exe
                        C:\Programs\FarStone\VirtualDrive\VDTask.exe
                        C:\Program Files\McAfee.com\VSO\mcvsshld.exe
                        C:\Program Files\McAfee.com\VSO\oasclnt.exe
                        c:\progra~1\mcafee.com\vso\mcvsescn.exe
                        c:\program files\mcafee.com\agent\mcagent.exe
                        C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
                        C:\Programs\Microsoft Office\Office12\GrooveMonitor.exe
                        C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
                        C:\Programs\Alcatel\SpeedTouch USB\Dragdiag.exe
                        C:\WINDOWS\system32\RUNDLL32.EXE
                        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                        C:\HP\KBD\KBD.EXE
                        C:\WINDOWS\SOUNDMAN.EXE
                        C:\WINDOWS\ALCWZRD.EXE
                        C:\Program Files\QuickTime\QTTask.exe
                        C:\Programs\iTunes\iTunesHelper.exe
                        C:\WINDOWS\FixCamera.exe
                        C:\WINDOWS\vsnpstd3.exe
                        C:\WINDOWS\tsnpstd3.exe
                        C:\WINDOWS\system32\iazadd.exe
                        C:\Program Files\Windows Live\Family Safety\fssui.exe
                        C:\WINDOWS\system32\ctfmon.exe
                        c:\Program Files\Common Files\LightScribe\LSSrvc.exe
                        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                        c:\program files\mcafee.com\agent\mcdetect.exe
                        C:\Program Files\Windows Media Player\WMPNSCFG.exe
                        C:\Programs\Spybot - Search & Destroy\TeaTimer.exe
                        C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                        c:\PROGRA~1\mcafee.com\vso\mcshield.exe
                        c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
                        C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                        C:\Programs\Microsoft Office\Office12\ONENOTEM.EXE
                        C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
                        C:\WINDOWS\system32\nvsvc32.exe
                        C:\WINDOWS\system32\svchost.exe
                        c:\progra~1\mcafee.com\vso\mcvsftsn.exe
                        C:\Program Files\Messenger\msmsgs.exe
                        C:\Program Files\iPod\bin\iPodService.exe
                        C:\WINDOWS\system32\wscntfy.exe
                        C:\Program Files\Windows Live\Messenger\usnsvc.exe
                        C:\Programs\Trend Micro\HijackThis\HijackThis.exe

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ig?hl=nl
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/mypcchoice
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                        O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programs\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                        O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
                        O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
                        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Spybot - Search & Destroy\SDHelper.dll
                        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programs\Microsoft Office\Office12\GrooveShellExtensions.dll
                        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                        O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                        O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                        O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
                        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                        O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
                        O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                        O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
                        O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
                        O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
                        O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
                        O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
                        O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
                        O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                        O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                        O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
                        O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
                        O4 - HKLM\..\Run: [GiGiSrv] C:\WINDOWS\Twain_32\GiGiCam\GiGiSrv.exe
                        O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programs\D-Tools\daemon.exe" -lang 1033
                        O4 - HKLM\..\Run: [RAMDrive] "C:\Programs\FarStone\VirtualDrive\VHD\RDTask.exe"
                        O4 - HKLM\..\Run: [VirtualDrive] "C:\Programs\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
                        O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
                        O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
                        O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
                        O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
                        O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
                        O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
                        O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
                        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programs\Microsoft Office\Office12\GrooveMonitor.exe"
                        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
                        O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programs\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
                        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                        O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
                        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                        O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
                        O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
                        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                        O4 - HKLM\..\Run: [iTunesHelper] "C:\Programs\iTunes\iTunesHelper.exe"
                        O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
                        O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
                        O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
                        O4 - HKLM\..\Run: [iazadd] C:\WINDOWS\system32\iazadd.exe
                        O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
                        O4 - HKLM\..\RunServices: [iazadd] C:\WINDOWS\system32\iazadd.exe
                        O4 - HKCU\..\Run: [Steam] "c:\games\valve\steam\steam.exe" -silent
                        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                        O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
                        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                        O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programs\Spybot - Search & Destroy\TeaTimer.exe
                        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                        O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
                        O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Programs\Microsoft Office\Office12\ONENOTEM.EXE
                        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                        O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
                        O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
                        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Programs\MICROS~1\Office12\EXCEL.EXE/3000
                        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
                        O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
                        O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programs\MICROS~1\Office12\ONBttnIE.dll
                        O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programs\MICROS~1\Office12\ONBttnIE.dll
                        O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
                        O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
                        O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programs\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MICROS~1\Office12\REFIEBAR.DLL
                        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\Spybot - Search & Destroy\SDHelper.dll
                        O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\Spybot - Search & Destroy\SDHelper.dll
                        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                        O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                        O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
                        O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
                        O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
                        O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
                        O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
                        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189631052477
                        O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
                        O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
                        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196890534828
                        O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
                        O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
                        O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jonnyd004.spaces.live.com/PhotoUpload/MsnPUpld.cab
                        O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206270835_fe2d75fbf13ed8d261f4ecbbab91f31c&GroupName=JSC&BHost=javadl.sun.com&File Path=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
                        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                        O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                        O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
                        O17 - HKLM\System\CCS\Services\Tcpip\..\{F0B7ED12-D7C8-4DA0-880B-C17FD67E3443}: NameServer = 195.238.2.21 195.238.2.22
                        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programs\Microsoft Office\Office12\GrooveSystemServices.dll
                        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                        O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
                        O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                        O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                        O23 - Service: CommServer (jawocaa3ofluiopk) - Unknown owner - C:\WINDOWS\system32\iazadd.exe
                        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
                        O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
                        O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
                        O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
                        O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
                        O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
                        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                        O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programs\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
                        O23 - Service: Advanced Networking Service (zd90oe9ouzg) - Unknown owner - C:\WINDOWS\system32\iazadd.exe

                        --
                        End of file - 17909 bytes


                        Kheb geen problemen meer met de worm, echt onwijs bedankt marchie
                        You're a real life safer.
                        Heb je misschien nog wat dingen gezien in mijn logje dat ik weg zou moeten doen of zo?
                        Echt bedankt voor je hulp

                        Comment


                        • #13
                          Wat is er gebeurd?
                          Alles lijkt weer terug hoor.

                          Comment


                          • #14
                            Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
                            Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
                            Als het tooltje klaar is, opent er een logfile (combofix.txt).
                            Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

                            Comment


                            • #15
                              Hier is het logje van Combofix:

                              ComboFix 08-04-22.5 - HP_Eigenaar 2008-04-24 20:49:52.2 - NTFSx86
                              Gestart vanuit: C:\Documents and Settings\HP_Eigenaar\Bureaublad\Jonny's Documents\Zips, installers en rest\ComboFix.exe
                              * Resident AV is active

                              .

                              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              .
                              ---- Previous Run -------
                              .
                              C:\WINDOWS\Downloaded Program Files\setup.inf
                              C:\WINDOWS\system32\_000006_.tmp.dll
                              C:\WINDOWS\system32\_000007_.tmp.dll
                              C:\WINDOWS\system32\_000008_.tmp.dll
                              C:\WINDOWS\system32\_000011_.tmp.dll
                              C:\WINDOWS\system32\_000012_.tmp.dll

                              .
                              (((((((((((((((((((( Bestanden Gemaakt van 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))
                              .

                              2008-04-24 19:48 . 2008-04-24 19:48 268 --ah----- C:\sqmdata02.sqm
                              2008-04-24 19:48 . 2008-04-24 19:48 244 --ah----- C:\sqmnoopt02.sqm
                              2008-04-24 19:43 . 2007-10-17 13:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
                              2008-04-24 19:42 . 2008-04-24 19:42 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\Windows Live Writer
                              2008-04-24 19:35 . 2008-04-24 20:07 <DIR> d-------- C:\Program Files\Windows Live
                              2008-04-23 21:53 . 2008-04-23 21:54 <DIR> d-------- C:\Program Files\EsetOnlineScanner
                              2008-04-23 21:37 . 2008-04-23 21:37 <DIR> d-------- C:\Program Files\Common Files\snpstd3
                              2008-04-23 21:36 . 2008-04-23 21:36 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\InstallShield
                              2008-04-22 23:47 . 2008-04-24 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                              2008-04-22 20:19 . 2008-04-22 20:19 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
                              2008-04-21 23:04 . 2008-04-21 22:38 176,128 --a------ C:\WINDOWS\system32\iazadd.exe
                              2008-04-21 22:42 . 2008-04-21 22:38 176,128 --a------ C:\WINDOWS\system32\caslwowwso.exe
                              2008-04-21 22:41 . 2008-04-21 22:38 176,128 --a------ C:\WINDOWS\system32\szaizg.exe
                              2008-04-12 20:53 . 2008-04-12 21:15 <DIR> d-------- C:\WINDOWS\system32\Adobe
                              2008-04-11 23:32 . 2008-04-11 23:32 <DIR> d-------- C:\Program Files\iPod
                              2008-04-11 23:25 . 2008-04-11 23:25 <DIR> d-------- C:\Program Files\Common Files\Apple
                              2008-04-11 23:16 . 2008-04-24 20:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
                              2008-04-11 23:16 . 2008-04-11 23:16 1,409 --a------ C:\WINDOWS\QTFont.for
                              2008-04-10 17:45 . 2008-04-10 17:45 <DIR> d-------- C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP
                              2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
                              2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
                              2008-03-26 23:41 . 2008-03-26 23:44 50,918 --a------ C:\WINDOWS\hpdins05.dat
                              2008-03-26 23:41 . 2004-11-18 12:23 0 --------- C:\WINDOWS\hpdmdl01.dat.temp
                              2008-03-26 22:14 . 2008-03-26 22:14 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\Application Data\WinBatch
                              2008-03-26 22:12 . 2008-03-26 22:12 <DIR> d-------- C:\Program Files\Realtek
                              2008-03-26 22:12 . 2005-04-16 23:20 487,424 --------- C:\WINDOWS\RtlExUpd.dll
                              2008-03-26 22:12 . 2004-10-27 16:47 40,960 --------- C:\WINDOWS\system32\ChCfg.exe
                              2008-03-26 10:14 . 2008-03-26 10:14 268 --ah----- C:\sqmdata01.sqm
                              2008-03-26 10:14 . 2008-03-26 10:14 244 --ah----- C:\sqmnoopt01.sqm

                              .
                              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              2008-04-24 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
                              2008-04-24 14:42 --------- d-----w C:\Documents and Settings\HP_Eigenaar\Application Data\Skype
                              2008-04-24 14:41 --------- d-----w C:\Documents and Settings\HP_Eigenaar\Application Data\skypePM
                              2008-04-24 14:28 --------- d-----w C:\Program Files\Apple Software Update
                              2008-04-23 19:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
                              2008-04-14 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
                              2008-04-11 21:39 --------- d-----w C:\Program Files\QuickTime
                              2008-04-11 21:30 --------- d-----w C:\Program Files\Bonjour
                              2008-04-04 11:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
                              2008-03-27 12:56 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
                              2008-03-26 20:47 --------- d-----w C:\Program Files\InterVideo
                              2008-03-26 20:05 --------- d-----w C:\Program Files\HP
                              2008-03-23 11:13 --------- d-----w C:\Program Files\Java
                              2008-03-23 11:12 --------- d-----w C:\Program Files\Common Files\Java
                              2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
                              2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
                              2008-03-11 17:32 --------- d-----w C:\Program Files\Common Files\Adobe
                              2008-03-11 17:18 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
                              2008-03-08 14:33 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
                              2008-03-08 14:23 --------- d-----w C:\Program Files\Google
                              2008-03-08 14:21 --------- d-----w C:\Program Files\Skype
                              2008-03-08 14:21 --------- d-----w C:\Program Files\Common Files\Skype
                              2008-03-08 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
                              2008-03-04 22:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
                              2008-03-02 19:33 --------- d-----w C:\Documents and Settings\HP_Eigenaar\Application Data\Motive
                              2008-03-02 18:34 --------- d-----w C:\Documents and Settings\HP_Eigenaar\Application Data\Microsoft Corporation
                              2008-03-02 17:23 --------- d-----w C:\Documents and Settings\HP_Eigenaar\Application Data\Desktop Sidebar
                              2008-03-01 16:35 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
                              2008-02-29 08:58 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
                              2008-02-29 08:58 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
                              2008-02-24 19:59 --------- d-----w C:\Program Files\HP DeskJet 610C Series
                              2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
                              2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
                              2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
                              2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
                              2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
                              2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
                              2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
                              2008-02-20 05:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
                              2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
                              2008-02-11 07:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
                              2008-02-11 07:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
                              2008-02-08 11:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
                              2008-02-05 06:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
                              2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
                              .

                              ((((((((((((((((((((((((((((( [email protected]_20.38.33.17 )))))))))))))))))))))))))))))))))))))))))
                              .
                              - 2008-04-24 18:16:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
                              + 2008-04-24 18:45:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
                              - 2008-04-24 18:23:01 73,084 ----a-w C:\WINDOWS\system32\perfc009.dat
                              + 2008-04-24 18:51:14 73,084 ----a-w C:\WINDOWS\system32\perfc009.dat
                              - 2008-04-24 18:23:01 93,294 ----a-w C:\WINDOWS\system32\perfc013.dat
                              + 2008-04-24 18:51:14 93,294 ----a-w C:\WINDOWS\system32\perfc013.dat
                              - 2008-04-24 18:23:01 446,130 ----a-w C:\WINDOWS\system32\perfh009.dat
                              + 2008-04-24 18:51:14 446,130 ----a-w C:\WINDOWS\system32\perfh009.dat
                              - 2008-04-24 18:23:01 514,222 ----a-w C:\WINDOWS\system32\perfh013.dat
                              + 2008-04-24 18:51:14 514,222 ----a-w C:\WINDOWS\system32\perfh013.dat
                              .
                              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              .
                              REGEDIT4
                              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
                              2007-10-17 13:53 57384 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

                              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "Steam"="c:\games\valve\steam\steam.exe" [2008-03-31 12:25 1271032]
                              "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
                              "Start WingMan Profiler"=""
                              "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
                              "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-16 11:25 68856]
                              "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53 204288]
                              "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 11:04 52736]
                              "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
                              "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 13:53 49152]
                              "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 13:47 659456]
                              "Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2005-03-11 19:26 106496]
                              "WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [2005-03-11 19:30 192512]
                              "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03 221184]
                              "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 07:03 81920]
                              "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 15:43 233472]
                              "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 18:23 663552]
                              "GiGiSrv"="C:\WINDOWS\Twain_32\GiGiCam\GiGiSrv.exe" [2003-08-01 14:12 45056]
                              "DAEMON Tools-1033"="C:\Programs\D-Tools\daemon.exe" [2004-08-22 18:05 81920]
                              "RAMDrive"="C:\Programs\FarStone\VirtualDrive\VHD\RDTask.exe" [2004-09-22 12:46 36864]
                              "VirtualDrive"="C:\Programs\FarStone\VirtualDrive\VDTask.exe" [2004-09-30 18:46 139264]
                              "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 19:18 151552]
                              "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 13:49 163840]
                              "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 23:02 53248]
                              "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29 303104]
                              "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 13:05 212992]
                              "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-11-09 16:08 110592]
                              "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 17:16 1121792]
                              "GrooveMonitor"="C:\Programs\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
                              "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
                              "SpeedTouch USB Diagnostics"="C:\Programs\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-10-03 10:09 4247552]
                              "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
                              "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
                              "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
                              "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
                              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
                              "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
                              "SoundMan"="SOUNDMAN.EXE" [2005-04-06 19:57 90112 C:\WINDOWS\SOUNDMAN.EXE]
                              "AlcWzrd"="ALCWZRD.EXE" [2005-04-06 19:53 2805248 C:\WINDOWS\alcwzrd.exe]
                              "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 19:50 253952]
                              "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
                              "iTunesHelper"="C:\Programs\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
                              "FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-07-11 16:09 20480]
                              "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2007-05-10 13:18 835584]
                              "tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2007-04-21 09:37 270336]
                              "iazadd"="C:\WINDOWS\system32\iazadd.exe" [2008-04-21 22:38 176128]
                              "fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-10-17 13:53 243240]

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
                              "iazadd"="C:\WINDOWS\system32\iazadd.exe" [2008-04-21 22:38 176128]

                              C:\Documents and Settings\HP_Eigenaar\Menu Start\Programma's\Opstarten\
                              OneNote 2007 Schermopname en Snel starten.lnk - C:\Programs\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

                              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                              HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]

                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
                              "AllowLegacyWebView"= 1 (0x1)
                              "AllowUnhashedWebView"= 1 (0x1)

                              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
                              "vidc.ffds"= ffdshow.ax

                              [HKEY_LOCAL_MACHINE\software\microsoft\security center]
                              "AntiVirusDisableNotify"=dword:00000001

                              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
                              "DisableMonitoring"=dword:00000001

                              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                              "%windir%\\system32\\sessmgr.exe"=
                              "C:\\Games\\EA GAMES\\The Battle for Middle-earth(tm)\\game.dat"=
                              "C:\\Games\\Bethesda Softworks\\Oblivion\\OblivionLauncher.exe"=
                              "C:\\Games\\Valve\\Steam\\SteamApps\\cybercacodemon\\counter-strike\\hl.exe"=
                              "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                              "C:\\Games\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
                              "C:\\Games\\Call of Duty\\CoDMP.exe"=
                              "C:\\Games\\Call of Duty\\CoDUOMP.exe"=
                              "C:\\Games\\Valve\\Steam\\SteamApps\\cybercacodemon\\half-life\\hl.exe"=
                              "C:\\Programs\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
                              "C:\\Programs\\Microsoft Office\\Office12\\GROOVE.EXE"=
                              "C:\\Programs\\Microsoft Office\\Office12\\ONENOTE.EXE"=
                              "C:\\Games\\Valve\\Steam\\Steam.exe"=
                              "C:\\Program Files\\Messenger\\msmsgs.exe"=
                              "C:\\Games\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
                              "C:\\Games\\Valve\\Steam\\SteamApps\\cybercacodemon\\team fortress 2\\hl2.exe"=
                              "C:\\Games\\Valve\\Steam\\SteamApps\\cybercacodemon\\condition zero\\hl.exe"=
                              "C:\\Games\\Valve\\Steam\\SteamApps\\cybercacodemon\\ricochet\\hl.exe"=
                              "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
                              "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
                              "C:\\Programs\\iTunes\\iTunes.exe"=
                              "C:\\Programs\\Skype\\Phone\\Skype.exe"=
                              "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
                              "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

                              R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
                              R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-10-17 13:53]
                              R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-10-27 15:40]
                              R3 FVDSCSI;FVDSCSI;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2004-09-08 06:37]
                              R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-10-24 10:35]
                              R3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-11-30 13:54]
                              S2 jawocaa3ofluiopk;CommServer;C:\WINDOWS\system32\iazadd.exe [2008-04-21 22:38]
                              S2 USBHSB;GeneLink File Transfer Driver;C:\WINDOWS\system32\Drivers\usbhsb.sys [2001-12-17 17:42]
                              S2 zd90oe9ouzg;Advanced Networking Service;C:\WINDOWS\system32\iazadd.exe [2008-04-21 22:38]
                              S3 krdpdre;krdpdre;C:\DOCUME~1\HP_EIG~1\LOCALS~1\Temp\krdpdre.sys
                              S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 09:55]
                              S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 09:55]
                              S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 09:55]
                              S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 09:55]
                              S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 09:55]
                              S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 09:55]
                              S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 09:55]
                              S3 SQTECH9060;Dual Mode Camera 1300;C:\WINDOWS\system32\DRIVERS\Capt9060.sys [2004-06-21 22:21]

                              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1edea448-1202-11dd-a86e-0090d0438280}]
                              \Shell\AutoRun\command - M:\autorun.exe

                              .
                              Inhoud van de 'Gedeelde Taken' map
                              "2008-04-24 14:28:53 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                              - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                              "2008-04-24 18:57:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
                              - C:\Program Files\Symantec\LiveUpdate\NDetect.exe
                              .
                              **************************************************************************

                              catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                              Rootkit scan 2008-04-24 20:54:08
                              Windows 5.1.2600 Service Pack 2 NTFS

                              scannen van verborgen processen ...

                              scannen van verborgen autostart items ...

                              scannen van verborgen bestanden ...

                              Scan succesvol afgerond
                              verborgen bestanden: 98

                              **************************************************************************
                              .
                              Voltooingstijd: 2008-04-24 21:00:02
                              ComboFix-quarantined-files.txt 2008-04-24 18:59:48

                              Pre-Run: 39,429,402,624 bytes beschikbaar
                              Post-Run: 39,415,414,784 bytes beschikbaar

                              247



                              Hier is het logje van Hijackthis:

                              Logfile of Trend Micro HijackThis v2.0.2
                              Scan saved at 21:02:16, on 24/04/2008
                              Platform: Windows XP SP2 (WinNT 5.01.2600)
                              MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                              Boot mode: Normal

                              Running processes:
                              C:\WINDOWS\System32\smss.exe
                              C:\WINDOWS\system32\winlogon.exe
                              C:\WINDOWS\system32\services.exe
                              C:\WINDOWS\system32\lsass.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\system32\spoolsv.exe
                              C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                              C:\Program Files\Bonjour\mDNSResponder.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\windows\system\hpsysdrv.exe
                              C:\WINDOWS\system32\hphmon06.exe
                              C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
                              C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
                              C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                              C:\WINDOWS\Twain_32\GiGiCam\GiGiSrv.exe
                              C:\Programs\D-Tools\daemon.exe
                              C:\Programs\FarStone\VirtualDrive\VHD\RDTask.exe
                              C:\Programs\FarStone\VirtualDrive\VDTask.exe
                              C:\Program Files\McAfee.com\VSO\mcvsshld.exe
                              C:\Program Files\McAfee.com\VSO\oasclnt.exe
                              c:\progra~1\mcafee.com\vso\mcvsescn.exe
                              C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
                              C:\Programs\Microsoft Office\Office12\GrooveMonitor.exe
                              C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
                              C:\Programs\Alcatel\SpeedTouch USB\Dragdiag.exe
                              C:\WINDOWS\system32\RUNDLL32.EXE
                              C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                              C:\HP\KBD\KBD.EXE
                              C:\WINDOWS\SOUNDMAN.EXE
                              C:\WINDOWS\ALCWZRD.EXE
                              C:\Program Files\QuickTime\QTTask.exe
                              C:\Programs\iTunes\iTunesHelper.exe
                              C:\WINDOWS\FixCamera.exe
                              C:\WINDOWS\vsnpstd3.exe
                              C:\WINDOWS\tsnpstd3.exe
                              C:\WINDOWS\system32\iazadd.exe
                              C:\Program Files\Windows Live\Family Safety\fssui.exe
                              c:\Program Files\Common Files\LightScribe\LSSrvc.exe
                              C:\WINDOWS\system32\ctfmon.exe
                              C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                              c:\program files\mcafee.com\agent\mcdetect.exe
                              C:\Program Files\Windows Media Player\WMPNSCFG.exe
                              c:\PROGRA~1\mcafee.com\vso\mcshield.exe
                              C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                              c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
                              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                              C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
                              C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                              C:\Programs\Microsoft Office\Office12\ONENOTEM.EXE
                              C:\WINDOWS\system32\nvsvc32.exe
                              C:\WINDOWS\system32\svchost.exe
                              c:\progra~1\mcafee.com\vso\mcvsftsn.exe
                              C:\Program Files\Messenger\msmsgs.exe
                              C:\Program Files\iPod\bin\iPodService.exe
                              C:\WINDOWS\system32\wscntfy.exe
                              C:\WINDOWS\explorer.exe
                              C:\Program Files\internet explorer\iexplore.exe
                              C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                              C:\Programs\Trend Micro\HijackThis\HijackThis.exe

                              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ig?hl=nl
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                              R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/mypcchoice
                              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                              O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programs\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                              O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
                              O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
                              O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programs\Microsoft Office\Office12\GrooveShellExtensions.dll
                              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                              O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                              O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
                              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                              O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
                              O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
                              O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
                              O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
                              O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
                              O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
                              O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
                              O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                              O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                              O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
                              O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
                              O4 - HKLM\..\Run: [GiGiSrv] C:\WINDOWS\Twain_32\GiGiCam\GiGiSrv.exe
                              O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programs\D-Tools\daemon.exe" -lang 1033
                              O4 - HKLM\..\Run: [RAMDrive] "C:\Programs\FarStone\VirtualDrive\VHD\RDTask.exe"
                              O4 - HKLM\..\Run: [VirtualDrive] "C:\Programs\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
                              O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
                              O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
                              O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
                              O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
                              O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
                              O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
                              O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
                              O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programs\Microsoft Office\Office12\GrooveMonitor.exe"
                              O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
                              O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programs\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
                              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                              O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                              O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
                              O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                              O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
                              O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
                              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                              O4 - HKLM\..\Run: [iTunesHelper] "C:\Programs\iTunes\iTunesHelper.exe"
                              O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
                              O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
                              O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
                              O4 - HKLM\..\Run: [iazadd] C:\WINDOWS\system32\iazadd.exe
                              O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
                              O4 - HKLM\..\RunServices: [iazadd] C:\WINDOWS\system32\iazadd.exe
                              O4 - HKCU\..\Run: [Steam] "c:\games\valve\steam\steam.exe" -silent
                              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                              O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
                              O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                              O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                              O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                              O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
                              O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Programs\Microsoft Office\Office12\ONENOTEM.EXE
                              O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Programs\MICROS~1\Office12\EXCEL.EXE/3000
                              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                              O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programs\MICROS~1\Office12\ONBttnIE.dll
                              O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programs\MICROS~1\Office12\ONBttnIE.dll
                              O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
                              O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
                              O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programs\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MICROS~1\Office12\REFIEBAR.DLL
                              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                              O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                              O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
                              O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
                              O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
                              O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
                              O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
                              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189631052477
                              O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
                              O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
                              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196890534828
                              O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
                              O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
                              O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jonnyd004.spaces.live.com/PhotoUpload/MsnPUpld.cab
                              O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206270835_fe2d75fbf13ed8d261f4ecbbab91f31c&GroupName=JSC&BHost=javadl.sun.com&File Path=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
                              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                              O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                              O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
                              O17 - HKLM\System\CCS\Services\Tcpip\..\{F0B7ED12-D7C8-4DA0-880B-C17FD67E3443}: NameServer = 195.238.2.21 195.238.2.22
                              O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programs\Microsoft Office\Office12\GrooveSystemServices.dll
                              O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                              O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                              O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
                              O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                              O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                              O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                              O23 - Service: CommServer (jawocaa3ofluiopk) - Unknown owner - C:\WINDOWS\system32\iazadd.exe
                              O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
                              O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
                              O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
                              O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
                              O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
                              O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
                              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                              O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programs\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
                              O23 - Service: Advanced Networking Service (zd90oe9ouzg) - Unknown owner - C:\WINDOWS\system32\iazadd.exe

                              --
                              End of file - 16532 bytes



                              Ik ondervind geen problemen meer, maar als jij het zegt dat alles terug is is dat geen goed teken zkr

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X