Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

[HJT] Logje

M@rc
8 antwoorden
  • Vriend van me heeft een probleem: zolang hij een internetverbinding heeft, blijft IEXPLORE.exe zich oneindig lang openen. Gevolg is natuurlijk dat IE crasht en steeds vraagt een foutenrapport te sturen en ook komt er een Runtime Error schermpje in beeld. Soms popt er ook een stop-error op, maar ik kan me de code niet meer herinneren.

    Diverse anti-spywareprogramma's gedraaid(o.a. Ad-Aware, Spybot S&D, AVG Anti-Spyware en Windows Defender). Verscheidene dingen gevonden, maar probleem niet oplost. Laatste redmiddel leek me een HJT-logje maken, ik zie niks vreemds, maar wellicht kunnen jullie iets vinden?

    [list:d7a72259d4]Logfile of HijackThis v1.99.1
    Scan saved at 16:31:27, on 2-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\foobar2000\foobar2000.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsex.dll
    O2 - BHO: (no name) - {25C7CE21-E543-46A9-B4B3-01B845B28A6D} - C:\WINDOWS\system32\admparsex.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402} - (no file)
    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00403} - (no file)
    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00404} - (no file)
    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00405} - C:\WINDOWS\system32\fontexte.dll
    O2 - BHO: (no name) - {DDEC2387-6435-46B6-AF8C-1075F6EBF08B} - C:\WINDOWS\system32\admparsez.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: h618 - C:\WINDOWS\g28351796.dll (file missing)
    O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset
    od32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Unknown owner - D:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (file missing)
    O23 - Service: Sophos Anti-Virus (SAVService) - Unknown owner - D:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (file missing)
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Sophos AutoUpdate Service - Unknown owner - D:\Program Files\Sophos\AutoUpdate\ALsvc.exe (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe (file missing)

    [/list:u:d7a72259d4]

    Bij voorbaat dank!
  • ff kijken
  • Als eerste, uninstal hitmanpro want die zit de fix zo in de weg.




    Start HJT opnieuw en doe een systemscan only vink onderstaande regels aan sluit alle vensters behalve HJT en klik dan op fix checked.

    [b:c4f7ba30fb]
    O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsex.dll
    O2 - BHO: (no name) - {25C7CE21-E543-46A9-B4B3-01B845B28A6D} - C:\WINDOWS\system32\admparsex.dll
    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402} - (no file)
    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00403} - (no file)
    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00404} - (no file)
    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00405} - C:\WINDOWS\system32\fontexte.dll
    O2 - BHO: (no name) - {DDEC2387-6435-46B6-AF8C-1075F6EBF08B} - C:\WINDOWS\system32\admparsez.dll (file missing)
    O20 - Winlogon Notify: h618 - C:\WINDOWS\g28351796.dll (file missing)
    O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)[/b:c4f7ba30fb]




    Download win32delfkil.exe.
    Plaats het op je bureaublad.
    Sluit alle open vensters want de computer zal herstarten.
    Dubbelklik op win32delfkil.exe om het tooltje te starten.
    Na reboot opent er een kladblokbestand.
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • Ik zal morgen het nieuwe logje plaatsen, dan ga ik weer naar 'm toe. Alvast bedankt!
  • Windelf:

    WIN32DELFKIL LOGFILE - by Marckie


    version 3.117
    vr 05-01-2007 12:24:10,60
    running from: "C:\Documents and Settings\Stijn Mulder\Bureaublad"


    — File(s) found in Windows directory —
    g17560000.dll
    g1838390.dll
    g20201859.dll
    g21522218.dll
    g26555796.dll
    g3161171.dll
    g506640.dll
    g5558781.dll
    g6270171.dll
    fontexte.dll
    gc403.cnf
    gc404.cnf
    gc405.cnf
    gsc405.cnf

    — File(s) found in system32 folder —

    — Services —
    service SXServ is present!
    [SWSC] DeleteService SUCCESS

    — Export SharedTaskScheduler key —
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
    "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}"="z"
    "{259BA022-2005-45E9-A965-10EDB9C00618}"="Windowz Updater"
    "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00402}"="z"
    "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00403}"="z"
    "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00404}"="z"
    "{25C7CE21-E543-46A9-B4B3-01B845B28A6D}"="Master Browseui"
    "{DDEC2387-6435-46B6-AF8C-1075F6EBF08B}"="Master Browseui"



    — sharedtaskkey (1): A4F94C0C-54A7-4DB1-9AF3-B22E63D00401 —
    no keys found


    — sharedtaskkey (2): 259BA022-2005-45E9-A965-10EDB9C00618 —
    no keys found


    — sharedtaskkey (3): A4F94C0C-54A7-4DB1-9AF3-B22E63D00402 —
    no keys found


    — sharedtaskkey (4): A4F94C0C-54A7-4DB1-9AF3-B22E63D00403 —
    no keys found


    — sharedtaskkey (5): A4F94C0C-54A7-4DB1-9AF3-B22E63D00404 —
    no keys found


    — sharedtaskkey (6): 25C7CE21-E543-46A9-B4B3-01B845B28A6D —
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25C7CE21-E543-46A9-B4B3-01B845B28A6D}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25C7CE21-E543-46A9-B4B3-01B845B28A6D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\admparsex.dll"
    "ThreadingModel"="Apartment"

    checking for file:
    admparsex.dll found
    admparsex.dll deleted!


    — sharedtaskkey (7): DDEC2387-6435-46B6-AF8C-1075F6EBF08B —
    no keys found

    — Notify key —


    — rebooting the computer —


    — File(s) found in Windows directory —

    — File(s) found in system32 folder —

    — Services —

    — Export SharedTaskSchedulerkey —
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"



    — Notify key —

    Finished!


    Hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:27:18, on 5-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    D:\Program Files\Eset
    od32kui.exe
    D:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {25C7CE21-E543-46A9-B4B3-01B845B28A6D} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {DDEC2387-6435-46B6-AF8C-1075F6EBF08B} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset
    od32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Unknown owner - D:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (file missing)
    O23 - Service: Sophos Anti-Virus (SAVService) - Unknown owner - D:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (file missing)
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Sophos AutoUpdate Service - Unknown owner - D:\Program Files\Sophos\AutoUpdate\ALsvc.exe (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • wil je deze fix ook uitvoeren aub.
    Download [b:cbdfc73a5e]Combofix[/b:cbdfc73a5e] naar je Bureaublad.[list:cbdfc73a5e]
    Dubbelklik [b:cbdfc73a5e]Combofix.exe[/b:cbdfc73a5e]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:cbdfc73a5e]NIET[/b:cbdfc73a5e] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:cbdfc73a5e]
    Wanneer de fix voltooid is en na herstart, zal de log [b:cbdfc73a5e]combofix.txt[/b:cbdfc73a5e] openen.
    [i:cbdfc73a5e]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:cbdfc73a5e]

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • [b:30dd48aaa6][size=18:30dd48aaa6]Combofix:[/size:30dd48aaa6][/b:30dd48aaa6]

    [list:30dd48aaa6]Stijn Mulder - 07-01-05 20:50:20,64 Service Pack 2
    ComboFix 06.11.27 - Running from: "C:\Program Files\Mozilla Firefox"

    ((((((((((((((((((((((((((((((( Files Created from 2006-12-05 to 2007-01-05 ))))))))))))))))))))))))))))))))))


    2007-01-05 16:31 90,112 –a—— C:\RegDACL.exe
    2007-01-05 16:31 53,248 –a—— C:\Process.exe
    2007-01-05 16:31 42,496 –a—— C:\swreg.exe
    2007-01-05 16:31 40,960 –a—— C:\swsc.exe
    2007-01-05 16:31 4,175 –a—— C:\SMWNCV.cmd
    2007-01-05 16:31 4,096 –a—— C:\REBOOT.EXE
    2007-01-05 16:31 16,384 –a—— C:\restart.exe
    2007-01-05 13:05 <DIR> d——– C:\WINDOWS\system32\ZoneLabs
    2007-01-05 13:04 <DIR> d——– C:\WINDOWS\Internet Logs
    2007-01-05 12:24 90,112 –a—— C:\WINDOWS\system32\regdacl.exe
    2007-01-05 12:24 53,248 –a—— C:\WINDOWS\system32\process.exe
    2007-01-05 12:24 42,496 –a—— C:\WINDOWS\system32\swreg.exe
    2007-01-05 12:24 40,960 –a—— C:\WINDOWS\system32\swsc.exe
    2007-01-05 12:24 4,096 –a—— C:\WINDOWS\system32\reboot.exe
    2007-01-05 12:24 276,358 –a—— C:\win32delfkil.exe
    2007-01-05 12:24 16,384 –a—— C:\WINDOWS\system32\restart.exe
    2007-01-05 12:24 <DIR> d——– C:\WINDOWS\system32\regdacl
    2007-01-05 12:24 <DIR> d——– C:\_backupD
    2007-01-05 12:23 <DIR> d——– C:\Program Files\backups
    2007-01-02 21:25 <DIR> dr-h—– C:\Documents and Settings\Stijn Mulder\Onlangs geopend
    2007-01-02 16:31 218,112 –a—— C:\Program Files\HijackThis.exe
    2007-01-02 16:08 512,096 –a—— C:\WINDOWS\system32\drivers\amon.sys
    2007-01-02 16:08 299,392 –a—— C:\WINDOWS\system32\imon.dll
    2007-01-02 16:08 15,424 –a—— C:\WINDOWS\system32\drivers
    od32drv.sys
    2007-01-02 15:33 13 –a—— C:\taskmen32.pif
    2007-01-02 15:00 80,128 –a—— C:\WINDOWS\system32\drivers\savonaccesscontrol.sys
    2007-01-02 15:00 24,064 –a—— C:\WINDOWS\system32\drivers\savonaccessfilter.sys
    2007-01-02 14:48 3,968 –a—— C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-01-02 13:44 <DIR> d——– C:\Documents and Settings\Stijn Mulder\Application Data\Lavasoft
    2007-01-02 13:35 78,336 –a—— C:\WINDOWS\system32\drivers\ssi.sys
    2007-01-02 13:35 51,072 –a—— C:\WINDOWS\system32\drivers\ikhlayer.sys
    2007-01-02 13:35 30,592 –a—— C:\WINDOWS\system32\drivers\ikhfile.sys
    2007-01-02 13:35 102,912 –a—— C:\WINDOWS\system32\islzma.dll
    2007-01-02 13:35 <DIR> d——– C:\Documents and Settings\Stijn Mulder\Application Data\Webroot
    2007-01-02 13:35 <DIR> d——– C:\Documents and Settings\Stijn Mulder\Application Data\PC Tools
    2006-12-29 22:58 99 –a—— C:\WINDOWS\ztaskmen32.pif
    2006-12-26 16:33 25 –a—— C:\WINDOWS\taskmen32.pif
    2006-12-13 17:54 <DIR> d——– C:\Program Files\Mozilla Firefox
    2006-12-11 07:33 <DIR> d——– C:\WINDOWS\Start Menu
    2006-12-11 07:33 <DIR> d——– C:\WINDOWS\Application Data


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-05 14:03 ——– d——– C:\Documents and Settings\Stijn Mulder\Application Data\foobar2000
    2007-01-05 12:27 4267 –a—— C:\Program Files\hijackthis.log
    2007-01-02 15:00 ——– d——– C:\Program Files\Common Files
    2007-01-02 14:31 ——– d——– C:\Documents and Settings\Stijn Mulder\Application Data\Google
    2006-12-30 22:53 ——– d——– C:\Program Files\Google
    2006-12-30 19:21 ——– d——– C:\Documents and Settings\Stijn Mulder\Application Data\Xfire
    2006-12-22 20:00 ——– d——– C:\Program Files\Fire Fox
    2006-12-22 17:14 ——– d——– C:\Program Files\Internet Explorer
    2006-12-21 21:34 ——– d–h—– C:\Program Files\InstallShield Installation Information
    2006-12-17 13:12 ——– d——– C:\Program Files\MSN Messenger
    2006-12-13 10:06 ——– d——– C:\Documents and Settings\Stijn Mulder\Application Data\LimeWire
    2006-12-13 09:31 ——– d——– C:\Program Files\Outlook Express
    2006-12-13 09:31 ——– d——– C:\Program Files\Common Files\System
    2006-12-03 19:12 ——– d——– C:\Program Files\foobar2000
    2006-12-03 14:25 ——– d—s—- C:\Documents and Settings\Stijn Mulder\Application Data\Microsoft
    2006-12-02 14:27 ——– d——– C:\Program Files\Windows Media Player
    2006-12-02 14:27 ——– d——– C:\Program Files\Windows Media Connect 2
    2006-11-14 13:50 ——– d——– C:\Program Files\Java
    2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
    2006-11-06 18:38 ——– d——– C:\Program Files\ESET
    2006-11-02 23:35 8271872 –a—— C:\WINDOWS\system32\wmploc.dll
    2006-11-02 22:53 99840 –a—— C:\WINDOWS\system32\wmpshell.dll
    2006-11-02 22:52 257536 –a—— C:\WINDOWS\system32\wmerror.dll
    2006-11-02 22:50 7680 –a—— C:\WINDOWS\system32\asferror.dll
    2006-11-02 11:52 42496 ——— C:\WINDOWS\system32\wpdshextres.dll
    2006-10-20 02:39 714752 –a—— C:\WINDOWS\system32\sxs.dll
    2006-10-18 21:58 8704 –a—— C:\WINDOWS\system32\wdfmgr.exe
    2006-10-18 21:58 8704 –a—— C:\WINDOWS\system32\uwdf.exe
    2006-10-18 21:47 991744 –a—— C:\WINDOWS\system32\drmv2clt.dll
    2006-10-18 21:47 937984 –a—— C:\WINDOWS\system32\WMNetMgr.dll
    2006-10-18 21:47 767488 ——— C:\WINDOWS\system32\WMVSENCD.dll
    2006-10-18 21:47 757248 –a—— C:\WINDOWS\system32\wmadmod.dll
    2006-10-18 21:47 656896 ——— C:\WINDOWS\system32\WMVXENCD.dll
    2006-10-18 21:47 63488 –a—— C:\WINDOWS\system32\wpdmtpus.dll
    2006-10-18 21:47 629760 –a—— C:\WINDOWS\system32\wpd_ci.dll
    2006-10-18 21:47 613376 ——— C:\WINDOWS\system32\wmpmde.dll
    2006-10-18 21:47 603648 –a—— C:\WINDOWS\system32\WMSPDMOD.dll
    2006-10-18 21:47 542720 –a—— C:\WINDOWS\system32\blackbox.dll
    2006-10-18 21:47 535040 ——— C:\WINDOWS\system32\wmdrmsdk.dll
    2006-10-18 21:47 429056 –a—— C:\WINDOWS\system32\wmdrmdev.dll
    2006-10-18 21:47 414208 –a—— C:\WINDOWS\system32\msscp.dll
    2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\wmvdmoe2.dll
    2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\wmvdmod.dll
    2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\WMVADVE.DLL
    2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\WMVADVD.dll
    2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\wmsdmoe2.dll
    2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\wmsdmod.dll
    2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\wdfapi.dll
    2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\MPG4DMOD.dll
    2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\MP4SDMOD.dll
    2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\MP43DMOD.dll
    2006-10-18 21:47 37376 –a—— C:\WINDOWS\system32\wmdmps.dll
    2006-10-18 21:47 35840 –a—— C:\WINDOWS\system32\wpdconns.dll
    2006-10-18 21:47 356352 –a—— C:\WINDOWS\system32\wpdsp.dll
    2006-10-18 21:47 348672 –a—— C:\WINDOWS\system32\wmdrmnet.dll
    2006-10-18 21:47 33792 –a—— C:\WINDOWS\system32\wmdmlog.dll
    2006-10-18 21:47 321536 –a—— C:\WINDOWS\system32\mswmdm.dll
    2006-10-18 21:47 317440 ——— C:\WINDOWS\system32\MP4SDECD.dll
    2006-10-18 21:47 314880 –a—— C:\WINDOWS\system32\wmpdxm.dll
    2006-10-18 21:47 295936 ——— C:\WINDOWS\system32\wmpeffects.dll
    2006-10-18 21:47 284160 ——— C:\WINDOWS\system32\PortableDeviceApi.dll
    2006-10-18 21:47 276992 –a—— C:\WINDOWS\system32\audiodev.dll
    2006-10-18 21:47 27136 –a—— C:\WINDOWS\system32\mspmsnsv.dll
    2006-10-18 21:47 2603008 ——— C:\WINDOWS\system32\WpdShext.dll
    2006-10-18 21:47 259072 ——— C:\WINDOWS\system32\MPG4DECD.dll
    2006-10-18 21:47 259072 ——— C:\WINDOWS\system32\MP43DECD.dll
    2006-10-18 21:47 2450944 –a—— C:\WINDOWS\system32\wmvcore.dll
    2006-10-18 21:47 242688 –a—— C:\WINDOWS\system32\wmpasf.dll
    2006-10-18 21:47 229376 –a—— C:\WINDOWS\system32\cewmdm.dll
    2006-10-18 21:47 222208 –a—— C:\WINDOWS\system32\wmasf.dll
    2006-10-18 21:47 212992 ——— C:\WINDOWS\system32\MFPLAT.dll
    2006-10-18 21:47 211456 –a—— C:\WINDOWS\system32\qasf.dll
    2006-10-18 21:47 204288 –a—— C:\WINDOWS\system32\wmpsrcwp.dll
    2006-10-18 21:47 199168 ——— C:\WINDOWS\system32\PortableDeviceWMDRM.dll
    2006-10-18 21:47 179712 –a—— C:\WINDOWS\system32\msnetobj.dll
    2006-10-18 21:47 175616 –a—— C:\WINDOWS\system32\mspmsp.dll
    2006-10-18 21:47 166912 ——— C:\WINDOWS\system32\PortableDeviceTypes.dll
    2006-10-18 21:47 1661440 –a—— C:\WINDOWS\system32\wmpencen.dll
    2006-10-18 21:47 1574912 ——— C:\WINDOWS\system32\WMVENCOD.dll
    2006-10-18 21:47 157184 –a—— C:\WINDOWS\system32\wmidx.dll
    2006-10-18 21:47 154624 –a—— C:\WINDOWS\system32\wpdmtp.dll
    2006-10-18 21:47 1543680 ——— C:\WINDOWS\system32\WMVDECOD.dll
    2006-10-18 21:47 1382912 ——— C:\WINDOWS\system32\WMVSDECD.dll
    2006-10-18 21:47 133632 ——— C:\WINDOWS\system32\WPDShServiceObj.dll
    2006-10-18 21:47 1329152 –a—— C:\WINDOWS\system32\WMSPDMOE.dll
    2006-10-18 21:47 132096 ——— C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
    2006-10-18 21:47 130048 ——— C:\WINDOWS\system32\wmpps.dll
    2006-10-18 21:47 11264 –a—— C:\WINDOWS\system32\LAPRXY.dll
    2006-10-18 21:47 1117696 –a—— C:\WINDOWS\system32\WMADMOE.dll
    2006-10-18 21:47 101888 ——— C:\WINDOWS\system32\PortableDeviceClassExtension.dll
    2006-10-18 20:03 100864 –a—— C:\WINDOWS\system32\logagent.exe
    2006-10-18 20:00 249856 ——— C:\WINDOWS\system32\drmupgds.exe
    2006-10-18 20:00 17408 ——— C:\WINDOWS\system32\wpdshextautoplay.exe
    2006-10-13 13:41 65536 –a—— C:\WINDOWS\system32
    wwks.dll
    2006-10-13 13:41 64000 –a—— C:\WINDOWS\system32
    wapi32.dll
    2006-10-13 13:41 144384 –a—— C:\WINDOWS\system32
    wprovau.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "!AVG Anti-Spyware"="\"D:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
    "nod32kui"="\"D:\\Program Files\\Eset\
    od32kui.exe\" /WAITSERVICE"
    "Windows Defender"="\"D:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "Zone Labs Client"="\"d:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Spyware Doctor"=""
    "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Spyware Doctor"=""
    "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Adobe Reader Snelle start.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Reader Snelle start.lnkCommon Startup"
    "location"="Common Startup"
    "command"="D:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
    "item"="Adobe Reader Snelle start"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="avgas"
    "hkey"="HKLM"
    "command"="\"D:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ADeck"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\VIAudioi\\SBADeck\\ADeck.exe 1 "
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="daemon"
    "hkey"="HKLM"
    "command"="\"d:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
    "inimapping"="0"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\winhdn32

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SAVService

    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    Completion time: 07-01-05 20:51:47.70
    C:\ComboFix.txt … 07-01-05 20:51[/list:u:30dd48aaa6]

    [b:30dd48aaa6][size=18:30dd48aaa6]HijackThis[/size:30dd48aaa6][/b:30dd48aaa6]
    [list:30dd48aaa6]Logfile of HijackThis v1.99.1
    Scan saved at 21:27:16, on 5-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    D:\Program Files\Eset
    od32kui.exe
    D:\Program Files\Windows Defender\MSASCui.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {25C7CE21-E543-46A9-B4B3-01B845B28A6D} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {DDEC2387-6435-46B6-AF8C-1075F6EBF08B} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset
    od32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Unknown owner - D:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (file missing)
    O23 - Service: Sophos Anti-Virus (SAVService) - Unknown owner - D:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (file missing)
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Sophos AutoUpdate Service - Unknown owner - D:\Program Files\Sophos\AutoUpdate\ALsvc.exe (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    [/list:u:30dd48aaa6]
  • [b:13a0f32994]1. Verplaats Combofix[/b:13a0f32994] naar je Bureaublad (dit is heel belangrijk !). <<<<<<<<<

    Ga naar Start > Uitvoeren en kopieer en plak het volgende in het veld:

    [b:13a0f32994]"%userprofile%\Bureaublad\Combofix.exe" /v winhdn32 [/b:13a0f32994]

    Klik daarna op Enter.
    Dit zal de Combofix starten.

    Wanneer de fix voltooid is en na herstart, zal de log [b:13a0f32994]combofix.txt[/b:13a0f32994] openen. Bewaar dit logje.

    2. Zet in configuratiescherm > mapoptie's een vinkje bij verborgen bestanden en mappen weergeven. Haal daarna ook het vinkje weg bij extensie's voor bekende bestandstypen verbergen. Klik vervolgens op toepassen en ok.

    3. Print nu onderstaande instructies uit of kopieer ze naar een .txt bestand. Dit, omdat de rest van de fix in veilige modus is en je hier dus niet meer kan terugzoeken.

    4. Start op in Veilige modus http://users.telenet.be/marcvn/spyware/1378056.htm

    5. Start nu alléén HijackThis op. Klik op Scan en vink ALLEEN de onderstaande, eventueel aanwezige, regels aan.
    [b:13a0f32994]
    O2 - BHO: (no name) - {25C7CE21-E543-46A9-B4B3-01B845B28A6D} - (no file)
    O2 - BHO: (no name) - {DDEC2387-6435-46B6-AF8C-1075F6EBF08B} - (no file)

    O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)[/b:13a0f32994]

    Sluit alle vensters! Klik vervolgens op fix checked en ok.

    6. Verwijder de volgende eventueel aanwezige bestanden:
    C:\WINDOWS\SYSTEM32\[b:13a0f32994]winhdn32.dll[/b:13a0f32994]

    Start opnieuw op en plaats de logjes aub.

    J

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.