Mededeling

Collapse
No announcement yet.

spyware

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • spyware

    Hoi,

    mijn pc heeft ineens last van spyware en zichzelf openende reclame
    vensters .
    atf cleaner gebruikt.

    Hieronder de hijjack log

    mvg Tommie

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:07:59, on 15-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hetnet.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [2cabbb15] rundll32.exe "C:\WINDOWS\system32\jqvsalvq.dll",b
    O4 - HKLM\..\Run: [BM2f988889] Rundll32.exe "C:\WINDOWS\system32\joixtgtw.dll",s
    O4 - HKLM\..\RunOnce: [NAVMD25] C:\WINDOWS\UpdtNv28.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
    O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.startpagina.nl
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {22CF0C35-80CE-11D3-9354-00105AA793BF} (Ipa Control) - http://www.immdesign.com/webview/IPAWebView.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xxkimsommersxx.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096634090859
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 14119 bytes

  • #2
    Download Malwarebytes' Anti-Malware via hier of hier.

    Dubbelklik mbam-setup.exe om het programma te installeren.
    • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
    • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
    • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
    • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
    • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

    Extra opmerking:
    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

    Comment


    • #3
      spyware

      beste smeenk,

      hieronder de log van MBAM

      Malwarebytes' Anti-Malware 1.12
      Database versie: 752

      Scan type: Snelle Scan
      Objecten gescand: 41791
      Verstreken tijd: 7 minute(s), 58 second(s)

      Geheugenprocessen geïnfecteerd: 0
      Geheugenmodulen geïnfecteerd: 4
      Registersleutels geïnfecteerd: 27
      Registerwaarden geïnfecteerd: 3
      Registerdata bestanden geïnfecteerd: 2
      Mappen geïnfecteerd: 3
      Bestanden geïnfecteerd: 46

      Geheugenprocessen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Geheugenmodulen geïnfecteerd:
      C:\WINDOWS\system32\geBQhhGA.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\ojqxdemw.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\tkvdjbli.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\ljJBqqPH.dll (Trojan.Vundo) -> Unloaded module successfully.

      Registersleutels geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58cdab48-e96b-4cd1-af32-aeedcfc10e12} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{58cdab48-e96b-4cd1-af32-aeedcfc10e12} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\Interface\{81b7f2df-3427-4704-b441-f74a4de94ce1} (Adware.Rightonadz) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{05dd7301-dfcc-445b-98c4-83c62e4b5124} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{4f133b49-3be1-4d05-b6ef-aa7d43aa242e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{23d94dcf-33df-4a3a-9e2e-ca0e03df6d03} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{f8af8788-fea6-47a1-98b1-f5f92f38af61} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{2742920a-eaf3-44a8-bab3-d9e6ed65caad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{6c8ab177-7b09-4f5c-9e6d-82eaa765430c} (Adware.Accoona) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{ea3956d2-ec38-41ab-b601-47aa281e4952} (Adware.Accoona) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{2aa0726c-95b7-4216-aa43-b5bdd524892f} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2aa0726c-95b7-4216-aa43-b5bdd524892f} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjbqqph (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      Registerwaarden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2cabbb15 (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM2f988889 (Trojan.Agent) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2aa0726c-95b7-4216-aa43-b5bdd524892f} (Trojan.Vundo) -> Delete on reboot.

      Registerdata bestanden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebqhhga -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebqhhga -> Delete on reboot.

      Mappen geïnfecteerd:
      C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
      C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
      C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

      Bestanden geïnfecteerd:
      C:\WINDOWS\system32\entxeurn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\nruextne.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\geBQhhGA.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\AGhhQBeg.ini (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\AGhhQBeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\hpjtgjnd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\dnjgtjph.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\irsbnquh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\huqnbsri.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\jqvsalvq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\qvlasvqj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ojqxdemw.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\wmedxqjo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\pmabuipv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\vpiubamp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\tkvdjbli.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\ilbjdvkt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\vcubjedy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ydejbucv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
      C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
      C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
      C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
      C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
      C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
      C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
      C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
      C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\joixtgtw.dll (Trojan.Agent) -> Delete on reboot.
      C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ssqQhhiF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\geBUMCUk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ddcBqQKE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ddcDwwXp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\qomkjkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\rqRLdExY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\xxyywww.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\awtqnkhe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\byXQHBrs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\byXQHyaY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\byXQIXnk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\byXqNGVN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\efcYQjih.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\mlJAspnL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ssqPgFXN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ljJBqqPH.dll (Trojan.Vundo) -> Delete on reboot.

      hijjack log

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:53:47, on 15-5-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Norton AntiVirus\SAVScan.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Analog Devices\SoundMAX\smax4.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\taskswitch.exe
      C:\Program Files\Picasa2\PicasaMediaDetector.exe
      C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\vsnpstd.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Common Files\Teleca Shared\Generic.exe
      C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hetnet.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
      O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
      O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [BM2f988889] Rundll32.exe "C:\WINDOWS\system32\joixtgtw.dll",s
      O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
      O4 - HKLM\..\RunOnce: [NAVMD25] C:\WINDOWS\UpdtNv28.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
      O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
      O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
      O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
      O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http://www.startpagina.nl
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {22CF0C35-80CE-11D3-9354-00105AA793BF} (Ipa Control) - http://www.immdesign.com/webview/IPAWebView.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xxkimsommersxx.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096634090859
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
      O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
      O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
      O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
      O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab
      O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
      O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

      --
      End of file - 14263 bytes


      mvg Tommie

      Comment


      • #4
        spyware

        Beste smeenk,

        pc opnieuw opgestart , nieuwe hijack log.

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 23:02:59, on 15-5-2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16640)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
        C:\Program Files\Norton AntiVirus\navapsvc.exe
        C:\WINDOWS\system32\HPZipm12.exe
        C:\Program Files\Norton AntiVirus\SAVScan.exe
        C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\wscntfy.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Analog Devices\SoundMAX\smax4.exe
        C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
        C:\WINDOWS\system32\taskswitch.exe
        C:\Program Files\Picasa2\PicasaMediaDetector.exe
        C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\WINDOWS\vsnpstd.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
        C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
        C:\Program Files\Common Files\Teleca Shared\Generic.exe
        C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hetnet.nl/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O2 - BHO: (no name) - {07521924-0722-41cb-97fa-e2fbaa0218fc} - (no file)
        O2 - BHO: (no name) - {1CCB8CBF-A4FC-4B75-A9CD-EF22FBD108DF} - (no file)
        O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - (no file)
        O2 - BHO: (no name) - {3730C373-B8AB-434D-AF69-6873DEE831E3} - (no file)
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O2 - BHO: (no name) - {60B19066-FB78-4CB5-94B1-CB0479CDC264} - (no file)
        O2 - BHO: (no name) - {61992AF7-5F01-4FC4-BD21-DA3EEB3A731B} - (no file)
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: (no name) - {79BEFB33-4705-435C-B9AC-5220EE275AFE} - (no file)
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: (no name) - {9E49C70C-0D09-4A3E-BF88-A3FE70F2342E} - C:\WINDOWS\system32\geBqQJAp.dll (file missing)
        O2 - BHO: {1ec54bc1-23f8-074b-5964-32bc8beeac6a} - {a6caeeb8-cb23-4695-b470-8f321cb45ce1} - C:\WINDOWS\system32\niteuxgo.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
        O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
        O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
        O2 - BHO: (no name) - {E7C98BAC-82D6-4592-9BAA-01E1161FED26} - C:\WINDOWS\system32\yayvwTmL.dll (file missing)
        O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
        O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
        O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
        O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
        O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
        O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
        O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
        O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
        O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
        O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
        O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
        O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
        O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
        O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
        O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
        O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O14 - IERESET.INF: START_PAGE_URL=http://www.startpagina.nl
        O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
        O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
        O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
        O16 - DPF: {22CF0C35-80CE-11D3-9354-00105AA793BF} (Ipa Control) - http://www.immdesign.com/webview/IPAWebView.cab
        O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xxkimsommersxx.spaces.live.com//PhotoUpload/MsnPUpld.cab
        O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
        O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096634090859
        O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
        O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
        O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
        O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
        O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
        O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
        O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab
        O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
        O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
        O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
        O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
        O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
        O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
        O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
        O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

        --
        End of file - 15582 bytes


        MBAM log

        Malwarebytes' Anti-Malware 1.12
        Database versie: 752

        Scan type: Snelle Scan
        Objecten gescand: 41791
        Verstreken tijd: 7 minute(s), 58 second(s)

        Geheugenprocessen geïnfecteerd: 0
        Geheugenmodulen geïnfecteerd: 4
        Registersleutels geïnfecteerd: 27
        Registerwaarden geïnfecteerd: 3
        Registerdata bestanden geïnfecteerd: 2
        Mappen geïnfecteerd: 3
        Bestanden geïnfecteerd: 46

        Geheugenprocessen geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Geheugenmodulen geïnfecteerd:
        C:\WINDOWS\system32\geBQhhGA.dll (Trojan.Vundo) -> Unloaded module successfully.
        C:\WINDOWS\system32\ojqxdemw.dll (Trojan.Vundo) -> Unloaded module successfully.
        C:\WINDOWS\system32\tkvdjbli.dll (Trojan.Vundo) -> Unloaded module successfully.
        C:\WINDOWS\system32\ljJBqqPH.dll (Trojan.Vundo) -> Unloaded module successfully.

        Registersleutels geïnfecteerd:
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58cdab48-e96b-4cd1-af32-aeedcfc10e12} (Trojan.Vundo) -> Delete on reboot.
        HKEY_CLASSES_ROOT\CLSID\{58cdab48-e96b-4cd1-af32-aeedcfc10e12} (Trojan.Vundo) -> Delete on reboot.
        HKEY_CLASSES_ROOT\Interface\{81b7f2df-3427-4704-b441-f74a4de94ce1} (Adware.Rightonadz) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{05dd7301-dfcc-445b-98c4-83c62e4b5124} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{4f133b49-3be1-4d05-b6ef-aa7d43aa242e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Typelib\{23d94dcf-33df-4a3a-9e2e-ca0e03df6d03} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{f8af8788-fea6-47a1-98b1-f5f92f38af61} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Typelib\{2742920a-eaf3-44a8-bab3-d9e6ed65caad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{6c8ab177-7b09-4f5c-9e6d-82eaa765430c} (Adware.Accoona) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Typelib\{ea3956d2-ec38-41ab-b601-47aa281e4952} (Adware.Accoona) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\Software\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{2aa0726c-95b7-4216-aa43-b5bdd524892f} (Trojan.Vundo) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2aa0726c-95b7-4216-aa43-b5bdd524892f} (Trojan.Vundo) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjbqqph (Trojan.Vundo) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

        Registerwaarden geïnfecteerd:
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2cabbb15 (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM2f988889 (Trojan.Agent) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2aa0726c-95b7-4216-aa43-b5bdd524892f} (Trojan.Vundo) -> Delete on reboot.

        Registerdata bestanden geïnfecteerd:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebqhhga -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebqhhga -> Delete on reboot.

        Mappen geïnfecteerd:
        C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
        C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
        C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

        Bestanden geïnfecteerd:
        C:\WINDOWS\system32\entxeurn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\nruextne.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\geBQhhGA.dll (Trojan.Vundo) -> Delete on reboot.
        C:\WINDOWS\system32\AGhhQBeg.ini (Trojan.Vundo) -> Delete on reboot.
        C:\WINDOWS\system32\AGhhQBeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\hpjtgjnd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\dnjgtjph.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\irsbnquh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\huqnbsri.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\jqvsalvq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\qvlasvqj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ojqxdemw.dll (Trojan.Vundo) -> Delete on reboot.
        C:\WINDOWS\system32\wmedxqjo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\pmabuipv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\vpiubamp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\tkvdjbli.dll (Trojan.Vundo) -> Delete on reboot.
        C:\WINDOWS\system32\ilbjdvkt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\vcubjedy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ydejbucv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
        C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
        C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
        C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
        C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
        C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
        C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
        C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
        C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\joixtgtw.dll (Trojan.Agent) -> Delete on reboot.
        C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ssqQhhiF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\geBUMCUk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ddcBqQKE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ddcDwwXp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\qomkjkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\rqRLdExY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\xxyywww.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\awtqnkhe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\byXQHBrs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\byXQHyaY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\byXQIXnk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\byXqNGVN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\efcYQjih.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\mlJAspnL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ssqPgFXN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ljJBqqPH.dll (Trojan.Vundo) -> Delete on reboot.


        mvg Tommie

        Comment


        • #5
          Herstart je computer nog eens en post dan een nieuw logje van Hijackthis

          Zou je eventueel een nieuwe scan met MalwareBytes kunnen doen?
          Ik heb de indruk dat het nog niet weg is.
          Last edited by smeenk; 15-05-08, 23:25.

          Comment


          • #6
            spyware

            Smeenk,

            de log van Mbam

            Malwarebytes' Anti-Malware 1.12
            Database versie: 752

            Scan type: Volledige Scan (C:\|)
            Objecten gescand: 171281
            Verstreken tijd: 50 minute(s), 57 second(s)

            Geheugenprocessen geïnfecteerd: 0
            Geheugenmodulen geïnfecteerd: 0
            Registersleutels geïnfecteerd: 1
            Registerwaarden geïnfecteerd: 0
            Registerdata bestanden geïnfecteerd: 0
            Mappen geïnfecteerd: 0
            Bestanden geïnfecteerd: 5

            Geheugenprocessen geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Geheugenmodulen geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Registersleutels geïnfecteerd:
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

            Registerwaarden geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Registerdata bestanden geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Mappen geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Bestanden geïnfecteerd:
            C:\WINDOWS\system32\geBQhhGA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\AGhhQBeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\AGhhQBeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
            C:\System Volume Information\_restore{E5EB3783-A356-4AB3-9A57-842B8D336270}\RP31\A0026662.exe (Adware.Agent) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\ljJBqqPH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


            de log van hijack
            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 0:23:44, on 16-5-2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16640)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
            C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
            C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
            C:\Program Files\Norton AntiVirus\navapsvc.exe
            C:\WINDOWS\system32\HPZipm12.exe
            C:\Program Files\Norton AntiVirus\SAVScan.exe
            C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\wscntfy.exe
            C:\Program Files\Common Files\Symantec Shared\ccApp.exe
            C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
            C:\Program Files\QuickTime\qttask.exe
            C:\Program Files\Analog Devices\SoundMAX\smax4.exe
            C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
            C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
            C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
            C:\WINDOWS\system32\taskswitch.exe
            C:\Program Files\Picasa2\PicasaMediaDetector.exe
            C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
            C:\WINDOWS\system32\rundll32.exe
            C:\WINDOWS\vsnpstd.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
            C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Messenger\msmsgs.exe
            C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
            C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
            C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
            C:\Program Files\Common Files\Teleca Shared\Generic.exe
            C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
            C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
            C:\WINDOWS\system32\NOTEPAD.EXE
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hetnet.nl/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: (no name) - {07521924-0722-41cb-97fa-e2fbaa0218fc} - (no file)
            O2 - BHO: (no name) - {1CCB8CBF-A4FC-4B75-A9CD-EF22FBD108DF} - (no file)
            O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - (no file)
            O2 - BHO: (no name) - {3730C373-B8AB-434D-AF69-6873DEE831E3} - (no file)
            O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
            O2 - BHO: (no name) - {60B19066-FB78-4CB5-94B1-CB0479CDC264} - (no file)
            O2 - BHO: (no name) - {61992AF7-5F01-4FC4-BD21-DA3EEB3A731B} - (no file)
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O2 - BHO: (no name) - {79BEFB33-4705-435C-B9AC-5220EE275AFE} - (no file)
            O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O2 - BHO: (no name) - {9E49C70C-0D09-4A3E-BF88-A3FE70F2342E} - C:\WINDOWS\system32\geBqQJAp.dll (file missing)
            O2 - BHO: {1ec54bc1-23f8-074b-5964-32bc8beeac6a} - {a6caeeb8-cb23-4695-b470-8f321cb45ce1} - C:\WINDOWS\system32\niteuxgo.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
            O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
            O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
            O2 - BHO: (no name) - {E7C98BAC-82D6-4592-9BAA-01E1161FED26} - C:\WINDOWS\system32\yayvwTmL.dll (file missing)
            O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
            O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
            O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
            O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
            O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
            O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
            O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
            O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
            O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
            O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
            O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
            O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
            O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
            O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
            O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
            O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
            O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
            O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
            O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
            O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
            O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
            O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
            O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
            O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
            O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
            O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O14 - IERESET.INF: START_PAGE_URL=http://www.startpagina.nl
            O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
            O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
            O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
            O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
            O16 - DPF: {22CF0C35-80CE-11D3-9354-00105AA793BF} (Ipa Control) - http://www.immdesign.com/webview/IPAWebView.cab
            O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xxkimsommersxx.spaces.live.com//PhotoUpload/MsnPUpld.cab
            O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
            O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096634090859
            O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
            O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
            O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
            O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
            O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
            O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
            O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
            O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
            O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
            O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
            O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab
            O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
            O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
            O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
            O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
            O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
            O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
            O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
            O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
            O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
            O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
            O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
            O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
            O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
            O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
            O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
            O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
            O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
            O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

            --
            End of file - 15668 bytes

            mvg tommie

            Comment


            • #7
              TeaTimer van Spybot is actief, deze moet uitgeschakeld worden omdat deze wijzigingen met Hijackthis weer ongedaan gaat maken.

              Spybot openen > Modus > Geavanceerde modus > Gereedschap > Resident > TeaTimer uitschakelen > PC Herstarten

              Download het volgende naar je bureaublad:

              Dubbelklik daarna op ResetTeaTimer.bat.
              Dit zal de voorgaande items die je toegelaten hebt of geblokkeerd hebt via teatimer terug resetten.

              Start Hijackthis en vink alleen de volgende regels aan:
              O2 - BHO: (no name) - {07521924-0722-41cb-97fa-e2fbaa0218fc} - (no file)
              O2 - BHO: (no name) - {1CCB8CBF-A4FC-4B75-A9CD-EF22FBD108DF} - (no file)
              O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - (no file)
              O2 - BHO: (no name) - {3730C373-B8AB-434D-AF69-6873DEE831E3} - (no file)
              O2 - BHO: (no name) - {60B19066-FB78-4CB5-94B1-CB0479CDC264} - (no file)
              O2 - BHO: (no name) - {61992AF7-5F01-4FC4-BD21-DA3EEB3A731B} - (no file)
              O2 - BHO: (no name) - {79BEFB33-4705-435C-B9AC-5220EE275AFE} - (no file)
              O2 - BHO: (no name) - {9E49C70C-0D09-4A3E-BF88-A3FE70F2342E} - C:\WINDOWS\system32\geBqQJAp.dll (file missing)
              O2 - BHO: {1ec54bc1-23f8-074b-5964-32bc8beeac6a} - {a6caeeb8-cb23-4695-b470-8f321cb45ce1} - C:\WINDOWS\system32\niteuxgo.dll
              O2 - BHO: (no name) - {E7C98BAC-82D6-4592-9BAA-01E1161FED26} - C:\WINDOWS\system32\yayvwTmL.dll (file missing)
              O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
              O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe

              Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

              Herstart je Computer.

              Post na de herstart een nieuw logje van Hijackthis

              Comment


              • #8
                spyware

                beste Smeenk

                hier de log
                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 7:44:38, on 16-5-2008
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\Ati2evxx.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
                C:\Program Files\Norton AntiVirus\navapsvc.exe
                C:\WINDOWS\system32\HPZipm12.exe
                C:\Program Files\Norton AntiVirus\SAVScan.exe
                C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                C:\WINDOWS\system32\svchost.exe
                C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
                C:\WINDOWS\Explorer.EXE
                C:\WINDOWS\system32\wscntfy.exe
                C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                C:\Program Files\QuickTime\qttask.exe
                C:\Program Files\Analog Devices\SoundMAX\smax4.exe
                C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
                C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
                C:\WINDOWS\system32\taskswitch.exe
                C:\Program Files\Picasa2\PicasaMediaDetector.exe
                C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
                C:\WINDOWS\system32\rundll32.exe
                C:\WINDOWS\vsnpstd.exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
                C:\Program Files\Messenger\msmsgs.exe
                C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
                C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
                C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
                C:\Program Files\Common Files\Teleca Shared\Generic.exe
                C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
                C:\Program Files\Internet Explorer\IEXPLORE.EXE
                C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hetnet.nl/
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
                O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
                O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
                O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
                O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
                O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
                O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
                O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
                O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
                O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
                O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
                O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
                O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
                O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
                O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
                O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
                O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
                O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
                O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
                O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
                O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
                O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
                O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O14 - IERESET.INF: START_PAGE_URL=http://www.startpagina.nl
                O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
                O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
                O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
                O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                O16 - DPF: {22CF0C35-80CE-11D3-9354-00105AA793BF} (Ipa Control) - http://www.immdesign.com/webview/IPAWebView.cab
                O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xxkimsommersxx.spaces.live.com//PhotoUpload/MsnPUpld.cab
                O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
                O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
                O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096634090859
                O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
                O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
                O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
                O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
                O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
                O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
                O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
                O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
                O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab
                O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
                O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
                O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
                O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
                O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
                O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
                O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
                O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
                O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

                --
                End of file - 14316 bytes
                mvg Tommie

                Comment


                • #9
                  Doe dit nog maar eens:
                  Download: RVAXO.exe
                  • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
                  • Start de computer in veilige modus.
                  • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
                    Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
                  • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
                  • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
                    Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
                  • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
                  • Post de inhoud van de logfile in je volgende bericht.
                  Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

                  Comment


                  • #10
                    hoi,

                    ravo.exe staat op het buroblad

                    stom maar hoestart ik op in de veilige modus..

                    mvg Tommie

                    Comment


                    • #11
                      Oorspronkelijk geplaatst door smeenk Bekijk Berichten
                      Start de computer in veilige modus.
                      Dat was dus meteen ook de link: http://users.pandora.be/marcvn/spyware/1378056.htm

                      Comment


                      • #12
                        spyware

                        Beste Smeenk, hier de log

                        ---RVAXO.exe Updated: 2008-05-16---first run---
                        Uninstallers:

                        Files found:
                        C:\WINDOWS\BM2f988889.xml
                        C:\WINDOWS\BM2f988889.txt
                        C:\WINDOWS\system32\LmTwvyay.ini2
                        C:\WINDOWS\system32\pAJQqBeg.ini2
                        C:\WINDOWS\system32\WinUpdating.exe
                        C:\WINDOWS\pskt.ini
                        C:\WINDOWS\wininit.ini
                        C:\WINDOWS\cookies.ini
                        C:\WINDOWS\system32\clkcnt.txt
                        C:\WINDOWS\system32\mcrh.tmp

                        Folders Found:

                        Hosts-file was reset, If you use a custom hosts file please replace it...

                        --------------RVAXO.exe last run---------------
                        Not deleted items:

                        --------------RVAXO.exe finished----------------
                        mvg tommie

                        Comment


                        • #13
                          Oorspronkelijk geplaatst door smeenk Bekijk Berichten
                          Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

                          Comment


                          • #14
                            spyware

                            Hoi,

                            hier het ontbrekende logje,



                            ======C:\WINDOWS====
                            ----a-w 0 2008-05-17 17:22:20 C:\WINDOWS\0.log
                            --s-a-w 2,048 2008-05-17 17:21:52 C:\WINDOWS\bootstat.dat
                            ----a-w 165 2008-05-10 20:22:28 C:\WINDOWS\cdplayer.ini
                            ----a-w 0 2008-04-16 19:18:54 C:\WINDOWS\mngui.INI
                            ----a-w 4,362 2008-05-17 17:22:22 C:\WINDOWS\ModemLog_Intel(R) 536EP Modem.txt
                            ----a-w 1,998 2008-04-28 17:28:38 C:\WINDOWS\ModemLog_Nokia 6230 Bluetooth.txt
                            ----a-w 3,550 2008-05-13 18:02:30 C:\WINDOWS\ModemLog_Sony Ericsson Device 039 USB WMC Data Modem.txt
                            ----a-w 4,182 2008-05-13 18:02:32 C:\WINDOWS\ModemLog_Sony Ericsson Device 039 USB WMC Modem.txt
                            ----a-w 2,000 2008-04-28 17:28:32 C:\WINDOWS\ModemLog_Standaardmodem via Bluetooth-koppeling #3.txt
                            ----a-w 2,000 2008-04-28 17:28:27 C:\WINDOWS\ModemLog_Standaardmodem via Bluetooth-koppeling #4.txt
                            ----a-w 2,000 2008-04-28 17:28:43 C:\WINDOWS\ModemLog_Standaardmodem via Bluetooth-koppeling.txt
                            ----a-w 1,409 2008-05-17 17:13:12 C:\WINDOWS\QTFont.for
                            ---ha-w 54,156 2008-05-17 17:13:12 C:\WINDOWS\QTFont.qfn
                            ----a-w 32,524 2008-05-17 17:13:59 C:\WINDOWS\SchedLgU.Txt
                            ----a-w 5,558 2008-05-12 20:22:34 C:\WINDOWS\setupapi.log
                            ----a-w 341 2008-05-17 17:21:02 C:\WINDOWS\system.ini
                            --sha-w 8,192 2008-05-16 17:42:59 C:\WINDOWS\Thumbs.db
                            ----a-w 159 2008-05-17 17:22:17 C:\WINDOWS\wiadebug.log
                            ----a-w 49 2008-05-17 17:22:12 C:\WINDOWS\wiaservc.log
                            ----a-w 1,347 2008-05-17 17:21:02 C:\WINDOWS\win.ini
                            ----a-w 2,066,947 2008-05-17 17:21:12 C:\WINDOWS\WindowsUpdate.log
                            ----a-w 1,876 2008-05-17 11:20:39 C:\WINDOWS\wmsetup.log

                            Entries: 22 (19)
                            Directories: 0 Files: 22
                            Bytes: 2,194,863 Blocks: 4,294
                            ======C:\WINDOWS\system32=====
                            --sh--w 1,544,565 2008-05-15 16:06:13 C:\WINDOWS\System32\amtbqufr.ini
                            --sh--w 354 2008-05-13 14:51:37 C:\WINDOWS\System32\boegmgol.ini
                            ----a-w 133,632 2008-05-13 17:18:32 C:\WINDOWS\System32\caxosrxr.dll
                            ----a-w 131,648 2008-05-14 10:51:27 C:\WINDOWS\System32\cofpdmfw.dll
                            ----a-w 3,580 2008-04-16 13:51:11 C:\WINDOWS\System32\d3d9caps.dat
                            ----a-w 131,584 2008-05-13 14:46:00 C:\WINDOWS\System32\dglhjulv.dll
                            ----a-w 125,952 2008-05-13 15:23:47 C:\WINDOWS\System32\dotmglcn.dll
                            ----a-w 125,952 2008-05-13 11:08:07 C:\WINDOWS\System32\eapyhnju.dll
                            ----a-w 133,120 2008-05-12 05:28:24 C:\WINDOWS\System32\ehwwqjpq.dll
                            --sh--w 1,496,612 2008-05-12 20:03:46 C:\WINDOWS\System32\hatqqjrg.ini
                            ----a-w 133,184 2008-05-15 14:57:44 C:\WINDOWS\System32\ikjbvfnu.dll
                            ----a-w 125,952 2008-05-13 14:42:59 C:\WINDOWS\System32\ipyuuolh.dll
                            ----a-w 133,696 2008-05-13 20:20:45 C:\WINDOWS\System32\jdxrhxvb.dll
                            --sh--w 754,322 2008-05-13 15:21:57 C:\WINDOWS\System32\jlpaugbs.ini
                            ------w 126,016 2008-05-15 20:50:49 C:\WINDOWS\System32\joixtgtw.dll
                            ----a-w 123,392 2008-05-13 17:12:32 C:\WINDOWS\System32\joknrscg.dll
                            --sha-w 410,077 2008-05-13 20:00:37 C:\WINDOWS\System32\LmTwvyay.ini
                            --sh--w 1,497,024 2008-05-13 06:46:54 C:\WINDOWS\System32\ocfqlaik.ini
                            ----a-w 124,480 2008-05-14 10:53:59 C:\WINDOWS\System32\odaqjror.dll
                            ------w 116,800 2008-05-15 20:50:48 C:\WINDOWS\System32\ojqxdemw.dll
                            --sh--w 1,496,904 2008-05-12 20:50:36 C:\WINDOWS\System32\okckarmh.ini
                            --sha-w 519,691 2008-05-13 18:29:13 C:\WINDOWS\System32\pAJQqBeg.ini
                            ----a-w 64,108 2008-04-16 18:47:52 C:\WINDOWS\System32\perfc009.dat
                            ----a-w 78,630 2008-04-16 18:47:52 C:\WINDOWS\System32\perfc013.dat
                            ----a-w 415,676 2008-04-16 18:47:52 C:\WINDOWS\System32\perfh009.dat
                            ----a-w 463,552 2008-04-16 18:47:52 C:\WINDOWS\System32\perfh013.dat
                            ----a-w 1,034,222 2008-04-16 18:47:52 C:\WINDOWS\System32\PerfStringBackup.INI
                            ------w 551,672 2008-05-10 20:08:29 C:\WINDOWS\System32\px.dll
                            ------w 531,192 2008-05-10 20:08:29 C:\WINDOWS\System32\pxdrv.dll
                            ------w 72,440 2008-05-10 20:08:35 C:\WINDOWS\System32\pxhpinst.exe
                            ------w 187,128 2008-05-10 20:08:29 C:\WINDOWS\System32\pxmas.dll
                            ------w 379,640 2008-05-10 20:08:29 C:\WINDOWS\System32\pxwave.dll
                            ----a-w 123,456 2008-05-14 06:51:06 C:\WINDOWS\System32\qcjgheff.dll
                            ----a-w 11,319 2008-05-14 11:13:41 C:\WINDOWS\System32\QuickTime.qtp
                            ----a-w 10,707 2008-05-14 11:13:32 C:\WINDOWS\System32\QuickTimeFavorites.qtr
                            ----a-w 126,016 2008-05-15 18:57:48 C:\WINDOWS\System32\qvgcmvek.dll
                            --sh--w 1,496,510 2008-05-12 19:50:50 C:\WINDOWS\System32\qxvmwknl.ini
                            ----a-w 37,888 2008-05-11 10:16:29 C:\WINDOWS\System32\rar.exe
                            ----a-w 131,584 2008-05-13 15:29:53 C:\WINDOWS\System32\rhbshnpt.dll
                            ----a-w 822,165 2008-05-16 05:10:02 C:\WINDOWS\System32\RVAXO.bat
                            ----a-w 123,456 2008-05-13 20:15:14 C:\WINDOWS\System32\sscbtvqo.dll
                            ------w 116,800 2008-05-15 20:50:49 C:\WINDOWS\System32\tkvdjbli.dll
                            --sh--w 1,494,765 2008-05-12 18:54:16 C:\WINDOWS\System32\uexlhcmc.ini
                            ----a-w 126,528 2008-05-14 17:29:27 C:\WINDOWS\System32\usculgva.dll
                            --sh--w 1,524,960 2008-05-13 20:13:44 C:\WINDOWS\System32\vcdauwbp.ini
                            ----a-w 126,016 2008-05-15 16:08:22 C:\WINDOWS\System32\vkeoahle.dll
                            ----a-w 131,648 2008-05-14 10:59:58 C:\WINDOWS\System32\vlulqaep.dll
                            ------w 39,672 2008-05-10 20:08:29 C:\WINDOWS\System32\vxblock.dll
                            --sh--w 1,546,266 2008-05-15 19:01:34 C:\WINDOWS\System32\wmedxqjo.tmp
                            ----a-w 13,692 2008-05-17 17:22:31 C:\WINDOWS\System32\wpa.dbl
                            --sh--w 1,504,992 2008-05-12 16:10:03 C:\WINDOWS\System32\xjhklcyc.ini
                            ----a-w 133,184 2008-05-14 17:32:28 C:\WINDOWS\System32\xrbniliq.dll
                            ----a-w 133,184 2008-05-15 16:11:23 C:\WINDOWS\System32\ybqhplrb.dll
                            ----a-w 125,504 2008-05-15 11:22:00 C:\WINDOWS\System32\ykihtrwx.dll

                            Entries: 54 (41)
                            Directories: 0 Files: 54
                            Bytes: 23,067,109 Blocks: 45,080
                            ======C:\WINDOWS\system32\drivers=====
                            ----a-w 15,864 2008-05-05 18:46:32 C:\WINDOWS\System32\drivers\mbam.sys
                            ----a-w 27,048 2008-05-05 18:46:36 C:\WINDOWS\System32\drivers\mbamcatchme.sys
                            ------w 36,624 2008-05-10 20:08:35 C:\WINDOWS\System32\drivers\pxhelp20.sys

                            Entries: 3 (3)
                            Directories: 0 Files: 3
                            Bytes: 79,536 Blocks: 156
                            =======C:\Program Files=====
                            Entries: 0 (0)
                            Directories: 0 Files: 0
                            Bytes: 0 Blocks: 0
                            =======C:=====
                            --sha-w 211 2008-05-17 17:21:02 C:\boot.ini
                            ----a-w 509 2008-05-17 17:18:20 C:\firstrun6.log
                            ----a-w 230,424 2008-05-02 13:08:34 C:\img1-001.raw
                            ----a-w 129,654 2008-04-29 06:24:52 C:\inv_oktodelete.bmp
                            --sha-w 1,608,617,984 2008-05-17 17:21:48 C:\pagefile.sys
                            ----a-w 72 2008-05-17 17:21:53 C:\Pollog.txt
                            ----a-w 1,507,500 2008-05-17 17:21:53 C:\PollSt.txt
                            ----a-w 644 2008-05-17 17:23:29 C:\RVAXO-results.log
                            ----a-w 7,128 2008-05-17 17:23:29 C:\RVAXO-Vfind.log
                            --sha-w 10,752 2008-05-01 20:30:48 C:\Thumbs.db

                            Entries: 10 (7)
                            Directories: 0 Files: 10
                            Bytes: 1,610,504,878 Blocks: 3,145,522
                            ======C:\Documents and Settings\Fons\Application Data======
                            Entries: 0 (0)
                            Directories: 0 Files: 0
                            Bytes: 0 Blocks: 0
                            ======C:\Documents and Settings\Fons======
                            ----a-w 616 2008-05-16 06:32:12 C:\Documents and Settings\Fons\intlname.ols
                            ----a-w 12,058,624 2008-05-17 17:21:11 C:\Documents and Settings\Fons\ntuser.dat
                            ---ha-w 32,768 2008-05-17 17:23:21 C:\Documents and Settings\Fons\ntuser.dat.LOG
                            --sh--w 288 2008-05-17 17:21:11 C:\Documents and Settings\Fons\ntuser.ini

                            Entries: 4 (2)
                            Directories: 0 Files: 4
                            Bytes: 12,092,296 Blocks: 23,619
                            ======C:\WINDOWS\Downloaded Program Files====
                            Entries: 0 (0)
                            Directories: 0 Files: 0
                            Bytes: 0 Blocks: 0
                            =============


                            mvg Tommie

                            Comment


                            • #15
                              Open een kladblokbestand.
                              Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                              @ECHO OFF
                              IF EXIST log.txt DEL log.txt
                              ECHO Deleting files>>log.txt
                              FOR %%g in (
                              C:\WINDOWS\System32\amtbqufr.ini
                              C:\WINDOWS\System32\boegmgol.ini
                              C:\WINDOWS\System32\caxosrxr.dll
                              C:\WINDOWS\System32\cofpdmfw.dll
                              C:\WINDOWS\System32\dglhjulv.dll
                              C:\WINDOWS\System32\dotmglcn.dll
                              C:\WINDOWS\System32\eapyhnju.dll
                              C:\WINDOWS\System32\ehwwqjpq.dll
                              C:\WINDOWS\System32\hatqqjrg.ini
                              C:\WINDOWS\System32\ikjbvfnu.dll
                              C:\WINDOWS\System32\ipyuuolh.dll
                              C:\WINDOWS\System32\jdxrhxvb.dll
                              C:\WINDOWS\System32\jlpaugbs.ini
                              C:\WINDOWS\System32\joixtgtw.dll
                              C:\WINDOWS\System32\joknrscg.dll
                              C:\WINDOWS\System32\LmTwvyay.ini
                              C:\WINDOWS\System32\ocfqlaik.ini
                              C:\WINDOWS\System32\odaqjror.dll
                              C:\WINDOWS\System32\ojqxdemw.dll
                              C:\WINDOWS\System32\okckarmh.ini
                              C:\WINDOWS\System32\pAJQqBeg.ini
                              C:\WINDOWS\System32\qcjgheff.dll
                              C:\WINDOWS\System32\qvgcmvek.dll
                              C:\WINDOWS\System32\qxvmwknl.ini
                              C:\WINDOWS\System32\rhbshnpt.dll
                              C:\WINDOWS\System32\sscbtvqo.dll
                              C:\WINDOWS\System32\tkvdjbli.dll
                              C:\WINDOWS\System32\uexlhcmc.ini
                              C:\WINDOWS\System32\usculgva.dll
                              C:\WINDOWS\System32\vcdauwbp.ini
                              C:\WINDOWS\System32\vkeoahle.dll
                              C:\WINDOWS\System32\vlulqaep.dll
                              C:\WINDOWS\System32\wmedxqjo.tmp
                              C:\WINDOWS\System32\xjhklcyc.ini
                              C:\WINDOWS\System32\xrbniliq.dll
                              C:\WINDOWS\System32\ybqhplrb.dll
                              C:\WINDOWS\System32\ykihtrwx.dll) DO (
                              DEL /Q %%gNUCIA
                              IF EXIST %%g (
                              ATTRIB -r -s -h %%g
                              DEL %%g
                              REN %%g *NUCIA
                              IF EXIST %%gNUCIA (
                              ECHO renamed to %%gNUCIA>>log.txt)
                              IF EXIST %%g (
                              ECHO %%g not deleted>>log.txt
                              ) ELSE (
                              ECHO %%g deleted>>log.txt)
                              ) ELSE (
                              ECHO %%g not found>>log.txt))
                              START NOTEPAD.EXE log.txt

                              Ga naar Bestand - Opslaan als.
                              Bij "Opslaan in" kies je: Bureaublad
                              Bij "Bestandsnaam" zet je: del.bat
                              Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                              Klik op de knop Opslaan.

                              Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X