Mededeling

**Marckie** · 26-05-08, 17:02

Hallo,

Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {21D343B1-AFCA-4678-86F1-27020746E93B} - C:\WINDOWS\system32\opnnomjK.dll
O2 - BHO: {84de4482-e3b9-4c7b-1a84-a4ba50a49c16} - {61c94a05-ab4a-48a1-b7c4-9b3e2844ed48} - C:\WINDOWS\system32\jgrhhlnk.dll
O2 - BHO: (no name) - {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} - C:\WINDOWS\system32\mlJbYRlk.dll
O4 - HKLM\..\Run: [BM52a6abc8] Rundll32.exe "C:\WINDOWS\system32\tytghrxs.dll",s
O20 - Winlogon Notify: mlJbYRlk - C:\WINDOWS\SYSTEM32\mlJbYRlk.dll

Klik daarna op "Fix checked" en sluit HijackThis af.

Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

**adkieb** · 26-05-08, 19:54

Combofix:
ComboFix 08-05-25.5 - Ad van den Kieboom 2008-05-26 18:57:31.1 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Ad van den Kieboom\Mijn documenten\Nieuwe map\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ad van den Kieboom\Mijn documenten\Nieuwe map\WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM52a6abc8.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ddcAsqPj.dll
C:\WINDOWS\system32\Kjmonnpo.ini
C:\WINDOWS\system32\Kjmonnpo.ini2
C:\WINDOWS\system32\mdyvwyim.ini
C:\WINDOWS\system32\mlJbYRlk.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pmnnLCSJ.dll

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))
.

2008-05-25 19:00 . 2008-05-25 19:01 <DIR> d-------- C:\Program Files\Panda Security
2008-05-25 09:49 . 2008-05-25 09:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-21 17:08 . 2008-05-21 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
2008-05-21 17:08 . 2008-05-21 17:08 1,025 --a------ C:\WINDOWS\system32\sysprs7.tgz
2008-05-21 17:08 . 2008-05-21 17:08 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2008-05-21 17:08 . 2008-05-21 17:08 1,025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-05-21 17:08 . 2008-05-21 17:08 1,025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-05-21 17:08 . 2008-05-21 17:08 219 --a------ C:\WINDOWS\system32\lsprst7.tgz
2008-05-21 17:08 . 2008-05-21 17:08 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2008-05-21 17:08 . 2008-05-21 17:08 87 --a------ C:\WINDOWS\system32\ssprs.tgz
2008-05-21 17:08 . 2008-05-21 17:08 73 --a------ C:\WINDOWS\system32\ssprs.dll
2008-05-15 10:12 . 2008-05-21 16:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-15 10:12 . 2008-05-15 10:12 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-10 15:46 . 2008-05-10 15:47 <DIR> d-------- C:\Documents and Settings\Conny\Application Data\gtk-2.0
2008-05-10 15:42 . 2008-05-10 15:55 <DIR> d-------- C:\Documents and Settings\Conny\Application Data\.purple
2008-05-07 21:15 . 2008-05-07 21:57 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\.purple
2008-05-07 21:13 . 2008-05-07 21:14 <DIR> d-------- C:\Program Files\Aspell
2008-05-07 21:12 . 2008-05-07 21:14 <DIR> d-------- C:\Program Files\Pidgin
2008-05-07 21:11 . 2008-05-07 21:11 <DIR> d-------- C:\Program Files\Common Files\GTK
2008-04-30 02:58 . 2008-04-30 02:58 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-29 00:45 . 2004-12-13 16:44 167,936 --a------ C:\WINDOWS\system32\igfxres.dll
2008-04-29 00:34 . 2004-08-04 14:00 48,256 --a--c--- C:\WINDOWS\system32\dllcache\w32.dll
2008-04-29 00:34 . 2004-08-04 14:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2008-04-29 00:34 . 2004-08-04 14:00 31,488 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2008-04-29 00:32 . 2004-08-04 14:00 111,104 --a--c--- C:\WINDOWS\system32\dllcache\mtstocom.exe
2008-04-29 00:32 . 2004-08-04 14:00 92,416 --a--c--- C:\WINDOWS\system32\dllcache\mga.sys
2008-04-29 00:32 . 2004-08-04 14:00 92,032 --a--c--- C:\WINDOWS\system32\dllcache\mga.dll
2008-04-29 00:32 . 2001-09-06 21:26 65,536 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
2008-04-29 00:32 . 2001-09-06 21:27 38,912 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
2008-04-29 00:32 . 2004-08-04 14:00 33,792 --a--c--- C:\WINDOWS\system32\dllcache\lmmib2.dll
2008-04-29 00:32 . 2004-08-04 14:00 23,040 --a--c--- C:\WINDOWS\system32\dllcache\lpdsvc.dll
2008-04-29 00:32 . 2004-08-04 14:00 19,456 --a--c--- C:\WINDOWS\system32\dllcache\lprmon.dll
2008-04-29 00:32 . 2004-08-04 14:00 18,432 --a--c--- C:\WINDOWS\system32\dllcache\jupiw.dll
2008-04-29 00:32 . 2004-08-04 14:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\migregdb.exe
2008-04-29 00:30 . 2004-08-04 14:00 332,800 --a--c--- C:\WINDOWS\system32\dllcache\aqueue.dll
2008-04-29 00:29 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-04-29 00:26 . 2004-08-04 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-04-29 00:26 . 2008-04-29 00:26 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-04-29 00:26 . 2008-04-29 00:26 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-04-29 00:26 . 2008-04-29 00:26 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-04-29 00:26 . 2008-04-29 00:26 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-04-29 00:26 . 2008-04-29 00:26 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-04-28 23:52 . 2004-08-04 14:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-04-28 23:51 . 2004-08-04 14:00 1,086,058 -ra------ C:\WINDOWS\SETFC.tmp
2008-04-28 23:51 . 2004-08-04 14:00 1,014,139 -ra------ C:\WINDOWS\SETF9.tmp

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 22:04 --------- d-----w C:\Program Files\Total Video Converter
2008-05-25 22:00 --------- d-----w C:\Program Files\Multi Theft Auto
2008-05-25 18:00 --------- d-----w C:\Program Files\DC++
2008-05-08 07:15 --------- d-s---w C:\Program Files\Xfire
2008-05-07 19:58 --------- d-----w C:\Documents and Settings\Chris\Application Data\Xfire
2008-05-06 18:42 --------- d-----w C:\Program Files\DigiLeen
2008-05-04 16:22 --------- d-----w C:\Program Files\TetriNet2
2008-04-29 21:01 --------- d-----w C:\Program Files\Creative
2008-04-29 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-28 20:13 --------- d-----w C:\Program Files\Google
2008-04-12 19:23 --------- d-----w C:\Program Files\Hp
2008-04-11 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-05 22:45 --------- d-----w C:\Documents and Settings\Ad van den Kieboom\Application Data\Leadertech
2007-03-04 12:59 162 ----a-w C:\Documents and Settings\Rob\Application Data\wklnhst.dat
2006-04-29 17:49 184 ----a-w C:\Documents and Settings\Chris\Application Data\wklnhst.dat
2006-04-27 06:29 435 ----a-w C:\Program Files\mtachat.txt
2006-08-24 14:04 32,768 ----a-w C:\Program Files\mozilla firefox\plugins\MsnChat40nl-nl.dll
2008-01-11 18:21 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-28 18:13 68856]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57 1103480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-13 16:43 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-13 16:38 126976]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 13:48 1388544]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 13:20 88363 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-02-08 18:38 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 15:21 794624]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54 253952]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-17 15:29 282624]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2005-08-17 15:57 90112]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-08-16 21:54 339968]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-03-22 12:24 220160]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 16:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 15:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 14:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"MP10_EnsureFileVer"="C:\WINDOWS\inf\unregmp2.exe" [2004-08-04 14:00 208896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
"Spyware Doctor"=""

C:\Documents and Settings\Rob\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 20:05:35 360448]

C:\Documents and Settings\Ad van den Kieboom\Menu Start\Programma's\Opstarten\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 20:05:35 360448]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18 16432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Multi Theft Auto\\MTAServer.exe"=
"C:\\Program Files\\Multi Theft Auto\\Server\\MTAServer.exe"=
"C:\\Program Files\\Teamspeak2_RC2_\\server_windows.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\MSN\\MSNCoreFiles\\msn6.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\tswebeditor\\tswebeditor.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DigiLeen\\Digileen.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009

R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 20:06]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-08-26 20:41]

.
Inhoud van de 'Gedeelde Taken' map
"2007-08-30 18:48:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-04-11 14:32:00 C:\WINDOWS\Tasks\Eenvoudige Internetaanmelding.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2008-04-27 23:26:42 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2008-05-26 17:29:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 19:24:13
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Voltooingstijd: 2008-05-26 19:33:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-26 17:33:33

Pre-Run: 9,645,854,720 bytes beschikbaar
Post-Run: 11,074,805,760 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

229 --- E O F --- 2008-05-24 23:46:38

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:55, on 26-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\tsnp2std.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=Q305&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30CADB40-6FD7-433F-BF0D-4827CA7B5BDF} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab46783.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152955242109
O16 - DPF: {82CF9738-0BDA-4AAF-AB08-5AC5875FF3BB} (YMultiRecord Class) - http://www2.malmberg.nl/online_lessen/localplayer/recording/yrecording.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://145.32.101.39/activex/AMC.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab40641.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zazo
O17 - HKLM\Software\..\Telephony: DomainName = zazo
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = zazo
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = zazo
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = zazo
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--
End of file - 13674 bytes

**Marckie** · 26-05-08, 20:08

Dit ziet er al beter uit.
Zijn er nog problemen?

**adkieb** · 26-05-08, 20:13

Eigenlijk niet, ik heb de indruk dat ie weer goed draait.

Hardstikke bedankt!

**Marckie** · 26-05-08, 20:30

Mooi zo.

Doe dit nog:
Ga naar Start - Uitvoeren en tik in: ComboFix /u
Druk op Enter.

Ga naar Kaspersky Online Scanner en klik onderaan op Accept.
Deze scanner werkt uitsluitend met Internet Explorer 6 en hoger !!
Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. Sta dit toe.

Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op Next.
Klik vervolgens op de toets Scan Settings.
Onder de tekst Scan using the following antivirus database: kies je de tweede mogelijkheid: extended - protect your .....
Onder de tekst Scan options: zet je de twee vinkjes: Scan Archives .... en Scan Mail Bases ....
Klik dan op de toets OK.
Start nu het scannen door op de tekst My Computer te klikken.

Hou er rekening mee dat deze scan een tijdje in beslag neemt.
Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan.
Klik op de toets Save Report As te klikken. Sla het rapport op je Bureaublad op met als naam kavscan.txt

Post dit rapport in je volgende bericht.

**adkieb** · 27-05-08, 21:13

Ik heb de Kaspersky scan uitgevoerd. Bijgaand het opgeslagen bestand

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 27, 2008 9:10:15 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/05/2008
Kaspersky Anti-Virus database records: 801536
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 116586
Number of viruses found: 5
Number of infected objects: 11
Number of suspicious objects: 0
Duration of the scan process: 02:49:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Ad van den Kieboom\Application Data\Sun\Java\Deployment\cache\6.0\60\262b227c-67ed1ddc/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Ad van den Kieboom\Application Data\Sun\Java\Deployment\cache\6.0\60\262b227c-67ed1ddc/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Ad van den Kieboom\Application Data\Sun\Java\Deployment\cache\6.0\60\262b227c-67ed1ddc/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Ad van den Kieboom\Application Data\Sun\Java\Deployment\cache\6.0\60\262b227c-67ed1ddc ZIP: infected - 3 skipped
C:\Documents and Settings\Ad van den Kieboom\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ad van den Kieboom\Local Settings\Application Data\Identities\{54DFE95A-1621-4B12-AD67-9DD4CAC88185}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Ad van den Kieboom\Local Settings\Application Data\Identities\{54DFE95A-1621-4B12-AD67-9DD4CAC88185}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Ad van den Kieboom\Local Settings\Application Data\Identities\{54DFE95A-1621-4B12-AD67-9DD4CAC88185}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Documents and Settings\Ad van den Kieboom\Local Settings\Application Data\Identities\{54DFE95A-1621-4B12-AD67-9DD4CAC88185}\Microsoft\Outlook Express\Postvak IN.dbx Object is locked skipped
C:\Documents and Settings\Ad van den Kieboom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ad van den Kieboom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ad van den Kieboom\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ad van den Kieboom\Local Settings\Geschiedenis\History.IE5\MSHist012008052720080528\index.dat Object is locked skipped
C:\Documents and Settings\Ad van den Kieboom\Local Settings\Temp\Free Download Manager\tic15.tmp Object is locked skipped
C:\Documents and Settings\Ad van den Kieboom\Local Settings\Temp\Free Download Manager\tic16.tmp Object is locked skipped
C:\Documents and Settings\Ad van den Kieboom\Local Settings\Temp\~DF35C9.tmp Object is locked skipped
C:\Documents and Settings\Ad van den Kieboom\Local Settings\Temp\~DFA254.tmp Object is locked skipped
C:\Documents and Settings\Ad van den Kieboom\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ad van den Kieboom\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ad van den Kieboom\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\c74c6f795ada87022536668c055d2c0e_0cdb5483-b1f5-4371-9e1e-4d2538351b5b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Rob\Mijn documenten\Downloads\kf151.zip/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped
C:\Documents and Settings\Rob\Mijn documenten\Downloads\kf151.zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Rob\Mijn documenten\Downloads\kf151.zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Rob\Mijn documenten\Downloads\kf151.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Rob\Mijn documenten\Downloads\kf151.zip ZIP: infected - 4 skipped
C:\f3dcb2d3eeddbd7fb59c1d0c\msxml4-KB927978-enu.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Interne bescherming.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\agent.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\BWLocalWebListener.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\FileDL.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000016.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\RG.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\scheddbg.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6DD67A3D-B07F-4376-B7D0-72D7A6198C4E}\RP71\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B2EF198C-55D4-48B1-B61C-DD8D8344BA5D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_65c.dat Object is locked skipped
C:\WINDOWS\temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

**adkieb** · 27-05-08, 21:33

Volgens mij start wel mijn Avast OP-toegangscanner niet meer op. Vanuit de console kan ik hem ook niet activeren. Enig idee hoe ik dat kan fixen ?

**Marckie** · 27-05-08, 22:54

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
"C:\Documents and Settings\Rob\Mijn documenten\Downloads\kf151.zip") DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted successfully>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

Download ATF cleaner (gemaakt door Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
In het venster "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Gebruik je ook Firefox als browser:
Klik op het tabblad "Firefox" en plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Gebruik je ook Opera als browser:
Klik op het tabblad "Opera" en plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.

Ga naar het menu "Main" en klik op de knop Exit om het programma af te sluiten.

**adkieb** · 28-05-08, 23:12

Bijgaand de inhoud van de logfile :

Deleting files
"C:\Documents and Settings\Rob\Mijn documenten\Downloads\kf151.zip" deleted successfully

**adkieb** · 28-05-08, 23:16

En ik heb inmiddels ATF cleaner uitgevoerd

**Marckie** · 28-05-08, 23:16

Zijn er nog problemen adkieb?

**adkieb** · 28-05-08, 23:26

Problemen niet echt. Het enige wat ik nog mis is het Avast balletje in het systeemvak als toegangsscanner. Kijk ik bij systeemvak dan staat ie bij de niet actieve items. Kijk ik bij de windows beveiliging (bij configuratiescherm) dan staat er dat die het gewoon doet. Dus ik weet eigenlijk niet of dat dat een probleem is.

**Marckie** · 29-05-08, 17:32

Geen idee.
Indien je twijfelt kan je Avast deïnstalleren, herstarten en dan opnieuw installeren.

**adkieb** · 29-05-08, 19:31

Ok. In elk geval hardstikke bedankt voor de genomen moeite.

Mededeling

Hoe kom ik van [email protected] af?

Hoe kom ik van [email protected] af?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment