Mededeling

Collapse
No announcement yet.

Hoe kom ik van [email protected] af?

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Hoe kom ik van [email protected] af?

    Ik heb momenteel last van een virus [email protected] Ik krijg steeds meldingen van mijn virusscanner (Avast) dat er Malware Win32:[email protected] (Trj), een trojaans paard is gevonden. Het is inmiddels zover dat ik deze bestanden niet meer kan verwijderen of in de kluis kan plaatsen

    Verder kreeg ik meldingen van spy ware guard dat er een BHO was toegevoegd. Als ik deze wilde weigeren bleef de melding steeds terugkomen. Hoe kom ik van die ellende af ?

    Hier is mijn HijackThis log :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:23:04, on 25-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\vsnp2std.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=Q305&bd=pavilion&pf=laptop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: (no name) - {21D343B1-AFCA-4678-86F1-27020746E93B} - C:\WINDOWS\system32\opnnomjK.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: {84de4482-e3b9-4c7b-1a84-a4ba50a49c16} - {61c94a05-ab4a-48a1-b7c4-9b3e2844ed48} - C:\WINDOWS\system32\jgrhhlnk.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
    O2 - BHO: (no name) - {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} - C:\WINDOWS\system32\mlJbYRlk.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
    O4 - HKLM\..\Run: [BM52a6abc8] Rundll32.exe "C:\WINDOWS\system32\tytghrxs.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {30CADB40-6FD7-433F-BF0D-4827CA7B5BDF} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab
    O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab46783.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152955242109
    O16 - DPF: {82CF9738-0BDA-4AAF-AB08-5AC5875FF3BB} (YMultiRecord Class) - http://www2.malmberg.nl/online_lessen/localplayer/recording/yrecording.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://145.32.101.39/activex/AMC.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab40641.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zazo
    O17 - HKLM\Software\..\Telephony: DomainName = zazo
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = zazo
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = zazo
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = zazo
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O20 - Winlogon Notify: mlJbYRlk - C:\WINDOWS\SYSTEM32\mlJbYRlk.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    --
    End of file - 14356 bytes

  • #2
    Hallo,

    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: (no name) - {21D343B1-AFCA-4678-86F1-27020746E93B} - C:\WINDOWS\system32\opnnomjK.dll
    O2 - BHO: {84de4482-e3b9-4c7b-1a84-a4ba50a49c16} - {61c94a05-ab4a-48a1-b7c4-9b3e2844ed48} - C:\WINDOWS\system32\jgrhhlnk.dll
    O2 - BHO: (no name) - {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} - C:\WINDOWS\system32\mlJbYRlk.dll
    O4 - HKLM\..\Run: [BM52a6abc8] Rundll32.exe "C:\WINDOWS\system32\tytghrxs.dll",s
    O20 - Winlogon Notify: mlJbYRlk - C:\WINDOWS\SYSTEM32\mlJbYRlk.dll


    Klik daarna op "Fix checked" en sluit HijackThis af.

    Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
    Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Comment


    • #3
      Combofix:
      ComboFix 08-05-25.5 - Ad van den Kieboom 2008-05-26 18:57:31.1 - NTFSx86
      Gestart vanuit: C:\Documents and Settings\Ad van den Kieboom\Mijn documenten\Nieuwe map\ComboFix.exe
      Command switches used :: C:\Documents and Settings\Ad van den Kieboom\Mijn documenten\Nieuwe map\WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\BM52a6abc8.xml
      C:\WINDOWS\cookies.ini
      C:\WINDOWS\Downloaded Program Files\setup.inf
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\system32\ddcAsqPj.dll
      C:\WINDOWS\system32\Kjmonnpo.ini
      C:\WINDOWS\system32\Kjmonnpo.ini2
      C:\WINDOWS\system32\mdyvwyim.ini
      C:\WINDOWS\system32\mlJbYRlk.dll
      C:\WINDOWS\system32\MSINET.oca
      C:\WINDOWS\system32\pmnnLCSJ.dll

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))
      .

      2008-05-25 19:00 . 2008-05-25 19:01 <DIR> d-------- C:\Program Files\Panda Security
      2008-05-25 09:49 . 2008-05-25 09:49 <DIR> d-------- C:\Program Files\Trend Micro
      2008-05-21 17:08 . 2008-05-21 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
      2008-05-21 17:08 . 2008-05-21 17:08 1,025 --a------ C:\WINDOWS\system32\sysprs7.tgz
      2008-05-21 17:08 . 2008-05-21 17:08 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
      2008-05-21 17:08 . 2008-05-21 17:08 1,025 --a------ C:\WINDOWS\system32\clauth2.dll
      2008-05-21 17:08 . 2008-05-21 17:08 1,025 --a------ C:\WINDOWS\system32\clauth1.dll
      2008-05-21 17:08 . 2008-05-21 17:08 219 --a------ C:\WINDOWS\system32\lsprst7.tgz
      2008-05-21 17:08 . 2008-05-21 17:08 205 --a------ C:\WINDOWS\system32\lsprst7.dll
      2008-05-21 17:08 . 2008-05-21 17:08 87 --a------ C:\WINDOWS\system32\ssprs.tgz
      2008-05-21 17:08 . 2008-05-21 17:08 73 --a------ C:\WINDOWS\system32\ssprs.dll
      2008-05-15 10:12 . 2008-05-21 16:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-05-15 10:12 . 2008-05-15 10:12 1,409 --a------ C:\WINDOWS\QTFont.for
      2008-05-10 15:46 . 2008-05-10 15:47 <DIR> d-------- C:\Documents and Settings\Conny\Application Data\gtk-2.0
      2008-05-10 15:42 . 2008-05-10 15:55 <DIR> d-------- C:\Documents and Settings\Conny\Application Data\.purple
      2008-05-07 21:15 . 2008-05-07 21:57 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\.purple
      2008-05-07 21:13 . 2008-05-07 21:14 <DIR> d-------- C:\Program Files\Aspell
      2008-05-07 21:12 . 2008-05-07 21:14 <DIR> d-------- C:\Program Files\Pidgin
      2008-05-07 21:11 . 2008-05-07 21:11 <DIR> d-------- C:\Program Files\Common Files\GTK
      2008-04-30 02:58 . 2008-04-30 02:58 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
      2008-04-29 00:45 . 2004-12-13 16:44 167,936 --a------ C:\WINDOWS\system32\igfxres.dll
      2008-04-29 00:34 . 2004-08-04 14:00 48,256 --a--c--- C:\WINDOWS\system32\dllcache\w32.dll
      2008-04-29 00:34 . 2004-08-04 14:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
      2008-04-29 00:34 . 2004-08-04 14:00 31,488 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
      2008-04-29 00:32 . 2004-08-04 14:00 111,104 --a--c--- C:\WINDOWS\system32\dllcache\mtstocom.exe
      2008-04-29 00:32 . 2004-08-04 14:00 92,416 --a--c--- C:\WINDOWS\system32\dllcache\mga.sys
      2008-04-29 00:32 . 2004-08-04 14:00 92,032 --a--c--- C:\WINDOWS\system32\dllcache\mga.dll
      2008-04-29 00:32 . 2001-09-06 21:26 65,536 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
      2008-04-29 00:32 . 2001-09-06 21:27 38,912 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
      2008-04-29 00:32 . 2004-08-04 14:00 33,792 --a--c--- C:\WINDOWS\system32\dllcache\lmmib2.dll
      2008-04-29 00:32 . 2004-08-04 14:00 23,040 --a--c--- C:\WINDOWS\system32\dllcache\lpdsvc.dll
      2008-04-29 00:32 . 2004-08-04 14:00 19,456 --a--c--- C:\WINDOWS\system32\dllcache\lprmon.dll
      2008-04-29 00:32 . 2004-08-04 14:00 18,432 --a--c--- C:\WINDOWS\system32\dllcache\jupiw.dll
      2008-04-29 00:32 . 2004-08-04 14:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\migregdb.exe
      2008-04-29 00:30 . 2004-08-04 14:00 332,800 --a--c--- C:\WINDOWS\system32\dllcache\aqueue.dll
      2008-04-29 00:29 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
      2008-04-29 00:26 . 2004-08-04 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
      2008-04-29 00:26 . 2008-04-29 00:26 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
      2008-04-29 00:26 . 2008-04-29 00:26 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
      2008-04-29 00:26 . 2008-04-29 00:26 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
      2008-04-29 00:26 . 2008-04-29 00:26 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
      2008-04-29 00:26 . 2008-04-29 00:26 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
      2008-04-28 23:52 . 2004-08-04 14:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
      2008-04-28 23:51 . 2004-08-04 14:00 1,086,058 -ra------ C:\WINDOWS\SETFC.tmp
      2008-04-28 23:51 . 2004-08-04 14:00 1,014,139 -ra------ C:\WINDOWS\SETF9.tmp

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-25 22:04 --------- d-----w C:\Program Files\Total Video Converter
      2008-05-25 22:00 --------- d-----w C:\Program Files\Multi Theft Auto
      2008-05-25 18:00 --------- d-----w C:\Program Files\DC++
      2008-05-08 07:15 --------- d-s---w C:\Program Files\Xfire
      2008-05-07 19:58 --------- d-----w C:\Documents and Settings\Chris\Application Data\Xfire
      2008-05-06 18:42 --------- d-----w C:\Program Files\DigiLeen
      2008-05-04 16:22 --------- d-----w C:\Program Files\TetriNet2
      2008-04-29 21:01 --------- d-----w C:\Program Files\Creative
      2008-04-29 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-04-28 20:13 --------- d-----w C:\Program Files\Google
      2008-04-12 19:23 --------- d-----w C:\Program Files\Hp
      2008-04-11 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2008-04-05 22:45 --------- d-----w C:\Documents and Settings\Ad van den Kieboom\Application Data\Leadertech
      2007-03-04 12:59 162 ----a-w C:\Documents and Settings\Rob\Application Data\wklnhst.dat
      2006-04-29 17:49 184 ----a-w C:\Documents and Settings\Chris\Application Data\wklnhst.dat
      2006-04-27 06:29 435 ----a-w C:\Program Files\mtachat.txt
      2006-08-24 14:04 32,768 ----a-w C:\Program Files\mozilla firefox\plugins\MsnChat40nl-nl.dll
      2008-01-11 18:21 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-28 18:13 68856]
      "igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57 1103480]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-13 16:43 155648]
      "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-13 16:38 126976]
      "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 13:48 1388544]
      "AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 13:20 88363 C:\WINDOWS\AGRSMMSG.exe]
      "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-02-08 18:38 159744]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
      "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 15:21 794624]
      "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
      "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54 253952]
      "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
      "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
      "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
      "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24 278528]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-17 15:29 282624]
      "tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2005-08-17 15:57 90112]
      "snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-08-16 21:54 339968]
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-03-22 12:24 220160]
      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 16:09 63712]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00 208952]
      "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 15:00 44032]
      "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 14:00 59392]
      "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
      "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
      "MP10_EnsureFileVer"="C:\WINDOWS\inf\unregmp2.exe" [2004-08-04 14:00 208896]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
      "Spyware Doctor"=""

      C:\Documents and Settings\Rob\Menu Start\Programma's\Opstarten\
      Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]
      SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 20:05:35 360448]

      C:\Documents and Settings\Ad van den Kieboom\Menu Start\Programma's\Opstarten\
      SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 20:05:35 360448]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18 16432]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "DisableCAD"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.XFR1"= xfcodec.dll

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\DC++\\DCPlusPlus.exe"=
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\WINDOWS\\system32\\mmc.exe"=
      "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
      "C:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
      "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
      "C:\\Program Files\\Multi Theft Auto\\MTAServer.exe"=
      "C:\\Program Files\\Multi Theft Auto\\Server\\MTAServer.exe"=
      "C:\\Program Files\\Teamspeak2_RC2_\\server_windows.exe"=
      "C:\\Program Files\\mIRC\\mirc.exe"=
      "C:\\Program Files\\MSN\\MSNCoreFiles\\msn6.exe"=
      "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
      "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      "C:\\Program Files\\Azureus\\Azureus.exe"=
      "C:\\Program Files\\tswebeditor\\tswebeditor.exe"=
      "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
      "C:\\Program Files\\Xfire\\xfire.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\DigiLeen\\Digileen.exe"=
      "C:\\Program Files\\Free Download Manager\\fdm.exe"=
      "C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "3389:TCP"= 3389:TCPxpsp2res.dll,-22009

      R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 20:06]
      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
      S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-08-26 20:41]

      .
      Inhoud van de 'Gedeelde Taken' map
      "2007-08-30 18:48:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2006-04-11 14:32:00 C:\WINDOWS\Tasks\Eenvoudige Internetaanmelding.job"
      - C:\Program Files\Easy Internet signup\HPSdpApp.exe
      "2008-04-27 23:26:42 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
      - C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
      "2008-05-26 17:29:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
      - C:\Program Files\Symantec\LiveUpdate\NDetect.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-26 19:24:13
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\ewido anti-malware\ewidoctrl.exe
      C:\WINDOWS\system32\drivers\KodakCCS.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\ScsiAccess.EXE
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Apoint2K\ApntEx.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\Program Files\HPQ\Shared\hpqwmi.exe
      C:\Program Files\SpywareGuard\sgbhp.exe
      C:\WINDOWS\system32\imapi.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-05-26 19:33:47 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-05-26 17:33:33

      Pre-Run: 9,645,854,720 bytes beschikbaar
      Post-Run: 11,074,805,760 bytes beschikbaar

      WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
      C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

      229 --- E O F --- 2008-05-24 23:46:38

      HijackThis:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:34:55, on 26-5-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\ewido anti-malware\ewidoctrl.exe
      C:\WINDOWS\system32\drivers\KodakCCS.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\ScsiAccess.EXE
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Apoint2K\Apoint.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
      C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\tsnp2std.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\vsnp2std.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\HPQ\SHARED\HPQWMI.exe
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
      C:\Program Files\SpywareGuard\sgmain.exe
      C:\Program Files\SpywareGuard\sgbhp.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=Q305&bd=pavilion&pf=laptop
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
      O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
      O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
      O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
      O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
      O16 - DPF: {30CADB40-6FD7-433F-BF0D-4827CA7B5BDF} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab
      O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab46783.cab
      O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
      O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
      O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
      O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152955242109
      O16 - DPF: {82CF9738-0BDA-4AAF-AB08-5AC5875FF3BB} (YMultiRecord Class) - http://www2.malmberg.nl/online_lessen/localplayer/recording/yrecording.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
      O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://145.32.101.39/activex/AMC.cab
      O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
      O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
      O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
      O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
      O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab40641.cab
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zazo
      O17 - HKLM\Software\..\Telephony: DomainName = zazo
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = zazo
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = zazo
      O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = zazo
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

      --
      End of file - 13674 bytes

      Comment


      • #4
        Dit ziet er al beter uit.
        Zijn er nog problemen?

        Comment


        • #5
          Eigenlijk niet, ik heb de indruk dat ie weer goed draait.

          Hardstikke bedankt!

          Comment


          • #6
            Mooi zo.

            Doe dit nog:
            Ga naar Start - Uitvoeren en tik in: ComboFix /u
            Druk op Enter.

            Ga naar Kaspersky Online Scanner en klik onderaan op Accept.
            Deze scanner werkt uitsluitend met Internet Explorer 6 en hoger !!
            Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. Sta dit toe.
            • Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op Next.
            • Klik vervolgens op de toets Scan Settings.
              Onder de tekst Scan using the following antivirus database: kies je de tweede mogelijkheid: extended - protect your .....
              Onder de tekst Scan options: zet je de twee vinkjes: Scan Archives .... en Scan Mail Bases ....
            • Klik dan op de toets OK.
            • Start nu het scannen door op de tekst My Computer te klikken.


              Hou er rekening mee dat deze scan een tijdje in beslag neemt.
            • Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan.
              Klik op de toets Save Report As te klikken. Sla het rapport op je Bureaublad op met als naam kavscan.txt

            Post dit rapport in je volgende bericht.

            Comment


            • #7
              Ik heb de Kaspersky scan uitgevoerd. Bijgaand het opgeslagen bestand

              -------------------------------------------------------------------------------
              KASPERSKY ONLINE SCANNER REPORT
              Tuesday, May 27, 2008 9:10:15 PM
              Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
              Kaspersky Online Scanner version: 5.0.98.0
              Kaspersky Anti-Virus database last update: 27/05/2008
              Kaspersky Anti-Virus database records: 801536
              -------------------------------------------------------------------------------

              Scan Settings:
              Scan using the following antivirus database: extended
              Scan Archives: true
              Scan Mail Bases: true

              Scan Target - My Computer:
              C:\
              D:\

              Scan Statistics:
              Total number of scanned objects: 116586
              Number of viruses found: 5
              Number of infected objects: 11
              Number of suspicious objects: 0
              Duration of the scan process: 02:49:10

              Infected Object Name / Virus Name / Last Action
              C:\Documents and Settings\Ad van den Kieboom\Application Data\Sun\Java\Deployment\cache\6.0\60\262b227c-67ed1ddc/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
              C:\Documents and Settings\Ad van den Kieboom\Application Data\Sun\Java\Deployment\cache\6.0\60\262b227c-67ed1ddc/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
              C:\Documents and Settings\Ad van den Kieboom\Application Data\Sun\Java\Deployment\cache\6.0\60\262b227c-67ed1ddc/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
              C:\Documents and Settings\Ad van den Kieboom\Application Data\Sun\Java\Deployment\cache\6.0\60\262b227c-67ed1ddc ZIP: infected - 3 skipped
              C:\Documents and Settings\Ad van den Kieboom\Cookies\index.dat Object is locked skipped
              C:\Documents and Settings\Ad van den Kieboom\Local Settings\Application Data\Identities\{54DFE95A-1621-4B12-AD67-9DD4CAC88185}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
              C:\Documents and Settings\Ad van den Kieboom\Local Settings\Application Data\Identities\{54DFE95A-1621-4B12-AD67-9DD4CAC88185}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
              C:\Documents and Settings\Ad van den Kieboom\Local Settings\Application Data\Identities\{54DFE95A-1621-4B12-AD67-9DD4CAC88185}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped
              C:\Documents and Settings\Ad van den Kieboom\Local Settings\Application Data\Identities\{54DFE95A-1621-4B12-AD67-9DD4CAC88185}\Microsoft\Outlook Express\Postvak IN.dbx Object is locked skipped
              C:\Documents and Settings\Ad van den Kieboom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
              C:\Documents and Settings\Ad van den Kieboom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
              C:\Documents and Settings\Ad van den Kieboom\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
              C:\Documents and Settings\Ad van den Kieboom\Local Settings\Geschiedenis\History.IE5\MSHist012008052720080528\index.dat Object is locked skipped
              C:\Documents and Settings\Ad van den Kieboom\Local Settings\Temp\Free Download Manager\tic15.tmp Object is locked skipped
              C:\Documents and Settings\Ad van den Kieboom\Local Settings\Temp\Free Download Manager\tic16.tmp Object is locked skipped
              C:\Documents and Settings\Ad van den Kieboom\Local Settings\Temp\~DF35C9.tmp Object is locked skipped
              C:\Documents and Settings\Ad van den Kieboom\Local Settings\Temp\~DFA254.tmp Object is locked skipped
              C:\Documents and Settings\Ad van den Kieboom\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
              C:\Documents and Settings\Ad van den Kieboom\NTUSER.DAT Object is locked skipped
              C:\Documents and Settings\Ad van den Kieboom\ntuser.dat.LOG Object is locked skipped
              C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\c74c6f795ada87022536668c055d2c0e_0cdb5483-b1f5-4371-9e1e-4d2538351b5b Object is locked skipped
              C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
              C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
              C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
              C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
              C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
              C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
              C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
              C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
              C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
              C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
              C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
              C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
              C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
              C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
              C:\Documents and Settings\Rob\Mijn documenten\Downloads\kf151.zip/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped
              C:\Documents and Settings\Rob\Mijn documenten\Downloads\kf151.zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
              C:\Documents and Settings\Rob\Mijn documenten\Downloads\kf151.zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
              C:\Documents and Settings\Rob\Mijn documenten\Downloads\kf151.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
              C:\Documents and Settings\Rob\Mijn documenten\Downloads\kf151.zip ZIP: infected - 4 skipped
              C:\f3dcb2d3eeddbd7fb59c1d0c\msxml4-KB927978-enu.log Object is locked skipped
              C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
              C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
              C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
              C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
              C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
              C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
              C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
              C:\Program Files\Alwil Software\Avast4\DATA\report\Interne bescherming.txt Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\agent.log Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\BWLocalWebListener.log Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\FileDL.log Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000016.FCS Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\RG.log Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\scheddbg.log Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
              C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
              C:\Program Files\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
              C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
              C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
              C:\System Volume Information\_restore{6DD67A3D-B07F-4376-B7D0-72D7A6198C4E}\RP71\change.log Object is locked skipped
              C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
              C:\WINDOWS\SchedLgU.Txt Object is locked skipped
              C:\WINDOWS\SoftwareDistribution\EventCache\{B2EF198C-55D4-48B1-B61C-DD8D8344BA5D}.bin Object is locked skipped
              C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
              C:\WINDOWS\Sti_Trace.log Object is locked skipped
              C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
              C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
              C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
              C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
              C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
              C:\WINDOWS\system32\config\default Object is locked skipped
              C:\WINDOWS\system32\config\default.LOG Object is locked skipped
              C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
              C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
              C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
              C:\WINDOWS\system32\config\SAM Object is locked skipped
              C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
              C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
              C:\WINDOWS\system32\config\SECURITY Object is locked skipped
              C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
              C:\WINDOWS\system32\config\software Object is locked skipped
              C:\WINDOWS\system32\config\software.LOG Object is locked skipped
              C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
              C:\WINDOWS\system32\config\system Object is locked skipped
              C:\WINDOWS\system32\config\system.LOG Object is locked skipped
              C:\WINDOWS\system32\h323log.txt Object is locked skipped
              C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
              C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
              C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
              C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
              C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
              C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
              C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
              C:\WINDOWS\temp\Perflib_Perfdata_65c.dat Object is locked skipped
              C:\WINDOWS\temp\_avast4_\Webshlock.txt Object is locked skipped
              C:\WINDOWS\wiadebug.log Object is locked skipped
              C:\WINDOWS\wiaservc.log Object is locked skipped
              C:\WINDOWS\WindowsUpdate.log Object is locked skipped

              Scan process completed.

              Comment


              • #8
                Volgens mij start wel mijn Avast OP-toegangscanner niet meer op. Vanuit de console kan ik hem ook niet activeren. Enig idee hoe ik dat kan fixen ?

                Comment


                • #9
                  Open een kladblokbestand.
                  Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
                  @ECHO OFF
                  IF EXIST log.txt DEL log.txt
                  ECHO Deleting files>>log.txt
                  FOR %%g in (
                  "C:\Documents and Settings\Rob\Mijn documenten\Downloads\kf151.zip") DO (
                  IF EXIST %%g (
                  ATTRIB -r -s -h %%g
                  DEL %%g
                  IF EXIST %%g (
                  ECHO %%g not deleted>>log.txt
                  ) ELSE (
                  ECHO %%g deleted successfully>>log.txt)
                  ) ELSE (
                  ECHO %%g not found>>log.txt))
                  START NOTEPAD.EXE log.txt

                  Ga naar Bestand - Opslaan als.
                  Bij "Opslaan in" kies je: Bureaublad
                  Bij "Bestandsnaam" zet je: del.bat
                  Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                  Klik op de knop Opslaan.

                  Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                  Download ATF cleaner (gemaakt door Atribune)
                  Dubbelklik op ATF cleaner om het programma te starten.
                  In het venster "Main", plaats je een vinkje bij Select All.
                  Klik op de knop Empty Selected.

                  Gebruik je ook Firefox als browser:
                  Klik op het tabblad "Firefox" en plaats een vinkje bij Select All.
                  Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                  (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                  Klik op de knop Empty Selected.

                  Gebruik je ook Opera als browser:
                  Klik op het tabblad "Opera" en plaats een vinkje bij Select All.
                  Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                  Klik op de knop Empty Selected.

                  Ga naar het menu "Main" en klik op de knop Exit om het programma af te sluiten.

                  Comment


                  • #10
                    Bijgaand de inhoud van de logfile :

                    Deleting files
                    "C:\Documents and Settings\Rob\Mijn documenten\Downloads\kf151.zip" deleted successfully


                    Comment


                    • #11
                      En ik heb inmiddels ATF cleaner uitgevoerd

                      Comment


                      • #12
                        Zijn er nog problemen adkieb?

                        Comment


                        • #13
                          Problemen niet echt. Het enige wat ik nog mis is het Avast balletje in het systeemvak als toegangsscanner. Kijk ik bij systeemvak dan staat ie bij de niet actieve items. Kijk ik bij de windows beveiliging (bij configuratiescherm) dan staat er dat die het gewoon doet. Dus ik weet eigenlijk niet of dat dat een probleem is.

                          Comment


                          • #14
                            Geen idee.
                            Indien je twijfelt kan je Avast deïnstalleren, herstarten en dan opnieuw installeren.

                            Comment


                            • #15
                              Ok. In elk geval hardstikke bedankt voor de genomen moeite.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X