Scweez

Sinds gisteren doet mijn laptop nogal raar. Eerst was er een zogezegde antivirus die heel mijn systeem overnam, 'ThinkPoint'. Met behulp van Malwarebytes heb ik het kunnen verwijderen. Maar ik heb nog steeds problemen. Als ik iets begin te downloaden sluit mijn laptop zich af en verschijnt er een blauw scherm met een foutmelding. Als de laptop opgestart is wordt er ook gevraagd om een bestand 'TMD.tmp' te openen. Alles verloopt ook veel trager dan normaal. Internet Explorer laadt enorm lang. Kan iemand me helpen met dit probleem? Ik heb alvast een HJT-logje gemaakt. Bedankt! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:14:35, on 26/10/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\sony\ISB Utility\ISBMgr.exe C:\Program Files\sony\Marketing Tools\MarketingTools.exe C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\sony\Network Utility\LANUtil.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\sony\VAIO Media plus\VMpTtray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Club VAIO | Choose your country R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Club VAIO | Choose your country R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe O4 - HKLM\..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe InitApp O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [VMpTtray.exe] C:\Program Files\sony\VAIO Media plus\VMpTtray.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [android 1] C:\Users\Sony\AppData\Local\Temp\~TMD2B0.tmp O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Audio Filter.lnk = C:\Program Files\sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\Users\Sony\DOCUME~1\School\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Users\Sony\DOCUME~1\School\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - c:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HideMyIpSRV - HideMyIP - C:\Program Files\Hide My IP\HideMyIpSrv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: NSUService - Sony Corporation - C:\Program Files\sony\Network Utility\NSUService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VUAgent - Sony Corporation - C:\Program Files\sony\VAIO Update 5\VUAgent.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 15359 bytes

19 december... Toen heb ik de laatste keer een bestand geëxporteerd met Mixmeister, dus alles werkte behoorlijk!

Ik heb de pc hersteld naar het punt waar alles werkte en de programma's lopen weer normaal. Het exporteren van bestanden lukt opnieuw. Is nu ook terug de spyware aanwezig door de systeemherstel? Dan heb ik Combofix laten runnen en dit is dan het logje samen met een nieuw HJT logje... ComboFix 09-01-08.05 - Gebruiker 2009-01-09 16:52:16.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.255.51 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2008-12-09 to 2009-01-09 )))))))))))))))))))))))))))))) . 2009-01-09 15:48 . 2009-01-09 16:07 <DIR> d-------- c:\program files\PokerStars.NET 2009-01-08 12:38 . 2009-01-09 15:48 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-08 12:38 . 2009-01-08 12:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-07 21:15 . 2009-01-07 21:15 <DIR> d-------- c:\program files\Trend Micro 2009-01-05 16:37 . 2009-01-05 16:37 <DIR> d-------- c:\program files\FDRLab 2008-12-21 20:02 . 2008-12-21 20:02 0 --a------ c:\windows\nsreg.dat 2008-12-21 20:01 . 2009-01-09 15:50 <DIR> d-------- c:\program files\Mozilla Firefox(2) 2008-12-16 12:09 . 2008-12-16 12:10 <DIR> d-------- c:\program files\Common Files\Macromedia 2008-12-16 12:06 . 2008-12-16 12:10 <DIR> d-------- c:\program files\Macromedia 2008-12-11 21:50 . 2008-12-11 21:51 <DIR> d-------- c:\program files\Winmail Opener . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-09 15:07 --------- d-----w c:\program files\Uplink 2009-01-09 14:50 --------- d-----w c:\program files\MixMeister Fusion 7.2.2 2009-01-09 14:49 --------- d-----w c:\program files\VDOWNLOADER 2008-12-16 11:10 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-06 12:13 --------- d-----w c:\program files\MyDSC2 2008-12-01 18:24 62,404,828 ----a-w C:\mixmeister.fusion.v7.2.2.zip 2008-11-27 22:42 --------- d-----w c:\program files\GT Interactive 2008-11-27 22:40 100,434,884 ----a-w C:\Driver.exe 2008-11-25 14:22 --------- d-----w c:\program files\Xilisoft 2008-11-21 18:06 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus! 2008-11-12 15:17 --------- d-----w c:\program files\vanBasco's Karaoke Player 2008-11-12 14:58 --------- d-----w c:\program files\AV Vcs 4.0 DIAMOND . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2002-09-11 155648] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "GSICONEXE"="GSICON.EXE" [2001-05-29 c:\windows\system32\gsicon.exe] "DSLAGENTEXE"="dslagent.exe" [2001-05-18 c:\windows\system32\DSLAGENT.EXE] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "d:\\StubInstaller.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-08 97928] R4 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2008-08-08 11:28:15 13560] R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-13 875288] R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-13 231704] R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-08-08 76040] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2008-08-08 20160] S4 gafwload;Eicon Networks USB ADSL Loader;c:\windows\system32\drivers\gafwload.sys [2008-08-08 26923] . Inhoud van de 'Gedeelde Taken' map 2008-12-30 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1225370079.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52] . - - - - ORPHANS VERWIJDERD - - - - HKCU-Run-WebCamRT.exe - (no file) . ------- Bijkomende Scan ------- . uStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {292186E1-030B-41C7-B5B5-090E18871475} = 195.238.2.22 195.238.2.21 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-09 16:56:55 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(460) c:\windows\system32\avgrsstx.dll - - - - - - - > 'lsass.exe'(568) c:\windows\system32\avgrsstx.dll . Voltooingstijd: 2009-01-09 17:00:25 ComboFix-quarantined-files.txt 2009-01-09 16:00:17 Pre-Run: 2.708.578.304 bytes beschikbaar Post-Run: 2,748,035,072 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 123 --- E O F --- 2008-12-12 16:07:15 HJT logje Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:05:12, on 9/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\dslagent.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218201689793 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218233774593 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{292186E1-030B-41C7-B5B5-090E18871475}: NameServer = 195.238.2.22 195.238.2.21 O17 - HKLM\System\CS1\Services\Tcpip\..\{292186E1-030B-41C7-B5B5-090E18871475}: NameServer = 195.238.2.22 195.238.2.21 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 6994 bytes

Ik ben teruggekeerd naar het vorige herstelpunt, maar dan werkt het nog niet... Moet ik dan Combofix toch opstarten of niet?

Ik merk voorlopig weinig verschil, pc heeft het nog moeilijk met het laden van websites of programma's... En het probleem van het exporteren is nog niet opgelost. Enkele dagen geleden had ik een systeemherstel uitgevoerd, toen ging het exporteren met Windows Movie Maker wel terug goed... Maar twee dagen later weer niet meer Hetzelfde probleem met het programma Mixmeister... Wanneer ik op export file klik, de naam ingeef en op OK klik, dan verdwijnt het dialoogvenster en zit ik opnieuw in mijn programma... Er gebeurt dus niets! Enig idee waar dit mee kan te maken hebben? Allesinds toch al bedankt!

Ik heb de stappen doorlopen en voor de zekerheid toch het programma Pokerstars verwijderd. MBAM vond echter geen infecties. Hier zijn de logjes: Malwarebytes' Anti-Malware 1.32 Database versie: 1630 Windows 5.1.2600 Service Pack 3 8/01/2009 13:01:56 mbam-log-2009-01-08 (13-01-56).txt Scan type: Snelle Scan Objecten gescand: 65170 Verstreken tijd: 20 minute(s), 49 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:06:37, on 8/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\dslagent.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\AVG\AVG8\avgupd.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218201689793 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218233774593 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{292186E1-030B-41C7-B5B5-090E18871475}: NameServer = 195.238.2.22 195.238.2.21 O17 - HKLM\System\CS1\Services\Tcpip\..\{292186E1-030B-41C7-B5B5-090E18871475}: NameServer = 195.238.2.22 195.238.2.21 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 7072 bytes

Is dit programma onveilig? Of waarom moet ik dit verwijderen? Want ik speel dit spel al enkele maanden...

De laatste tijd merk ik meer en meer dat mijn pc trager werkt en zelfs vastloopt... Sommige programma's werken ook niet meer optimaal. Zo kan ik bijvoorbeeld filmpjes die ik maak met Windows Movie Maker niet meer exporteren! Daarom heb ik ook een HJT logje gemaakt... Hopelijk weet iemand raad! Alvast bedankt! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:16:28, on 7/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\dslagent.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218201689793 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218233774593 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{292186E1-030B-41C7-B5B5-090E18871475}: NameServer = 195.238.2.22 195.238.2.21 O17 - HKLM\System\CS1\Services\Tcpip\..\{292186E1-030B-41C7-B5B5-090E18871475}: NameServer = 195.238.2.22 195.238.2.21 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 7246 bytes

Mijn excuses voor de late reactie... Na de vorige stappen is mijn pc volledig vastgelopen waardoor hij niet meer opstartte... Dan heb ik die binnengebracht in de winkel en hebben ze een format van de C-schijf moeten doen. Vervolgens heb ik een nieuwe windows xp met sp2 laten installeren dus alles werkt nu prima! Wat de echte reden was van het niet meer opstarten, is mij onduidelijk... maar toch bedankt voor de reactie!

Hallo, Ik heb nu al enkele weken problemen met mijn internetverbinding (?) ... Alles begint na het opstarten, wanneer ik dubbelklik op het icoontje van ADSL om in te bellen, verdwijnt mijn taakbalk beneden! Na enkele pogingen lukt het dan toch om een verbinding te maken... zo is dit elke keer wanneer ik de pc opstart! Vervolgens loopt mijn internet explorer niet meer zoals enkele weken geleden. Bij elke muisklik blijft hij enkele seconden hangen of verschijnen er pop-ups, daarnaast gebeurt het ook soms dat hij plotseling zomaar alle vensters sluit... Tenslotte is mijn downloadsnelheid ook drastisch gedaald. Ik surf nog steeds met dezelfde bandbreedte en ik zit nog lang niet aan de maandelijkse limiet... Deze problemen zijn nogal vrij vervelend en ik hoop dat iemand me hierbij kan helpen! Alvast bedankt! Ik heb, indien nodig, ook een HJT logje gemaakt ... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:55:34, on 5/08/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\GSICON.EXE C:\WINDOWS\System32\dslagent.exe C:\WINDOWS\System32\drivers\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\explorer.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [C:\WINDOWS\system32\kddzs.exe] C:\WINDOWS\system32\kddzs.exe O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [sVCHOST.EXE] C:\WINDOWS\System32\drivers\svchost.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User '?') O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?') O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - https://livelink.groenkennisnet.nl/livelinksupport/webedit/lledit.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CF785CA6-5FDE-4CAE-B8EF-CF396AEB46E6}: NameServer = 195.238.2.22 195.238.2.21 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe -- End of file - 6392 bytes

Ik heb nu een paar uurtjes rondgesurfd op het internet en geen enkele pop-up gekregen. Volgens mij is het probleem van de baan. Heel erg bedankt!

Ik heb de stappen uitgevoerd die jij me hebt opgegeven... en dit is het resultaat van MBAM + een nieuw HJT logje. Alvast bedankt! Malwarebytes' Anti-Malware 1.18 Database versie: 895 17:21:40 27/06/2008 mbam-log-6-27-2008 (17-21-40).txt Scan type: Snelle Scan Objecten gescand: 40882 Verstreken tijd: 18 minute(s), 24 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 3 Registersleutels geïnfecteerd: 34 Registerwaarden geïnfecteerd: 5 Registerdata bestanden geïnfecteerd: 2 Mappen geïnfecteerd: 3 Bestanden geïnfecteerd: 35 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: C:\WINDOWS\system32\aggttxyu.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\cbXRLbBT.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\fccdbAqr.dll (Trojan.Vundo) -> Unloaded module successfully. Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b3a289e2-ac5c-4784-99a3-278856ace04e} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{b3a289e2-ac5c-4784-99a3-278856ace04e} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{b7c9058d-0f9c-32c0-83b6-740dfd8a6726} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{0979850f-6c3e-4294-b225-b3d3c4a6f2a1} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1bb2da5f-b78f-44ea-bda1-771cbe1dec68} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2a4e73c5-ba3c-4391-b7e5-ffe8d3bd6245} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{44a923ca-f430-4f85-9f84-5153ecdb882e} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4e6e21ec-9d72-4164-8a53-74786a467872} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{631e9e48-b066-43da-92ac-6dadf61b173b} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{65c1361c-e696-4af0-9e21-81910193f352} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{77dce805-c8ce-48aa-a47f-bfa6cc7704b3} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8d42769f-07d8-494d-aab4-aa1652c541fa} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a1922071-390c-418d-916d-91209e95d286} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a1f8cd95-cfb3-43d1-a956-63441cc058c1} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a63b46ad-96a7-4a2c-bd8f-8cd097e1593a} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a65f98dd-2360-468c-b76e-b1b84c0d547c} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ae2aeed0-be1b-4ba2-826e-20d1991081b8} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d7f73787-6206-4bba-bdc0-7cfa9940dbcb} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e770f739-2968-4ed9-a63c-dc1938dc82a2} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{cfafa83c-855b-4e3d-92b9-a587995b675a} (Rogue.VirusProtect) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3wPlayer_is1 (Trojan.Adware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9c28eafb-ff50-4f42-8d39-a006129cc907} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c28eafb-ff50-4f42-8d39-a006129cc907} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccdbaqr (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{02ffac45-0b10-5633-4296-1801f1a36678} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{f710fa10-2031-3106-8872-93a2b5c5c620} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{6780a29e-6a18-0c70-1dff-1610dde00108} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMe7dab506 (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9c28eafb-ff50-4f42-8d39-a006129cc907} (Trojan.Vundo) -> Delete on reboot. Registerdata bestanden geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxrlbbt -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxrlbbt -> Delete on reboot. Mappen geïnfecteerd: C:\Program Files\3wPlayer (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\3wPlayer\skins (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\system32\aggttxyu.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\uyxttgga.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cbXRLbBT.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\TBbLRXbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TBbLRXbc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rwwnw64d.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tcntaxdm.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\17PHolmes572.exe (Trojan.DownLoader) -> Quarantined and deleted successfully. C:\WINDOWS\mrofinu1000106.exe (Trojan.DownLoader) -> Quarantined and deleted successfully. C:\WINDOWS\mrofinu572.exe (Trojan.DownLoader) -> Quarantined and deleted successfully. C:\WINDOWS\mrofinu572.exe.tmp (Trojan.DownLoader) -> Quarantined and deleted successfully. C:\Documents and Settings\pc\Local Settings\Temp\winvsnet.exe (Rogue.AntiSpyMaster) -> Quarantined and deleted successfully. C:\Program Files\3wPlayer\3wPlayer.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\3wPlayer\settings.ini (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\3wPlayer\settings.stp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\3wPlayer\SkinCrafterDll.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\3wPlayer\test.gif (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\3wPlayer\unins000.dat (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\3wPlayer\unins000.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\3wPlayer\skins\Stylish.skf (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\Online Add-on\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Online Add-on\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hosts (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fvlpaonq.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully. C:\sysools.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xxyabxWP.dll (Backdoor.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mlJYrroP.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fccdbAqr.dll (Trojan.Vundo) -> Delete on reboot. C:\Documents and Settings\pc\Local Settings\Temp\snapsnet.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\pc\Local Settings\Temp\yazzsnet.exe (Trojan.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:30:30, on 27/06/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\dslagent.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: {77614b67-6ec3-2a28-d8c4-b3db21f87c4d} - {d4c78f12-bd3b-4c8d-82a2-3ce676b41677} - C:\WINDOWS\System32\lsmddrka.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User '?') O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?') O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - https://livelink.groenkennisnet.nl/livelinksupport/webedit/lledit.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CF785CA6-5FDE-4CAE-B8EF-CF396AEB46E6}: NameServer = 195.238.2.22 195.238.2.21 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe -- End of file - 5978 bytes

Goedemiddag, Ik heb sinds vandaag zwaar problemen met pop-upvensters wanneer ik een internetsite open. Meestal zijn het advertenties over anti-spyware programma's en dergelijke... maar soms blijft er eenzelfde site zich onafgebroken openen waardoor ik plots 25 vensters heb. Daarom heb ik even een HJT logje gemaakt... Als iemand mij kan helpen, ik zou je heel dankbaar zijn! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:56:29, on 27/06/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\drivers\svchost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\System32\msdtc.exe C:\WINDOWS\explorer.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [{98-86-63-35-DW}] c:\windows\system32\rwwnw64d.exe DWram1 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\tcntaxdm.exe DWram1 O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe O4 - HKLM\..\Run: [bMe7dab506] Rundll32.exe "C:\WINDOWS\System32\fvlpaonq.dll",s O4 - HKLM\..\Run: [e4e9869a] rundll32.exe "C:\WINDOWS\System32\aggttxyu.dll",b O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [sVCHOST.EXE] C:\WINDOWS\System32\drivers\svchost.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User '?') O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?') O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user') O4 - S-1-5-21-789336058-764733703-842925246-1003 Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntaxdm.exe (User '?') O4 - S-1-5-21-789336058-764733703-842925246-1003 Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe (User '?') O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntaxdm.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: *.amaena.com O15 - Trusted Zone: *.avsystemcare.com O15 - Trusted Zone: *.gomyhit.com O15 - Trusted Zone: *.imageservr.com O15 - Trusted Zone: *.imagesrvr.com O15 - Trusted Zone: *.onerateld.com O15 - Trusted Zone: *.safetydownload.com O15 - Trusted Zone: *.storageguardsoft.com O15 - Trusted Zone: *.trustedantivirus.com O15 - Trusted Zone: *.virusschlacht.com O15 - Trusted Zone: *.amaena.com (HKLM) O15 - Trusted Zone: *.avsystemcare.com (HKLM) O15 - Trusted Zone: *.gomyhit.com (HKLM) O15 - Trusted Zone: *.imageservr.com (HKLM) O15 - Trusted Zone: *.imagesrvr.com (HKLM) O15 - Trusted Zone: *.onerateld.com (HKLM) O15 - Trusted Zone: *.safetydownload.com (HKLM) O15 - Trusted Zone: *.storageguardsoft.com (HKLM) O15 - Trusted Zone: *.trustedantivirus.com (HKLM) O15 - Trusted Zone: *.virusschlacht.com (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - https://livelink.groenkennisnet.nl/livelinksupport/webedit/lledit.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CF785CA6-5FDE-4CAE-B8EF-CF396AEB46E6}: NameServer = 195.238.2.22 195.238.2.21 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe -- End of file - 7561 bytes

Beide problemen zijn nu opgelost! Heel erg bedankt... je verdient een standbeeld! Pc loopt nu lekker dankzij jou!

Goed, ik heb de laatst stappen doorlopen... Maar nu duiken er plots 2 nieuwe problemen op. Wanneer de pc opnieuw opgestart is en ik klik op een icoontje van mijn bureaublad (bijvoorbeeld een internetverbinding tot stand brengen), dan zal dit enkele minuten duren voor ik een venster krijg. Uiteindelijk opent dit dan toch en verschijnen er nog enkele icoontjes in de takenbalk. Het tweede probleem is een foutmelding wanneer ik internet explorer sluit. Een voorbeeld hiervan zie je in bijlage. Voor de rest... prima werk!

Hier is het volgende logje van Combofix: ComboFix 08-04-29.5 - pc 2008-05-02 10:37:15.3 - NTFSx86 Gestart vanuit: C:\Documents and Settings\pc\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\pc\Bureaublad\CFScript.txt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! FILE :: C:\Documents and Settings\All Users\Application Data\aqywakuz.dat C:\WINDOWS\system32\tempesfile.exe C:\WINDOWS\system32\yloto.bin C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At25.job C:\WINDOWS\Tasks\At26.job C:\WINDOWS\Tasks\At27.job C:\WINDOWS\Tasks\At28.job C:\WINDOWS\Tasks\At29.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At30.job C:\WINDOWS\Tasks\At31.job C:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.job C:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.job C:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.job C:\WINDOWS\Tasks\At49.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At50.job C:\WINDOWS\Tasks\At51.job C:\WINDOWS\Tasks\At52.job C:\WINDOWS\Tasks\At53.job C:\WINDOWS\Tasks\At54.job C:\WINDOWS\Tasks\At55.job C:\WINDOWS\Tasks\At56.job C:\WINDOWS\Tasks\At57.job C:\WINDOWS\Tasks\At58.job C:\WINDOWS\Tasks\At59.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At60.job C:\WINDOWS\Tasks\At61.job C:\WINDOWS\Tasks\At62.job C:\WINDOWS\Tasks\At63.job C:\WINDOWS\Tasks\At64.job C:\WINDOWS\Tasks\At65.job C:\WINDOWS\Tasks\At66.job C:\WINDOWS\Tasks\At67.job C:\WINDOWS\Tasks\At68.job C:\WINDOWS\Tasks\At69.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At70.job C:\WINDOWS\Tasks\At71.job C:\WINDOWS\Tasks\At72.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\aqywakuz.dat C:\WINDOWS\system32\tempesfile.exe C:\WINDOWS\system32\yloto.bin C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At25.job C:\WINDOWS\Tasks\At26.job C:\WINDOWS\Tasks\At27.job C:\WINDOWS\Tasks\At28.job C:\WINDOWS\Tasks\At29.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At30.job C:\WINDOWS\Tasks\At31.job C:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.job C:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.job C:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.job C:\WINDOWS\Tasks\At49.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At50.job C:\WINDOWS\Tasks\At51.job C:\WINDOWS\Tasks\At52.job C:\WINDOWS\Tasks\At53.job C:\WINDOWS\Tasks\At54.job C:\WINDOWS\Tasks\At55.job C:\WINDOWS\Tasks\At56.job C:\WINDOWS\Tasks\At57.job C:\WINDOWS\Tasks\At58.job C:\WINDOWS\Tasks\At59.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At60.job C:\WINDOWS\Tasks\At61.job C:\WINDOWS\Tasks\At62.job C:\WINDOWS\Tasks\At63.job C:\WINDOWS\Tasks\At64.job C:\WINDOWS\Tasks\At65.job C:\WINDOWS\Tasks\At66.job C:\WINDOWS\Tasks\At67.job C:\WINDOWS\Tasks\At68.job C:\WINDOWS\Tasks\At69.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At70.job C:\WINDOWS\Tasks\At71.job C:\WINDOWS\Tasks\At72.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-02 to 2008-05-02 )))))))))))))))))))))))))))))) . 2008-05-01 14:07 . 2008-05-01 14:07 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-01 12:59 . 2008-05-01 12:59 <DIR> d-------- C:\WINDOWS\ERUNT 2008-05-01 11:42 . 2008-05-01 13:25 <DIR> d-------- C:\SDFix 2008-05-01 11:00 . 2008-05-01 11:00 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-01 10:54 . 2008-05-01 10:54 <DIR> d-------- C:\Program Files\CCleaner 2008-04-30 09:44 . 2008-04-30 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-30 09:40 . 2008-04-30 09:40 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-23 11:10 . 2008-04-23 11:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-23 11:10 . 2008-04-23 11:10 1,409 --a------ C:\WINDOWS\QTFont.for . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-02 08:32 --------- d-----w C:\Documents and Settings\pc\Application Data\MegauploadToolbar 2008-05-01 07:35 --------- d-----w C:\Documents and Settings\pc\Application Data\AVG7 2008-04-30 16:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-04-24 06:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7 2008-04-24 05:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-04-19 12:28 --------- d-----w C:\Program Files\Incomplete 2008-04-19 12:21 --------- d-----w C:\Program Files\LimeWire 2008-04-06 15:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-03-27 10:08 --------- d-----w C:\Program Files\Windows Live 2008-03-27 10:08 --------- d-----w C:\Program Files\MSN Messenger 2008-03-27 10:08 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-03-19 11:40 131 ----a-w C:\Program Files\musiCutter.ini 2008-03-17 17:29 --------- d-----w C:\Program Files\PSLIDESHOW 2008-03-17 17:28 --------- d-----w C:\Program Files\LimeWire(2) 2008-03-17 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-03-17 17:26 --------- d-----w C:\Program Files\VirusProtect 3.9 2008-03-17 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-06 15:14 12,651,352 ----a-w C:\mm20nld.exe 2007-03-12 13:42 38,032 ----a-w C:\Documents and Settings\pc\Application Data\GDIPFONTCACHEV1.DAT 2006-11-21 08:52 1,395 ---ha-w C:\Documents and Settings\pc\hpothb07.dat 2006-10-20 16:25 45 ----a-w C:\Program Files\serial.txt 2003-03-21 11:45 250,544 ----a-w C:\Program Files\Common Files\keyhelp.ocx 2002-07-22 17:42 1,026 ----a-w C:\Program Files\license.txt 2002-07-22 17:41 3,193 ----a-w C:\Program Files\readme.txt 2002-07-22 17:32 2,731 ----a-w C:\Program Files\history.txt 2002-07-19 09:48 80,896 ----a-w C:\Program Files\vcut.exe 2002-05-25 19:20 289,792 ----a-w C:\Program Files\musiCutter.exe . ((((((((((((((((((((((((((((( snapshot@2008-05-01_14.20.53.38 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-01 12:13:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-02 08:12:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09 157592] "DSLAGENTEXE"="dslagent.exe" [2001-05-18 18:29 16384 C:\WINDOWS\system32\dslagent.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "nwiz"="nwiz.exe" [2004-03-03 10:29 782336 C:\WINDOWS\system32\nwiz.exe] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-22 17:37 286720] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-03 10:29 2904064] "TrayServer"="C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe" [2006-10-04 16:41 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ] "Windows Workstation Service"="wkssvc.exe" [] "Spyware Doctor"="" [] "bxproxy"="C:\WINDOWS\bxproxy.exe" [ ] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 18:21:38 147456] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.X264"= x264vfw.dll "vidc.hfyu"= huffyuv.dll "msacm.divxa32"= DivXa32.acm "msacm.l3codec"= l3codecp.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs RpcxSs *Newly Created Service* - CATCHME . Inhoud van de 'Gedeelde Taken' map "2008-04-30 11:38:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-09-22 10:33:30 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1182073967.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2008-04-30 16:04:46 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-02 10:41:03 Windows 5.1.2600 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 103 ************************************************************************** . Voltooingstijd: 2008-05-02 10:47:51 ComboFix-quarantined-files.txt 2008-05-02 08:47:08 ComboFix2.txt 2008-05-01 12:21:36 Pre-Run: 1,461,374,976 bytes beschikbaar Post-Run: 1,457,164,288 bytes beschikbaar 267 Ik heb nog steeds geen last van pop-ups en andere vervelende toestanden... Bedankt!

Het resultaat van ComboFix: ComboFix 08-04-29.5 - pc 2008-05-01 14:08:02.1 - NTFSx86 Gestart vanuit: C:\Documents and Settings\pc\Mijn documenten\ComboFix.exe WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\LocalService\Menu Start\Programma's\ucmore - the search accelerator C:\Documents and Settings\LocalService\Menu Start\Programma's\ucmore - the search accelerator\How To Uninstall.lnk C:\Documents and Settings\LocalService\Menu Start\Programma's\ucmore - the search accelerator\UCmore - The Search Accelerator.lnk C:\Documents and Settings\LocalService\Menu Start\Programma's\ucmore - the search accelerator\UCmore Tour.lnk C:\Documents and Settings\pc\Local Settings\Temporary Internet Files\ezaraja.vbs C:\Documents and Settings\pc\Local Settings\Temporary Internet Files\idycizeryp.lib C:\Documents and Settings\pc\Local Settings\Temporary Internet Files\omogakipu.exe C:\Documents and Settings\pc\Local Settings\Temporary Internet Files\yhesycohep.bin C:\WINDOWS\msettings.ini C:\WINDOWS\system32\egfhk.bak1 C:\WINDOWS\system32\fxcmwsby.ini C:\WINDOWS\system32\lnqxdorf.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mlnpo.ini C:\WINDOWS\system32\mlnpo.ini2 C:\WINDOWS\system32\PagingSYS.sys C:\WINDOWS\system32\qhlqfmhq.ini C:\WINDOWS\system32\toroedge.ini C:\WINDOWS\system32\windbg___ C:\WINDOWS\WebAssist.dll C:\WINDOWS\win.dll C:\WINDOWS\xhelper.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PAGINGSYS (((((((((((((((((((( Bestanden Gemaakt van 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))) . 2008-05-01 14:07 . 2008-05-01 14:07 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-01 12:59 . 2008-05-01 12:59 <DIR> d-------- C:\WINDOWS\ERUNT 2008-05-01 11:42 . 2008-05-01 13:25 <DIR> d-------- C:\SDFix 2008-05-01 11:00 . 2008-05-01 11:00 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-01 10:54 . 2008-05-01 10:54 <DIR> d-------- C:\Program Files\CCleaner 2008-04-30 09:44 . 2008-04-30 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-30 09:40 . 2008-04-30 09:40 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-23 11:10 . 2008-04-23 11:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-23 11:10 . 2008-04-23 11:10 1,409 --a------ C:\WINDOWS\QTFont.for . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-01 12:05 --------- d-----w C:\Documents and Settings\pc\Application Data\MegauploadToolbar 2008-05-01 07:35 --------- d-----w C:\Documents and Settings\pc\Application Data\AVG7 2008-04-30 16:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-04-24 06:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7 2008-04-24 05:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-04-19 12:28 --------- d-----w C:\Program Files\Incomplete 2008-04-19 12:21 --------- d-----w C:\Program Files\LimeWire 2008-04-06 15:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-03-27 10:08 --------- d-----w C:\Program Files\Windows Live 2008-03-27 10:08 --------- d-----w C:\Program Files\MSN Messenger 2008-03-27 10:08 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-03-19 11:40 131 ----a-w C:\Program Files\musiCutter.ini 2008-03-17 17:29 --------- d-----w C:\Program Files\PSLIDESHOW 2008-03-17 17:28 --------- d-----w C:\Program Files\LimeWire(2) 2008-03-17 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-03-17 17:26 --------- d-----w C:\Program Files\VirusProtect 3.9 2008-03-17 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-17 11:56 11,622 ----a-w C:\WINDOWS\system32\yloto.bin 2008-03-17 11:56 11,167 ----a-w C:\Documents and Settings\All Users\Application Data\aqywakuz.dat 2008-02-06 15:14 12,651,352 ----a-w C:\mm20nld.exe 2007-03-12 13:42 38,032 ----a-w C:\Documents and Settings\pc\Application Data\GDIPFONTCACHEV1.DAT 2006-11-21 08:52 1,395 ---ha-w C:\Documents and Settings\pc\hpothb07.dat 2006-10-20 16:25 45 ----a-w C:\Program Files\serial.txt 2003-03-21 11:45 250,544 ----a-w C:\Program Files\Common Files\keyhelp.ocx 2002-07-22 17:42 1,026 ----a-w C:\Program Files\license.txt 2002-07-22 17:41 3,193 ----a-w C:\Program Files\readme.txt 2002-07-22 17:32 2,731 ----a-w C:\Program Files\history.txt 2002-07-19 09:48 80,896 ----a-w C:\Program Files\vcut.exe 2002-05-25 19:20 289,792 ----a-w C:\Program Files\musiCutter.exe 2001-09-07 12:00 169,984 --sh--r C:\WINDOWS\system32\tempesfile.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09 157592] "DSLAGENTEXE"="dslagent.exe" [2001-05-18 18:29 16384 C:\WINDOWS\system32\dslagent.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "nwiz"="nwiz.exe" [2004-03-03 10:29 782336 C:\WINDOWS\system32\nwiz.exe] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-22 17:37 286720] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-03 10:29 2904064] "TrayServer"="C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe" [2006-10-04 16:41 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ] "Windows Workstation Service"="wkssvc.exe" [] "Spyware Doctor"="" [] "bxproxy"="C:\WINDOWS\bxproxy.exe" [ ] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 18:21:38 147456] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.X264"= x264vfw.dll "vidc.hfyu"= huffyuv.dll "msacm.divxa32"= DivXa32.acm "msacm.l3codec"= l3codecp.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs RpcxSs . Inhoud van de 'Gedeelde Taken' map "2008-04-30 11:38:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-30 22:00:00 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-05-01 07:00:00 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-05-01 08:00:02 C:\WINDOWS\Tasks\At11.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-05-01 09:00:00 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-05-01 10:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-04-30 11:00:00 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-05-01 12:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-04-30 13:00:00 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-04-30 14:00:00 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-04-30 15:00:00 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-04-30 16:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-04-28 23:00:00 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-04-30 17:00:00 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-04-30 18:00:00 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-04-30 19:00:00 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-04-30 20:00:00 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-04-30 21:00:00 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-04-30 22:00:00 C:\WINDOWS\Tasks\At25.job" - C:\WINDOWS\System32\winmds.exe "2008-04-28 23:00:00 C:\WINDOWS\Tasks\At26.job" - C:\WINDOWS\System32\winmds.exe "2008-04-18 00:00:00 C:\WINDOWS\Tasks\At27.job" - C:\WINDOWS\System32\winmds.exe "2008-03-30 01:00:00 C:\WINDOWS\Tasks\At28.job" - C:\WINDOWS\System32\winmds.exe "2008-02-26 03:00:00 C:\WINDOWS\Tasks\At29.job" - C:\WINDOWS\System32\winmds.exe "2008-04-18 00:00:00 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-02-26 04:00:00 C:\WINDOWS\Tasks\At30.job" - C:\WINDOWS\System32\winmds.exe "2007-08-02 13:10:48 C:\WINDOWS\Tasks\At31.job" - C:\WINDOWS\System32\winmds.exe "2008-04-17 05:00:00 C:\WINDOWS\Tasks\At32.job" - C:\WINDOWS\System32\winmds.exe "2008-04-24 06:00:00 C:\WINDOWS\Tasks\At33.job" - C:\WINDOWS\System32\winmds.exe "2008-05-01 07:00:00 C:\WINDOWS\Tasks\At34.job" - C:\WINDOWS\System32\winmds.exe "2008-05-01 08:00:03 C:\WINDOWS\Tasks\At35.job" - C:\WINDOWS\System32\winmds.exe "2008-05-01 09:00:00 C:\WINDOWS\Tasks\At36.job" - C:\WINDOWS\System32\winmds.exe "2008-05-01 10:00:01 C:\WINDOWS\Tasks\At37.job" - C:\WINDOWS\System32\winmds.exe "2008-04-30 11:00:00 C:\WINDOWS\Tasks\At38.job" - C:\WINDOWS\System32\winmds.exe "2008-05-01 12:00:00 C:\WINDOWS\Tasks\At39.job" - C:\WINDOWS\System32\winmds.exe "2008-03-30 01:00:00 C:\WINDOWS\Tasks\At4.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-04-30 13:00:00 C:\WINDOWS\Tasks\At40.job" - C:\WINDOWS\System32\winmds.exe "2008-04-30 14:00:00 C:\WINDOWS\Tasks\At41.job" - C:\WINDOWS\System32\winmds.exe "2008-04-30 15:00:00 C:\WINDOWS\Tasks\At42.job" - C:\WINDOWS\System32\winmds.exe "2008-04-30 16:00:00 C:\WINDOWS\Tasks\At43.job" - C:\WINDOWS\System32\winmds.exe "2008-04-30 17:00:00 C:\WINDOWS\Tasks\At44.job" - C:\WINDOWS\System32\winmds.exe "2008-04-30 18:00:00 C:\WINDOWS\Tasks\At45.job" - C:\WINDOWS\System32\winmds.exe "2008-04-30 19:00:00 C:\WINDOWS\Tasks\At46.job" - C:\WINDOWS\System32\winmds.exe "2008-04-30 20:00:00 C:\WINDOWS\Tasks\At47.job" - C:\WINDOWS\System32\winmds.exe "2008-04-30 21:00:00 C:\WINDOWS\Tasks\At48.job" - C:\WINDOWS\System32\winmds.exe "2008-04-30 22:00:00 C:\WINDOWS\Tasks\At49.job" - C:\WINDOWS\System32\winmds.exe "2008-02-26 03:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-04-28 23:00:00 C:\WINDOWS\Tasks\At50.job" - C:\WINDOWS\System32\winmds.exe "2008-04-18 00:00:00 C:\WINDOWS\Tasks\At51.job" - C:\WINDOWS\System32\winmds.exe "2008-03-30 01:00:00 C:\WINDOWS\Tasks\At52.job" - C:\WINDOWS\System32\winmds.exe "2008-02-26 03:00:00 C:\WINDOWS\Tasks\At53.job" - C:\WINDOWS\System32\winmds.exe "2008-02-26 04:00:00 C:\WINDOWS\Tasks\At54.job" - C:\WINDOWS\System32\winmds.exe "2007-08-25 15:51:54 C:\WINDOWS\Tasks\At55.job" - C:\WINDOWS\System32\winmds.exe "2008-04-17 05:00:00 C:\WINDOWS\Tasks\At56.job" - C:\WINDOWS\System32\winmds.exe "2008-04-24 06:00:00 C:\WINDOWS\Tasks\At57.job" - C:\WINDOWS\System32\winmds.exe "2008-05-01 07:00:00 C:\WINDOWS\Tasks\At58.job" - C:\WINDOWS\System32\winmds.exe "2008-05-01 08:00:03 C:\WINDOWS\Tasks\At59.job" - C:\WINDOWS\System32\winmds.exe "2008-02-26 04:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-05-01 09:00:00 C:\WINDOWS\Tasks\At60.job" - C:\WINDOWS\System32\winmds.exe "2008-05-01 10:00:01 C:\WINDOWS\Tasks\At61.job" - C:\WINDOWS\System32\winmds.exe "2008-04-30 11:00:00 C:\WINDOWS\Tasks\At62.job" - C:\WINDOWS\System32\winmds.exe "2008-05-01 12:00:00 C:\WINDOWS\Tasks\At63.job" - C:\WINDOWS\System32\winmds.exe "2008-04-30 13:00:00 C:\WINDOWS\Tasks\At64.job" - C:\WINDOWS\System32\winmds.exe "2008-04-30 14:00:00 C:\WINDOWS\Tasks\At65.job" - C:\WINDOWS\System32\winmds.exe "2008-04-30 15:00:00 C:\WINDOWS\Tasks\At66.job" - C:\WINDOWS\System32\winmds.exe "2008-04-30 16:00:00 C:\WINDOWS\Tasks\At67.job" - C:\WINDOWS\System32\winmds.exe "2008-04-30 17:00:00 C:\WINDOWS\Tasks\At68.job" - C:\WINDOWS\System32\winmds.exe "2008-04-30 18:00:00 C:\WINDOWS\Tasks\At69.job" - C:\WINDOWS\System32\winmds.exe "2007-06-29 14:42:20 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-04-30 19:00:00 C:\WINDOWS\Tasks\At70.job" - C:\WINDOWS\System32\winmds.exe "2008-04-30 20:00:00 C:\WINDOWS\Tasks\At71.job" - C:\WINDOWS\System32\winmds.exe "2008-04-30 21:00:00 C:\WINDOWS\Tasks\At72.job" - C:\WINDOWS\System32\winmds.exe "2008-04-17 05:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2008-04-24 06:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\System32\3lk22Hk2.exe "2007-09-22 10:33:30 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1182073967.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2008-04-30 16:04:46 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-01 14:14:22 Windows 5.1.2600 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 103 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe . ************************************************************************** . Voltooingstijd: 2008-05-01 14:21:35 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-01 12:21:25 Pre-Run: 1,385,639,936 bytes beschikbaar Post-Run: 1,459,601,408 bytes beschikbaar 294 En vervolgens nog een logje van HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:27:31, on 1/05/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\dslagent.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\explorer.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User '?') O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?') O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - https://livelink.groenkennisnet.nl/livelinksupport/webedit/lledit.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CF785CA6-5FDE-4CAE-B8EF-CF396AEB46E6}: NameServer = 195.238.2.22 195.238.2.21 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe -- End of file - 6180 bytes Tot nu toe heb ik geen last meer van popups en dergelijke... Je hebt me echt al heel wat geholpen! Bedankt hiervoor! Ik krijg ook geen foutmeldingen meer dat Internet Explorer moet worden afgesloten, dat was hetgene dat me het meest stoorde.

Ok, ik heb SDFix gerund in veilige modus en dit is het resultaat: SDFix: Version 1.177 Run by pc on do 01/05/2008 at 13:02 Microsoft Windows XP [versie 5.1.2600] Running From: C:\SDFix Checking Services : Name : NtmlSvc Win32Sr Path : %SystemRoot%\System32\svchost.exe -k netsvcs "C:\WINDOWS\win32ssr.exe" NtmlSvc - Deleted Win32Sr - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\SYSTEM32\ERASEM~1.EXE - Deleted C:\WINDOWS\system32\eraseme_04183.exe - Deleted C:\WINDOWS\system32\TFTP1004 - Deleted C:\WINDOWS\system32\TFTP1312 - Deleted C:\WINDOWS\system32\TFTP1328 - Deleted C:\WINDOWS\system32\TFTP1368 - Deleted C:\WINDOWS\system32\TFTP1392 - Deleted C:\WINDOWS\system32\TFTP1436 - Deleted C:\WINDOWS\system32\TFTP1700 - Deleted C:\WINDOWS\system32\TFTP2764 - Deleted C:\WINDOWS\system32\TFTP3208 - Deleted C:\WINDOWS\system32\TFTP4748 - Deleted C:\WINDOWS\system32\TFTP608 - Deleted C:\WINDOWS\system32\TFTP796 - Deleted C:\WINDOWS\system32\remote.ini - Deleted C:\WINDOWS\system32\univrs32.dat - Deleted C:\WINDOWS\system32\v1rg1n - Deleted C:\Documents and Settings\pc\Application Data\wsnpoem\audio.dll - Deleted C:\Documents and Settings\pc\Application Data\wsnpoem\video.dll - Deleted Folder C:\Documents and Settings\pc\Application Data\wsnpoem - Removed Folder C:\Program Files\Helper - Removed Folder C:\WINDOWS\system32\services - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-01 13:16:23 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:61a72517 "s2"=dword:d20faf0f "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:88,fe,4c,f3,f3,f8,52,0a,2c,63,ec,b2,36,d6,c0,78,72,87,d5,b4,4a,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,54,96,b0,30,15,29,82,62,b4,cb,a1,84,28,71,b9,00,3a,.. "khjeh"=hex:f4,1a,6d,69,85,73,d9,9c,3c,03,3e,67,40,02,50,92,d2,95,3e,bc,dd,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:5c,a0,67,34,28,03,f8,8c,a9,eb,0a,13,cd,3d,1d,a3,9a,e3,76,db,0e,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:88,fe,4c,f3,f3,f8,52,0a,2c,63,ec,b2,36,d6,c0,78,72,87,d5,b4,4a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,54,96,b0,30,15,29,82,62,b4,cb,a1,84,28,71,b9,00,3a,.. "khjeh"=hex:f4,1a,6d,69,85,73,d9,9c,3c,03,3e,67,40,02,50,92,d2,95,3e,bc,dd,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:5c,a0,67,34,28,03,f8,8c,a9,eb,0a,13,cd,3d,1d,a3,9a,e3,76,db,0e,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 103 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 19 Sep 2006 743,255 ..SH. --- "C:\WINDOWS\system32\egfhk.bak1" Mon 27 Mar 2006 1,771,008 A..HR --- "C:\WINDOWS\system32\Ghost.exe" Fri 7 Sep 2001 169,984 ..SHR --- "C:\WINDOWS\system32\tempesfile.exe" Sat 4 Mar 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 23 Apr 2007 24,576 ...H. --- "C:\Documents and Settings\pc\Mijn documenten\~WRL0916.tmp" Wed 14 Mar 2007 386,560 ...H. --- "C:\Documents and Settings\pc\Mijn documenten\~WRL3566.tmp" Finished! Dan geeft HJT mij de volgende log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:30:59, on 1/05/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\dslagent.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User '?') O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?') O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {43331111-1111-1111-1111-611111195622} - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - https://livelink.groenkennisnet.nl/livelinksupport/webedit/lledit.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CF785CA6-5FDE-4CAE-B8EF-CF396AEB46E6}: NameServer = 195.238.2.22 195.238.2.21 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe -- End of file - 5675 bytes Alvast bedankt!

Hallo, Ik heb al enkele dagen last van verscheidene spyware waardoor mijn internet explorer meermaals vastloopt en dat soort dingen. Hiervoor heb ik even een logje gemaakt met HJT. Alvast bedankt voor de hulp! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:13:56, on 1/05/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\GSICON.EXE C:\WINDOWS\System32\dslagent.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\dwwin.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\pc\Application Data\ntos.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\System32\bKwflwAC.dll O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\System32\kqpoprkv.dll (file missing) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: (no name) - {C0FA7589-A083-47C8-BFF3-8C3DB32C3E74} - C:\WINDOWS\System32\khfgg.dll (file missing) O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\prolooker.dll (file missing) O2 - BHO: (no name) - {FD0782A5-79D3-4E75-88CD-CD4B6E4B4656} - C:\WINDOWS\System32\opnlm.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [MICROSFT NT SUPPORT] annmnxedfk.EXE O4 - HKLM\..\Run: [AdobeReaderPro] devy2.exe O4 - HKLM\..\Run: [Microsoft Machine Script] iexplorersis.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Microsoft MachineUpdatese] tempes.exe O4 - HKLM\..\Run: [Microsoft Update] scvhosts.exe O4 - HKLM\..\Run: [Windows SP2 MSDTC Hotfix KB54645] ttaxowhg.exe O4 - HKLM\..\Run: [Windows Workstation Service] wkssvc.exe O4 - HKLM\..\Run: [Winsock2 driver] IIXTLMZ.EXE O4 - HKLM\..\Run: [Microsoft Incroporate] htttp.exe O4 - HKLM\..\Run: [Microsoft DLL Verifier] file.exe O4 - HKLM\..\Run: [Microsoft Machinex] omgs.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe O4 - HKLM\..\RunServices: [Printer] C:\WINDOWS\System32\auditchk.exe O4 - HKLM\..\RunServices: [MICROSFT NT SUPPORT] annmnxedfk.EXE O4 - HKLM\..\RunServices: [AdobeReaderPro] devy2.exe O4 - HKLM\..\RunServices: [Microsoft Machine Script] iexplorersis.exe O4 - HKLM\..\RunServices: [Microsoft MachineUpdatese] tempes.exe O4 - HKLM\..\RunServices: [Microsoft Update] scvhosts.exe O4 - HKLM\..\RunServices: [Windows SP2 MSDTC Hotfix KB54645] ttaxowhg.exe O4 - HKLM\..\RunServices: [Windows Workstation Service] wkssvc.exe O4 - HKLM\..\RunServices: [Microsoft Incroporate] htttp.exe O4 - HKLM\..\RunServices: [netfilt4] C:\WINDOWS\System32\netfilt4.exe O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] file.exe O4 - HKLM\..\RunServices: [Microsoft Machinex] omgs.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Printer] C:\WINDOWS\System32\auditchk.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Windows SP2 MSDTC Hotfix KB54645] ttaxowhg.exe O4 - HKCU\..\Run: [Windows Workstation Service] wkssvc.exe O4 - HKCU\..\Run: [netfilt4] C:\WINDOWS\System32\netfilt4.exe O4 - HKCU\..\RunServices: [Windows Workstation Service] wkssvc.exe O4 - HKCU\..\Policies\Explorer\Run: [1] C:\WINDOWS\System32\services\explorer.exe O4 - HKCU\..\Policies\Explorer\Run: [2] C:\WINDOWS\System32\services\explorer.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-19\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe (User '?') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?') O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Run: [Windows Workstation Service] wkssvc.exe (User '?') O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Run: [netfilt4] C:\WINDOWS\System32\netfilt4.exe (User '?') O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\RunServices: [Windows Workstation Service] wkssvc.exe (User '?') O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Policies\Explorer\Run: [1] C:\WINDOWS\System32\services\explorer.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [Printer] C:\WINDOWS\System32\auditchk.exe (User '?') O4 - HKUS\S-1-5-18\..\RunServices: [Windows Workstation Service] wkssvc.exe (User '?') O4 - HKUS\.DEFAULT\..\Run: [Printer] C:\WINDOWS\System32\auditchk.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunServices: [Windows Workstation Service] wkssvc.exe (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O15 - Trusted Zone: *.p0rt2.com O16 - DPF: {00000005-0000-0000-0000-100009000004} - http://code.trasferimento.biz/l/6dde39373919bc322c7dcc2498089879_35.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {33331111-1111-1111-1111-611111193423} - http://www.www2.p0rt2.com/files/777.cab O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab O16 - DPF: {33331111-1111-1111-1111-615111193427} - O16 - DPF: {33331111-1131-1111-1111-611111193428} - O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl29bd.cab O16 - DPF: {43331111-1111-1111-1111-611111195622} - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - https://livelink.groenkennisnet.nl/livelinksupport/webedit/lledit.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CF785CA6-5FDE-4CAE-B8EF-CF396AEB46E6}: NameServer = 195.238.2.22 195.238.2.21 O20 - Winlogon Notify: winecx32 - winecx32.dll (file missing) O21 - SSODL: PagingSYS - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Program Files\Common Files\PagingSYS.dll (file missing) O22 - SharedTaskScheduler: end - {aaad3a22-1c07-45f5-bfb3-e9a8c3b382fe} - (no file) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe (file missing) O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing) O23 - Service: windowsupdate.microsoft.com - Unknown owner - C:\WINDOWS\msnmsngrs.exe (file missing) -- End of file - 10701 bytes