Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Generic2

None
16 antwoorden
  • Hallo,

    na een scan met AVG komt er de melding dat wij het Generic2.IFU trojan hebben. Maar AVG zelf kan er niets aan doen. Ik denk dat deze pc wel meer probleempjes heeft, maar dit is voorlopig het meest storende. Zou iemand naar ons logje willen kijken? Alvast erg bedankt!

    Logfile of HijackThis v1.99.1
    Scan saved at 17:04:33, on 2/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\WINDOWS\System32\locator.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\soft602\pdfSaver.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\MFP Server Utilities\ServoAp.exe
    C:\Program Files\MFP Server Utilities\MFPAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Wireless LAN Utility\SiWake.exe
    C:\Program Files\Wireless LAN Utility\SISCFG.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\Documents and Settings\freya\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.the-exit.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.the-exit.com/search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.the-exit.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\jmbwtktr.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7DB97675-2E07-468A-88B3-C5F381CC5896} - C:\WINDOWS\AppPatch\piofnt.dll
    O2 - BHO: (no name) - {918F8FC9-3671-4DFE-B780-CECE0FF92C22} - C:\WINDOWS\system32\osrmgnjj.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021
    l\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021
    l\msntb.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\MFP Server Utilities\ServoAp.exe"
    O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\MFP Server Utilities\MFPAgent.exe"
    O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\yqfrgvhl.dll",realset
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [2fa714cb.exe] C:\Documents and Settings\freya\Local Settings\Application Data\2fa714cb.exe
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.trasferimento.biz/l/91c8ce91274ff3151f4b4cfacf48150c_35.exe
    O16 - DPF: {00000000-6666-0704-0B53-2C8830E9FAEC} - http://key.one2bill.de/soft/axload.cab
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1026_EN_XP.cab
    O16 - DPF: {16A7470E-229C-45F9-AE05-A87034FD14CF} (UDConnect Class) - http://03.sharedsource.org/html/UDConn_5.2.1.2.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.thedownload.biz/on_the_fly_web_install/Install.cab
    O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1054_pack_XP.cab
    O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8B936702-C234-40D0-B69C-A2F669A33978} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_7_EN_XP.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN_XP.cab
    O20 - Winlogon Notify: piofnt - C:\WINDOWS\AppPatch\piofnt.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winisd32 - winisd32.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN
    ipsvc.exe (file missing)
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: WinBackup Scheduler (WinBackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe


  • Klik op Start -> (Settings) -> Configuratiescherm -> Software en verwijder het volgende programma:
    [b:6798a40f98]SpywareStormer
    [/b:6798a40f98]


    Installeer hijackthis.exe bijv. in C:\Program Files\[b:6798a40f98]Hijackthis[/b:6798a40f98]
    Dit in verband met de backups die dit programma maakt.

    Download [b:6798a40f98]Combofix[/b:6798a40f98] naar je Bureaublad.[list:6798a40f98]
    Dubbelklik op [b:6798a40f98]Combofix.exe[/b:6798a40f98]
    Volg de instructies, aanvaard de disclaimer door [b:6798a40f98]1[/b:6798a40f98] (continue) te typen.
    Tijdens het runnen van de fix, [b:6798a40f98]NIET[/b:6798a40f98] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:6798a40f98]
    Wanneer de fix voltooid is en na herstart, zal de log [b:6798a40f98]combofix.txt[/b:6798a40f98] openen.
    [i:6798a40f98]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:6798a40f98]

    Opmerking: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.


    Download Brute Force Uninstaller.
    Unzip het programma in C:\BFU

    Rechts-klik HIER en kies "Opslaan Als .."
    Sla dit ook op in C:\BFU

    Start de computer in [b:6798a40f98]VEILIGE MODE[/b:6798a40f98]http://users.telenet.be/marcvn/spyware/1378056.htm

    Start het programma [b:6798a40f98]BFU.exe[/b:6798a40f98]
    In het invul veld plaats je het volgende
    [b:6798a40f98]C:\BFU\EGDACCESS.bfu[/b:6798a40f98]
    Klik dan op [b:6798a40f98]Execute[/b:6798a40f98] en wacht totdat het programma klaar is.

    Klik dan op [b:6798a40f98]OK[/b:6798a40f98] en klik [b:6798a40f98]Exit[/b:6798a40f98] om het programma af te sluiten.
    Herstart de computer in normale mode en post de inhoud van C:\egd.txt.
    (We zijn op zoek naar een "random startup"="random.exe -start" die door EGDACCESS_????.DLL verborgen blijft in hijackthis.
    De random.exe moet eerst worden gestopt voordat deze uit het register kan worden verwijderd.)


    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:6798a40f98]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.the-exit.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.the-exit.com/search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.the-exit.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
    O2 - BHO: (no name) - {7DB97675-2E07-468A-88B3-C5F381CC5896} - C:\WINDOWS\AppPatch\piofnt.dll
    O2 - BHO: (no name) - {918F8FC9-3671-4DFE-B780-CECE0FF92C22} - C:\WINDOWS\system32\osrmgnjj.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.trasferimento.biz/l/91c8ce91274ff3151f4b4cfacf48150c_35.exe
    O16 - DPF: {16A7470E-229C-45F9-AE05-A87034FD14CF} (UDConnect Class) - http://03.sharedsource.org/html/UDConn_5.2.1.2.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.thedownload.biz/on_the_fly_web_install/Install.cab
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
    O16 - DPF: {8B936702-C234-40D0-B69C-A2F669A33978} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_7_EN_XP.cab
    O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN_XP.cab
    O20 - Winlogon Notify: piofnt - C:\WINDOWS\AppPatch\piofnt.dll
    O20 - Winlogon Notify: winisd32 - winisd32.dll (file missing)
    [/b:6798a40f98]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Open de verkenner ("Mijn Computer";) en kies [b:6798a40f98]Extra[/b:6798a40f98] -> [b:6798a40f98]Mapopties…[/b:6798a40f98]
    Controleer onder [b:6798a40f98]Weergave[/b:6798a40f98] de volgende instellingen:

    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
    Uitzetten: Extensies voor bekende bestandstypen verbergen

    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
    Selecteer: Verborgen bestanden en mappen weergeven

    Verwijder de volgende bestanden:
    C:\WINDOWS\AppPatch\[b:6798a40f98]piofnt.dll[/b:6798a40f98]
    C:\WINDOWS\system32\[b:6798a40f98]osrmgnjj.dll[/b:6798a40f98]

    plaats de uitslagen van de fixen aub en een nieuw HJT logje .
  • Alvast heel erg bedankt voor de hulp. Ben er een tijdje mee bezig geweest :)

    Het programma SpywareStormer heb ik niet gevonden bij de software.

    Uitslag combofix:

    "freya" - 2007-07-02 20:01:00 - ComboFix 07-06-27.7 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32
    nnopqn.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\cowabanga
    C:\Program Files\cowabanga\License.txt
    C:\Program Files\instant access
    C:\Program Files\instant access\Center
    eosexvideo.upd
    C:\Program Files\instant access\Center\tray1.ico
    C:\WINDOWS\regedit.com


    ((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))


    2007-07-02 19:23 49,152 –a—— C:\WINDOWS
    ircmd.exe
    2007-06-30 15:50 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-06-16 16:13 62,516 –a—— C:\WINDOWS\system32\jmbwtktr.dll
    2007-06-16 16:13 124,436 –a—— C:\WINDOWS\system32\yqfrgvhl.dll
    2007-06-10 16:22 58,420 –a—— C:\WINDOWS\system32\lmerxwoh.dll
    2007-06-10 16:22 2,580 –a—— C:\WINDOWS\system32\jfyflkxn.exe
    2007-06-04 15:18 9,344 –a—— C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-06-04 15:17 8,320 –a—— C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-06-04 15:14 6,272 –a—— C:\WINDOWS\system32\drivers\AWRTPD.sys


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-30 14:34:41 ——– d—–w C:\Program Files\Google
    2007-06-30 14:31:03 ——– d—–w C:\Program Files\VSToolbar
    2007-06-30 13:50:35 ——– d—–w C:\Program Files\Lavasoft
    2007-06-30 13:48:44 ——– d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2007-06-30 13:35:18 ——– d—–w C:\Program Files\E-risk Calculator
    2007-05-17 08:28:12 54,866 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-05-17 08:28:12 367,854 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-05-17 08:26:59 49,204 —-a-w C:\WINDOWS\system32\begsxlmw.dll
    2007-05-17 08:26:50 131,604 —-a-w C:\WINDOWS\system32\osrmgnjj.dll
    2007-05-16 15:19:43 683,520 ——w C:\WINDOWS\system32\inetcomm.dll
    2007-04-25 14:22:52 144,896 ——w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2007-04-13 13:19:52 7,680 —-a-w C:\WINDOWS\system32\lsdelete.exe
    2006-11-11 10:19:39 712,724 –sh–w C:\WINDOWS\AppPatch\piofnt.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 15:17]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
    {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}=C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll [2005-12-09 17:22]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22]
    {7DB97675-2E07-468A-88B3-C5F381CC5896}=C:\WINDOWS\AppPatch\piofnt.dll [2006-11-11 12:19]
    {918F8FC9-3671-4DFE-B780-CECE0FF92C22}=C:\WINDOWS\system32\osrmgnjj.dll [2007-05-17 10:26]
    {9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 18:42]
    {B56A7D7D-6927-48C8-A975-17DF180C71AC}=C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll [2006-01-06 17:47]
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021
    l\msntb.dll [2006-01-17 17:04]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-03 01:00 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 22:00]
    "SoundMan"="SOUNDMAN.EXE" [2002-11-19 01:00 C:\WINDOWS\SOUNDMAN.EXE]
    "602PC SUITE PDF Saver"="C:\Program Files\Common Files\soft602\pdfSaver.exe" [2005-08-31 16:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-06 16:46]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
    "OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 13:18]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2005-09-20 04:34]
    "RegistryMechanic"="" []
    "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04]
    "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19]
    "Server Application for MFP Server"="C:\Program Files\MFP Server Utilities\ServoAp.exe" [2006-04-17 12:02]
    "MFP Server Agent"="C:\Program Files\MFP Server Utilities\MFPAgent.exe" [2006-06-15 14:48]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-01 14:40]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2005-04-27 20:04]
    "2fa714cb.exe"="C:\Documents and Settings\freya\Local Settings\Application Data\2fa714cb.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\piofnt]
    C:\WINDOWS\AppPatch\piofnt.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\winisd32]
    winisd32.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]
    rundll32.exe p2esocks_1026.dll,InstantAccess

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM-Reset]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
    "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SO5 Integrator Pass Two]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Soap Pro]


    Contents of the 'Scheduled Tasks' folder
    2006-09-28 01:00:00 C:\WINDOWS\tasks\RegCure.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-02 20:08:29
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-02 20:10:58 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-07-02 20:10

    — E O F —



    Ik heb het programma BFU kunnen draaien, maar ik vind C:/egd.txt niet :(

    Het fixen met HJT is gelukt en de bestanden die u had aangegeven heb ik ook kunnen verwijderen.

    Hier is dan een nieuwe log:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:53:21, on 2/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\WINDOWS\System32\locator.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\soft602\pdfSaver.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\MFP Server Utilities\ServoAp.exe
    C:\Program Files\MFP Server Utilities\MFPAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Wireless LAN Utility\SiWake.exe
    C:\Program Files\Wireless LAN Utility\SISCFG.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\freya\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021
    l\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021
    l\msntb.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\MFP Server Utilities\ServoAp.exe"
    O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\MFP Server Utilities\MFPAgent.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [2fa714cb.exe] C:\Documents and Settings\freya\Local Settings\Application Data\2fa714cb.exe
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00000000-6666-0704-0B53-2C8830E9FAEC} - http://key.one2bill.de/soft/axload.cab
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1026_EN_XP.cab
    O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1054_pack_XP.cab
    O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN
    ipsvc.exe (file missing)
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: WinBackup Scheduler (WinBackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe








  • Ok geeft niets,

    Doe onderstaande stappen,
    1 )
    Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
    [list:c21df6fa76][b:c21df6fa76]
  • Bedankt voor de snelle reactie !

    Ik heb enkel het volgende bestand niet gevonden en dus ook niet kunnen verwijderen:

    C:/Documents and Settings/freya/Local Settings/application Data/2fa714cb.exe

    Voor de rest:

    combofix log:

    "freya" - 2007-07-02 21:44:28 - ComboFix 07-06-27.7 - Service Pack 2 NTFS
    Command switches used :: C:\Documents and Settings\freya\Bureaublad\ComboFix-Do.txt


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\begsxlmw.dll
    C:\WINDOWS\system32\jfyflkxn.exe
    C:\WINDOWS\system32\jmbwtktr.dll
    C:\WINDOWS\system32\lmerxwoh.dll
    C:\WINDOWS\system32\yqfrgvhl.dll


    ((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))


    2007-07-02 20:14 <DIR> d——– C:\BFU
    2007-07-02 19:23 49,152 –a—— C:\WINDOWS
    ircmd.exe
    2007-06-30 15:50 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-06-04 15:18 9,344 –a—— C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-06-04 15:17 8,320 –a—— C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-06-04 15:14 6,272 –a—— C:\WINDOWS\system32\drivers\AWRTPD.sys


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-30 14:34:41 ——– d—–w C:\Program Files\Google
    2007-06-30 14:31:03 ——– d—–w C:\Program Files\VSToolbar
    2007-06-30 13:50:35 ——– d—–w C:\Program Files\Lavasoft
    2007-06-30 13:48:44 ——– d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2007-06-30 13:35:18 ——– d—–w C:\Program Files\E-risk Calculator
    2007-05-17 08:28:12 54,866 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-05-17 08:28:12 367,854 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-05-16 15:19:43 683,520 ——w C:\WINDOWS\system32\inetcomm.dll
    2007-04-25 14:22:52 144,896 ——w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2007-04-13 13:19:52 7,680 —-a-w C:\WINDOWS\system32\lsdelete.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 15:17]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
    {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}=C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll [2005-12-09 17:22]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22]
    {9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 18:42]
    {B56A7D7D-6927-48C8-A975-17DF180C71AC}=C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll [2006-01-06 17:47]
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021
    l\msntb.dll [2006-01-17 17:04]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-03 01:00 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 22:00]
    "SoundMan"="SOUNDMAN.EXE" [2002-11-19 01:00 C:\WINDOWS\SOUNDMAN.EXE]
    "602PC SUITE PDF Saver"="C:\Program Files\Common Files\soft602\pdfSaver.exe" [2005-08-31 16:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-06 16:46]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
    "OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 13:18]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2005-09-20 04:34]
    "RegistryMechanic"="" []
    "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04]
    "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19]
    "Server Application for MFP Server"="C:\Program Files\MFP Server Utilities\ServoAp.exe" [2006-04-17 12:02]
    "MFP Server Agent"="C:\Program Files\MFP Server Utilities\MFPAgent.exe" [2006-06-15 14:48]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-01 14:40]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2005-04-27 20:04]
    "2fa714cb.exe"="C:\Documents and Settings\freya\Local Settings\Application Data\2fa714cb.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]
    rundll32.exe p2esocks_1026.dll,InstantAccess

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM-Reset]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
    "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SO5 Integrator Pass Two]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Soap Pro]


    Contents of the 'Scheduled Tasks' folder
    2006-09-28 01:00:00 C:\WINDOWS\tasks\RegCure.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-02 21:52:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-02 21:55:18 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-07-02 21:54
    C:\ComboFix2.txt … 2007-07-02 20:10

    — E O F —


    inhoud C:/RVAXO-results.log:
    —————-RemoveVideoActiveXObject.exe first run————-

    Files found:


    Uninstallers Rogue scanners:


    Folders Found:



    en tot slot een nieuwe HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 22:12:12, on 2/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\WINDOWS\System32\locator.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\soft602\pdfSaver.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\MFP Server Utilities\ServoAp.exe
    C:\Program Files\MFP Server Utilities\MFPAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Wireless LAN Utility\SiWake.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Wireless LAN Utility\SISCFG.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\freya\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021
    l\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021
    l\msntb.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\MFP Server Utilities\ServoAp.exe"
    O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\MFP Server Utilities\MFPAgent.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1026_EN_XP.cab
    O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1054_pack_XP.cab
    O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN
    ipsvc.exe (file missing)
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: WinBackup Scheduler (WinBackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe




  • [b:a407b70f86]
  • hallo,

    de laatste stap is niet gelukt :( :( ongeveer in de helft van de (tweede) scan valt de pc (laptop) steeds uit. Ik heb dus wel de niewe versie van Java en ook ATF cleaner is gelukt. Ik kan dus jammer genoeg alleen een nieuwe HJT logje plaatsen. Zou u er nog eens naar willen kijken? Bedankt.



    Logfile of HijackThis v1.99.1
    Scan saved at 16:19:38, on 3/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\soft602\pdfSaver.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\MFP Server Utilities\ServoAp.exe
    C:\Program Files\MFP Server Utilities\MFPAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Wireless LAN Utility\SiWake.exe
    C:\Program Files\Wireless LAN Utility\SISCFG.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\freya\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021
    l\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021
    l\msntb.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\MFP Server Utilities\ServoAp.exe"
    O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\MFP Server Utilities\MFPAgent.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1026_EN_XP.cab
    O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1054_pack_XP.cab
    O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN
    ipsvc.exe (file missing)
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: WinBackup Scheduler (WinBackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe


  • Download en installeer [b:6a64163ed6] [list:6a64163ed6]
    [*:6a64163ed6]Scroll iets naar beneden, klik “download now” en sla het programma op.
    [*:6a64163ed6]Klik tweemaal “uitvoeren” en selecteer een taal.
    [*:6a64163ed6]Doorloop enkele vensters en klik op “installeren”.
    [*:6a64163ed6]Als het niet automatisch gebeurt klik je op “updates”
    [*:6a64163ed6]Selecteer[b:6a64163ed6] "Scanner"[/b:6a64163ed6] bovenin het scherm en selecteer dan[b:6a64163ed6] "Settings"[/b:6a64163ed6]
    [*:6a64163ed6]Eenmaal in het Settings gedeelte klik je [b:6a64163ed6]"Recommended actions"[/b:6a64163ed6] en vervolgens [b:6a64163ed6]"Quarantine"[/b:6a64163ed6]
    [*:6a64163ed6]Sluit Ewido. Laat het nog [b:6a64163ed6]niet[/b:6a64163ed6] scannen
    [/list:u:6a64163ed6]

    Start nu je computer op in [b:6a64163ed6]VEILIGE mode[/b:6a64163ed6] http://users.telenet.be/marcvn/spyware/1378056.htm

    Start AVG Anti-Spyware, (er is een icon op je desktop[list:6a64163ed6]
    [*:6a64163ed6]klik op [b:6a64163ed6]Scanner[/b:6a64163ed6]
    [*:6a64163ed6]Klik op [b:6a64163ed6]Complete System Scan[/b:6a64163ed6]
    [*:6a64163ed6]Laat het programma je pc scannen, dit kan even duren.
    [*:6a64163ed6]Als er geïnfecteerde bestanden zijn gevonden, klik dan op "[b:6a64163ed6]Apply all actions[/b:6a64163ed6]"
    Daarna zal je een knop zien [b:6a64163ed6]Save report[/b:6a64163ed6]
    [*:6a64163ed6]Klik op [b:6a64163ed6]Save Report[/b:6a64163ed6]
    [*:6a64163ed6]Klik daarna op [b:6a64163ed6]Save Report as[/b:6a64163ed6] en bewaar het rapport op op je bureaublad.
    [*:6a64163ed6]Sluit AVG Anti-spyware af en herstart de computer in normale mode.[/list:u:6a64163ed6]
    [b:6a64163ed6]Post het log tesamen met een nieuw hijackthis log.[/b:6a64163ed6]
  • Hoi,

    deze keer is alles zonder problemen verlopen :D

    Hier het report van de AVG Anti-Spyware scan

    ———————————————————
    AVG Anti-Spyware - Scan Report
    ———————————————————

    + Created at: 21:32:47 3/07/2007

    + Scan result:



    C:\System Volume Information\_restore{2DB81701-537E-4F3C-AD95-BC1F53AABD06}\RP837\A0467977.dll -> Adware.BHO : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_2711 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_2941 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_1098 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_1346 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_2559 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3\Seqn_1969 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3\Seqn_2578 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_2869 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_2873 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_2899 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_2918 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_3678 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_2961 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_3 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_2711 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_2941 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_1098 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_1346 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_2559 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_1969 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_2578 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_2869 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_2873 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_2899 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_2918 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_3678 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_2711 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_2941 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_1098 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_1346 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_2559 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_1969 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_2578 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_2869 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_2873 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_2899 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_2918 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_3678 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3683 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_1971 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_4453 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_1083 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_1333 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_2254 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_2282 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_2731 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_3141 -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Status -> Adware.Cydoor : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\INSTAFINK -> Adware.InstaFinder : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\INSTAFINK\Reports -> Adware.InstaFinder : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\INSTAFINK\Reports\38511 -> Adware.InstaFinder : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\INSTAFINK\Reports\38517 -> Adware.InstaFinder : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\INSTAFINK\Reports\38518 -> Adware.InstaFinder : Cleaned with backup (quarantined).
    HKU\S-1-5-21-2904983955-4042056321-2513454025-1008\Software\INSTAFINK\Stat -> Adware.InstaFinder : Cleaned with backup (quarantined).
    C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2DB81701-537E-4F3C-AD95-BC1F53AABD06}\RP836\A0464687.dll -> Adware.Searchcolor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\hxettshc.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\piibxsxu.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\tncaafqx.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EGCOMSERVICE2.EGComSvc2 -> Dialer.Generic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EGCOMSERVICE2.EGComSvc2.1 -> Dialer.Generic : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\EGCOMSERVICE2.EGComSvc2\CLSID -> Dialer.Generic : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2DB81701-537E-4F3C-AD95-BC1F53AABD06}\RP837\A0467877.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\qnbdthxu.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
    C:\Documents and Settings\freya\Cookies\freya@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\freya\Cookies\freya@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\freya\Cookies\freya@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\freya\Cookies\freya@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
    C:\Documents and Settings\freya\Cookies\freya@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
    C:\QooBox\Quarantine\catchme2007-07-02_215229.63.zip/jfyflkxn.exe -> Trojan.Agent.anr : Cleaned with backup (quarantined).


    ::Report end

    En hier een nieuwe HJT log

    Logfile of HijackThis v1.99.1
    Scan saved at 21:44:11, on 3/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\soft602\pdfSaver.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\MFP Server Utilities\ServoAp.exe
    C:\Program Files\MFP Server Utilities\MFPAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Wireless LAN Utility\SiWake.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Wireless LAN Utility\SISCFG.exe
    C:\Documents and Settings\freya\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021
    l\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021
    l\msntb.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\MFP Server Utilities\ServoAp.exe"
    O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\MFP Server Utilities\MFPAgent.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1026_EN_XP.cab
    O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1054_pack_XP.cab
    O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN
    ipsvc.exe (file missing)
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: WinBackup Scheduler (WinBackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe


  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:9b9dc76c72]
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1026_EN_XP.cab
    O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1054_pack_XP.cab
    O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab

    [/b:9b9dc76c72]
    Klik op 'Fix checked' om de items te verwijderen.


    start opnieuw op en vertel eens hoe het nu gaat.
  • Hallo,

    ik heb geen meldingen meer gekregen en alles loopt goed. Behalve het opnieuw opstarten, dat duurt heel erg lang. Vooral het uitschakelen van de pc neemt heel wat tijd in beslag. Ik had ook nog een paar vraagjes. Welke programma's die ik gebruikt heb, mag ik weer van de pc smijten? En ik ben beheerder van de computer (maar niet administrator), zijn de problemen dan ook bij de andere gebruikers van de pc opgelost? Alvast heel erg hard bedankt voor alle hulp!
  • Om daar helemaal zeker van te zijn zou ik een HJT logje "van elke gebruikers account" moeten zien.

    Ben je uitgekeken op het blauwe balkje tijdens het opstarten?
    Ga naar HKEY_LOCAL_MACHINESYSTEMControlSetControlSesionManagerMemoryMenagerPreftechParameters
    Bewerk hier de waarde “EnablePrefetecher”
    Geef waarde 2 in om het opstarten te versnellen
    Geef waarde 3 in om ook programma’s sneller te maken
    Waarde 0 is uiteraard de computer uitschakelen en Waarde 1 is alleen om het starten van het programma te versnellen
    Ik raad je deze verandering niet aan als je een computer met minder dan 1Ghz processor of minder dan 512 MB RAM hebt.

    Het startmenu openen sneller maken!
    Ga naar HKEY_CURRENT_USERControlPanelDesktopBewerk hier de waarde van “MenuShowDelay” (tekenreekswaarde)Geef hier een waarde in van tussen de 0 en 400
    De waarde 0 is niet echt handig
    De waarde tussen de 100 en 200 werkt beter en kan je zelfs mee gaan experimenteren Windows sneller laten afsluiten! Normaliter wacht Windows bij het afsluiten tot alle processen gestopt zijn voor hij effectief afsluit, dit kan je eenvoudig veranderen.
    Ga in Wait To Kill Service TimeOut naar HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControl
    Geef hier een lagere waarde op, vb; 2000

    Ga nu naar HKEY-CURRENT_USERControlPanelDesktop
    Verander nu hier de tekenreekswaarde Wait To Kill App TimeOut in 4000

    Zorg dat er minder services draaien bij het opstarten van je computer. Ga naar start uitvoeren en type in het venster services.msc, er verschijnt nu een overzicht van alle ingeschakelde services. Klik op een ingeschakelde service, ga naar de eigenschappen en ga vervolgens naar het tabblad algemeen. Nu kan je hier de optie kiezen onder opstart type, bijv. automatisch starten, handmatig of een service helemaal uitschakelen. Kies dus voor service helemaal uitschakelen, schakel alleen de services uit zoals Fax of Smartcard indien je dit niet gebruikt.
  • Hallo,

    sorry dat ik nu pas antwoord, maar we hadden internetproblemen na een stroomonderbreking. De stappen om de pc sneller te laten afsluiten en opstarten heb ik nog niet ondernomen. Ik kan ook niet op alle gebruikersnamen een HJT log maken, omdat ik niet alle wachtwoorden heb en ze op reis zijn. Maar van 1 account heb ik wel de HJT-log. Zou je die nog eens willen nakijken?

    Heel erg bedankt!

    Logfile of HijackThis v1.99.1
    Scan saved at 13:56:22, on 8/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\locator.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\soft602\pdfSaver.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\MFP Server Utilities\ServoAp.exe
    C:\Program Files\MFP Server Utilities\MFPAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Wireless LAN Utility\SiWake.exe
    C:\Program Files\Wireless LAN Utility\SISCFG.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\PROGRA~1\Grisoft\AVG7\avgw.exe
    C:\Documents and Settings\ellen_thijs\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021
    l\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021
    l\msntb.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [Server Application for MFP Server] "C:\Program Files\MFP Server Utilities\ServoAp.exe"
    O4 - HKLM\..\Run: [MFP Server Agent] "C:\Program Files\MFP Server Utilities\MFPAgent.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [2fa714cb.exe] C:\Documents and Settings\ellen_thijs\Local Settings\Application Data\2fa714cb.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - Startup: OpenOffice.org 2.0 .lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN
    ipsvc.exe (file missing)
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: WinBackup Scheduler (WinBackupScheduler) - Unknown owner - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe


  • niks mis mee dacht ik.
  • Hallo,

    ik denk dat alle problemen met de pc opgelost zijn. Ik wil je nog eens heel hard bedanken. Ik vind het fantastisch dat mensen hun vrije tijd opofferen om andere mensen met computerproblemen te helpen. En geduld dat jullie hebben, echt geweldig! Heel erg hard bedankt !!
  • Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt

    Hier nog wat tips. tips


    Bedankt voor je vriendelijke woorden.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.