Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

rightonadz

Anoniem
pimvandenderen
25 antwoorden
  • Hallo allemaal er komt steed een scherm in beeld beginnend met rightonadz. Virusscan helpt niet. Hoe kom ik daar vanaf?
    bvd.Leen
  • zoek de naam van het programma en verwijder het!
    meestal te vinden bij software
    en anders onder program files in verkenner is gewoon adware
  • Dank voor je snelle reactie, was het maar zo makkelijk.er staat niets bij.
  • Download Hijackthis-setup naar je [u:0451b768dd]Bureaublad[/u:0451b768dd].

    Open HJTInstall en bepaal de locatie waar je Hijackthis wilt installeren.
    Druk vervolgens op Install, na enkele seconde zal Hijackthis automatisch openen.
    Kies nu voor [b:0451b768dd]'Do a system scan and save a logfile'[/b:0451b768dd].
    Er opent een kladblok bestand met een logfile. Selecteer deze tekst helemaal ([b:0451b768dd]ctrl-A[/b:0451b768dd]), kopieer ([b:0451b768dd]ctrl C[/b:0451b768dd]) en plak deze tekst in je volgende bericht.

    Succes! 8)

    Pim
  • Ik hoop dat ik het goed gedaan heb:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:27:47, on 25-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Webshots\webshots.scr
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\NU.nl Nieuwslezer
    unwslzr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: 2nd &Speech Center - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\PROGRA~1\2NDSPE~1\tts4ie.dll
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Windows\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
    O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotoservice.dixons.nl/Dixons/UserControls/Part/Upload/ImageUploader4.cab
    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.nl/clients/uploader_v2.2.0.6.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    End of file - 7080 bytes



  • oja ik heb gzmrotate in opstart uitgeschakeld!!!!
  • Is prima gegaan hoor! :)

    Start Hijackthis, kies voor [i:754f5f9c46]'Do a system scan only'[/i:754f5f9c46] en vink onderstaande regels aan:
    [b:754f5f9c46]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    [/b:754f5f9c46]

    Sluit nu [u:754f5f9c46]alle[/u:754f5f9c46] openstaande vensters, behalve Hijackthis en klik op [b:754f5f9c46]Fix Checked[/b:754f5f9c46].

    Download: RVAXO.exe
    [list:754f5f9c46]
    Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    Open nu de map [b:754f5f9c46]RVAXO[/b:754f5f9c46] op je bureaublad en dubbeklik [b:754f5f9c46]RVAXO.cmd[/b:754f5f9c46]
    Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    [b:754f5f9c46]Mogelijk[/b:754f5f9c46] start er ook een uninstaller van een rogue scanner op, [b:754f5f9c46]sluit deze niet[/b:754f5f9c46] af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
    Laat deze lopen en wacht tot er een logfile opent: C:\[b:754f5f9c46]RVAXO-results.log[/b:754f5f9c46]
    Herstart je computer niet vanzelf, of start de tool niet na de reboot, [b:754f5f9c46]doe dit dan handmatig[/b:754f5f9c46].
    Post de inhoud van de logfile in je volgende bericht.
    [/list:u:754f5f9c46]

    Post nu de log van RVAXO en een vers Hijackthis log in je volgende bericht.

    Pim :)
  • —————-RVAXO.exe first run————-
    —————-RVAXO.exe first run————-

    Files found:

    C:\WINDOWS\system32\rightonadz-uninst.exe
    C:\WINDOWS\system32\adssite-remove.exe

    Uninstallers Rogue scanners:


    Folders Found:


    Hosts-file was reset, If you use a custom hosts file please replace it…

    ————–RVAXO.exe last run—————

    Files found:

    Folders Found:

    ————–RVAXO.exe finished—————-
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:58:02, on 25-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
    O3 - Toolbar: 2nd &Speech Center - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\PROGRA~1\2NDSPE~1\tts4ie.dll
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Windows\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
    O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotoservice.dixons.nl/Dixons/UserControls/Part/Upload/ImageUploader4.cab
    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.nl/clients/uploader_v2.2.0.6.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    End of file - 6250 bytes


  • Download [b:73b6698e21]Combofix[/b:73b6698e21] naar je [b:73b6698e21]bureaublad[/b:73b6698e21]

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:73b6698e21]download Combofix opnieuw[/b:73b6698e21]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op [u:73b6698e21]combofix.exe[/u:73b6698e21]
    Kies voor "Continue" door [b:73b6698e21]1[/b:73b6698e21] te typen gevolgd door [b:73b6698e21]ENTER[/b:73b6698e21].
    Tijdens het runnen van de fix, [b:73b6698e21]NIET[/b:73b6698e21] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:73b6698e21]combofix.txt[/b:73b6698e21] openen.
    [i:73b6698e21]Plaats in je volgende antwoord het logje van combofix tesamen met een vers Hijackthis log. [/i:73b6698e21]

    Succes!

    Pim
  • ComboFix 07-11-19.3 - Windows 2007-11-25 22:11:15.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.209 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Windows\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Windows\Application Data\inst.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-10-25 to 2007-11-25 ))))))))))))))))))))))))))))))
    .

    2007-11-25 17:54 <DIR> d——– C:\RVAXO
    2007-11-25 17:47 467,087 –a—— C:\WINDOWS\system32\RVAXO.bat
    2007-11-25 17:47 69,632 –a—— C:\WINDOWS\system32\remove.exe
    2007-11-25 14:47 <DIR> d——– C:\Program Files\SUPERAntiSpyware
    2007-11-25 14:47 <DIR> d——– C:\Documents and Settings\Windows\Application Data\SUPERAntiSpyware.com
    2007-11-25 14:47 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-25 14:22 <DIR> d——– C:\Program Files\XoftSpySE
    2007-11-25 14:05 <DIR> d——– C:\Program Files\Trend Micro
    2007-11-25 01:12 <DIR> d——– C:\Documents and Settings\Windows\Application Data\Comodo
    2007-11-25 01:12 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Comodo
    2007-11-25 01:08 <DIR> d——– C:\Program Files\Comodo
    2007-11-23 18:37 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\SurfRight
    2007-11-22 20:20 <DIR> d——– C:\Program Files\SurfRight
    2007-11-22 20:20 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SurfRight
    2007-11-22 19:48 <DIR> d——– C:\Program Files\Wondershare
    2007-11-20 20:31 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-18 20:05 <DIR> d——– C:\Program Files\TKexeKalender
    2007-11-18 20:05 299,008 –a—— C:\WINDOWS\Uninstall_tkexe.exe
    2007-11-16 21:16 <DIR> d——– C:\Program Files\Pointstone
    2007-11-15 21:02 <DIR> d——– C:\Program Files\Hyves Kwekker
    2007-11-14 23:52 <DIR> d——– C:\Program Files\Photomatix
    2007-11-14 20:19 <DIR> d——– C:\Program Files\QRPhotoDVDSlideshow
    2007-11-14 20:19 <DIR> d——– C:\Documents and Settings\Windows\Application Data\Vso
    2007-11-14 20:19 47,360 –a—— C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-11-14 20:19 47,360 –a—— C:\Documents and Settings\Windows\Application Data\pcouffin.sys
    2007-11-10 19:44 <DIR> d——– C:\Program Files\Zards software
    2007-11-03 12:10 <DIR> d——– C:\WINDOWS\Solar System - Earth 3D
    2007-11-03 12:10 16,542,720 –a—— C:\WINDOWS\Solar System - Earth 3D Screensaver.exe
    2007-11-03 12:10 294,912 –a—— C:\WINDOWS\Solar System - Earth 3D Screensaver.scr
    2007-10-31 20:40 <DIR> d——– C:\WINDOWS\MetaCreations
    2007-10-31 20:39 <DIR> d——– C:\Program Files\SuperGOO
    2007-10-31 20:39 302,592 –a—— C:\WINDOWS\unin0407.exe
    2007-10-29 16:36 <DIR> d——– C:\Program Files\Common Files\Ankiro
    2007-10-29 16:35 <DIR> d——– C:\Program Files\SPAMfighter
    2007-10-29 16:35 <DIR> d——– C:\Program Files\Common Files\Application
    2007-10-27 09:04 <DIR> d——– C:\Program Files\MOJOSOFT
    2007-10-27 09:04 <DIR> d——– C:\Documents and Settings\Windows\Application Data\mojosoft
    2007-10-26 09:44 <DIR> d——– C:\Program Files\Give Away Of The Day
    2007-10-26 09:44 685,816 –a—— C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-26 09:44 84,736 –a—— C:\WINDOWS\system32\drivers\StarPortLite.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-25 20:00 ——— d—–w C:\Documents and Settings\Windows\Application Data\Skype
    2007-11-25 19:12 ——— d—–w C:\Documents and Settings\Windows\Application Data\AVG7
    2007-11-25 16:57 ——— d—–w C:\Program Files\Hitman Pro
    2007-11-25 13:46 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-22 22:45 ——— d—–w C:\Program Files\Spyware Doctor
    2007-11-22 22:31 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-22 19:31 ——— d—–w C:\Program Files\SpywareBlaster
    2007-11-19 18:02 ——— d—–w C:\Documents and Settings\All Users\Application Data\avg7
    2007-10-29 22:54 ——— d—–w C:\Program Files\IrfanView
    2007-10-24 18:40 ——— d—–w C:\Program Files\FeedReader30
    2007-10-21 18:05 ——— d—–w C:\Documents and Settings\Windows\Application Data\Uniblue
    2007-10-21 16:11 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-10-21 16:11 ——— d—–w C:\Program Files\Reallusion
    2007-10-21 16:11 ——— d—–w C:\Documents and Settings\Windows\Application Data\InstallShield
    2007-10-18 19:23 ——— d—–w C:\Program Files\2nd Speech Center
    2007-10-15 18:46 27,648 —-a-w C:\WINDOWS\instearth.exe
    2007-10-07 18:12 ——— d—–w C:\Program Files\Astro Gemini Software
    2007-10-03 18:48 ——— d—–w C:\Documents and Settings\Windows\Application Data\Feedreader
    2007-09-29 18:29 ——— d—–w C:\Documents and Settings\Windows\Application Data\Eltima Software
    2007-09-29 18:28 ——— d—–w C:\Program Files\Advanced Registry Doctor
    2007-09-29 18:26 ——— d—–w C:\Program Files\Skype Recorder
    2007-09-29 18:23 ——— d—–w C:\Program Files\Kiyut
    2007-09-29 17:52 ——— d—–w C:\Documents and Settings\Windows\Application Data\.citra
    2007-09-26 11:06 ——— d—–w C:\Program Files\ASTRA32
    2007-09-20 12:43 253,952 —-a-w C:\WINDOWS\system32\Photomatix25Lib2.dll
    2007-09-17 15:02 266,240 —-a-w C:\WINDOWS\system32\Photomatix25Lib.dll
    2007-09-06 04:35 95,525 —-a-w C:\WINDOWS\system32\Photomatix25Lib3.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 09:25]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\system32\rundll32.exe]
    "QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2004-12-26 12:10]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 09:25]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)

    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NU.nl Nieuwslezer.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\NU.nl Nieuwslezer.lnk
    backup=C:\WINDOWS\pss\NU.nl Nieuwslezer.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Windows^Menu Start^Programma's^Opstarten^Webshots.lnk]
    path=C:\Documents and Settings\Windows\Menu Start\Programma's\Opstarten\Webshots.lnk
    backup=C:\WINDOWS\pss\Webshots.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-04 01:03 15360 –a—— C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\feedreader.exe]
    C:\Program Files\FeedReader30\feedreader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
    C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    2001-12-12 01:40 196608 –a—— C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
    2006-07-13 06:21 57344 –a—— C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 10:50 155648 –a—— C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\WINDOWS\system32\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2004-11-02 20:24 32768 –a—— C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype Recorder]
    C:\Program Files\Skype Recorder\Skype Recorder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
    C:\Program Files\SPAMfighter\SFAgent.exe update delay 60

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-07-12 03:00 132496 –a—— C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-06-16 20:30 68856 –a—— C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

    R0 viaidexp;viaidexp;C:\WINDOWS\system32\drivers\viaidexp.sys
    R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;\??\C:\Program Files\ASTRA32\ASTRA32.sys
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe"
    S1 ctredrv.sys;ctredrv.sys;\??\C:\WINDOWS\system32\drivers\ctredrv.sys
    S1 SABKUTIL;SABKUTIL;\??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys
    S2 ZLZXPWMN;ZLZXPWMN;\??\C:\WINDOWS\system32\zlzxpwmn.jbv
    S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ac35b5e-92ea-11dc-a59f-000c763b201f}]
    \Shell\AutoRun\command - F:\setupSNK.exe

    *Newly Created Service* - CATCHME
    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-11-25 20:26:00 C:\WINDOWS\Tasks\dfrg.job"
    - C:\WINDOWS\system32\dfrg.msc
    "2007-11-20 18:55:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    "2007-10-21 17:55:44 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-25 22:13:53
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-11-25 22:14:58
    .
    — E O F —





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:19:01, on 25-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
    O3 - Toolbar: 2nd &Speech Center - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\PROGRA~1\2NDSPE~1\tts4ie.dll
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Windows\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
    O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotoservice.dixons.nl/Dixons/UserControls/Part/Upload/ImageUploader4.cab
    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.nl/clients/uploader_v2.2.0.6.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    End of file - 6217 bytes




  • Ga naar de website van jotti: http://virusscan.jotti.org/
    In het venster 'File to upload & scan' kopieer je het volgende:
    [b:5d518897fe]C:\WINDOWS\system32\zlzxpwmn.jbv [/b:5d518897fe]

    Klik vervolgens op Submit en plaats de uitslag in je volgende post.

    Herhaal dit voor:
    [b:5d518897fe]
    C:\WINDOWS\system32\drivers\ctredrv.sys
    [/b:5d518897fe]

    Pim :)
  • The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

    Beste Pim ik heb alles uitgeschakeld staan en nog vind hij het niet en komt met bovenstaande regel.

    Ik heb ook zelf gegeken maar kan het ook niet vinden in systeem 32

    ( Je bent er maar druk mee )

    Gr.Leen.
  • Last file scanned at least one scanner reported something about: USD_1.34.8_BlackManos_Pack_13.42.rar (MD5: 7d993ca8745b943b56854171aa9a65ec, size: 7778096 bytes), detected by:

    Scanner Malware name
    A-Squared X
    AntiVir X
    ArcaVir X
    Avast X
    AVG Antivirus Dropper.Delf.OU
    BitDefender X
    ClamAV X
    CPsecure X
    Dr.Web Trojan.MulDrop.9120
    F-Prot Antivirus X
    F-Secure Anti-Virus X
    Fortinet X
    Ikarus X
    Kaspersky Anti-Virus X
    NOD32 X
    Norman Virus Control X
    Panda Antivirus X
    Rising Antivirus X
    Sophos Antivirus X
    VirusBuster X
    VBA32 Trojan.MulDrop.9120
  • ComboFix 07-11-19.4 - Windows 2007-11-26 14:26:57.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.215 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Windows\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-10-26 to 2007-11-26 ))))))))))))))))))))))))))))))
    .

    2007-11-25 17:54 <DIR> d——– C:\RVAXO
    2007-11-25 17:47 467,087 –a—— C:\WINDOWS\system32\RVAXO.bat
    2007-11-25 17:47 69,632 –a—— C:\WINDOWS\system32\remove.exe
    2007-11-25 14:47 <DIR> d——– C:\Program Files\SUPERAntiSpyware
    2007-11-25 14:47 <DIR> d——– C:\Documents and Settings\Windows\Application Data\SUPERAntiSpyware.com
    2007-11-25 14:47 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-25 14:22 <DIR> d——– C:\Program Files\XoftSpySE
    2007-11-25 14:05 <DIR> d——– C:\Program Files\Trend Micro
    2007-11-25 01:12 <DIR> d——– C:\Documents and Settings\Windows\Application Data\Comodo
    2007-11-25 01:12 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Comodo
    2007-11-25 01:08 <DIR> d——– C:\Program Files\Comodo
    2007-11-23 18:37 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\SurfRight
    2007-11-22 20:20 <DIR> d——– C:\Program Files\SurfRight
    2007-11-22 20:20 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SurfRight
    2007-11-22 19:48 <DIR> d——– C:\Program Files\Wondershare
    2007-11-20 20:31 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-18 20:05 <DIR> d——– C:\Program Files\TKexeKalender
    2007-11-18 20:05 299,008 –a—— C:\WINDOWS\Uninstall_tkexe.exe
    2007-11-16 21:16 <DIR> d——– C:\Program Files\Pointstone
    2007-11-15 21:02 <DIR> d——– C:\Program Files\Hyves Kwekker
    2007-11-14 23:52 <DIR> d——– C:\Program Files\Photomatix
    2007-11-14 20:19 <DIR> d——– C:\Program Files\QRPhotoDVDSlideshow
    2007-11-14 20:19 <DIR> d——– C:\Documents and Settings\Windows\Application Data\Vso
    2007-11-14 20:19 47,360 –a—— C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-11-14 20:19 47,360 –a—— C:\Documents and Settings\Windows\Application Data\pcouffin.sys
    2007-11-10 19:44 <DIR> d——– C:\Program Files\Zards software
    2007-11-03 12:10 <DIR> d——– C:\WINDOWS\Solar System - Earth 3D
    2007-11-03 12:10 16,542,720 –a—— C:\WINDOWS\Solar System - Earth 3D Screensaver.exe
    2007-11-03 12:10 294,912 –a—— C:\WINDOWS\Solar System - Earth 3D Screensaver.scr
    2007-10-31 20:40 <DIR> d——– C:\WINDOWS\MetaCreations
    2007-10-31 20:39 <DIR> d——– C:\Program Files\SuperGOO
    2007-10-31 20:39 302,592 –a—— C:\WINDOWS\unin0407.exe
    2007-10-29 16:36 <DIR> d——– C:\Program Files\Common Files\Ankiro
    2007-10-29 16:35 <DIR> d——– C:\Program Files\SPAMfighter
    2007-10-29 16:35 <DIR> d——– C:\Program Files\Common Files\Application
    2007-10-27 09:04 <DIR> d——– C:\Program Files\MOJOSOFT
    2007-10-27 09:04 <DIR> d——– C:\Documents and Settings\Windows\Application Data\mojosoft
    2007-10-26 09:44 <DIR> d——– C:\Program Files\Give Away Of The Day
    2007-10-26 09:44 685,816 –a—— C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-26 09:44 84,736 –a—— C:\WINDOWS\system32\drivers\StarPortLite.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-26 11:20 ——— d—–w C:\Documents and Settings\Windows\Application Data\AVG7
    2007-11-25 22:52 ——— d—–w C:\Documents and Settings\Windows\Application Data\Skype
    2007-11-25 16:57 ——— d—–w C:\Program Files\Hitman Pro
    2007-11-25 13:46 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-22 22:45 ——— d—–w C:\Program Files\Spyware Doctor
    2007-11-22 22:31 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-22 19:31 ——— d—–w C:\Program Files\SpywareBlaster
    2007-11-19 18:02 ——— d—–w C:\Documents and Settings\All Users\Application Data\avg7
    2007-10-29 22:54 ——— d—–w C:\Program Files\IrfanView
    2007-10-24 18:40 ——— d—–w C:\Program Files\FeedReader30
    2007-10-21 18:05 ——— d—–w C:\Documents and Settings\Windows\Application Data\Uniblue
    2007-10-21 16:11 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-10-21 16:11 ——— d—–w C:\Program Files\Reallusion
    2007-10-21 16:11 ——— d—–w C:\Documents and Settings\Windows\Application Data\InstallShield
    2007-10-18 19:23 ——— d—–w C:\Program Files\2nd Speech Center
    2007-10-15 18:46 27,648 —-a-w C:\WINDOWS\instearth.exe
    2007-10-07 18:12 ——— d—–w C:\Program Files\Astro Gemini Software
    2007-10-03 18:48 ——— d—–w C:\Documents and Settings\Windows\Application Data\Feedreader
    2007-09-29 18:29 ——— d—–w C:\Documents and Settings\Windows\Application Data\Eltima Software
    2007-09-29 18:28 ——— d—–w C:\Program Files\Advanced Registry Doctor
    2007-09-29 18:26 ——— d—–w C:\Program Files\Skype Recorder
    2007-09-29 18:23 ——— d—–w C:\Program Files\Kiyut
    2007-09-29 17:52 ——— d—–w C:\Documents and Settings\Windows\Application Data\.citra
    2007-09-26 11:06 ——— d—–w C:\Program Files\ASTRA32
    2007-09-20 12:43 253,952 —-a-w C:\WINDOWS\system32\Photomatix25Lib2.dll
    2007-09-17 15:02 266,240 —-a-w C:\WINDOWS\system32\Photomatix25Lib.dll
    2007-09-06 04:35 95,525 —-a-w C:\WINDOWS\system32\Photomatix25Lib3.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 09:25]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\system32\rundll32.exe]
    "QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2004-12-26 12:10]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 09:25]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)

    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NU.nl Nieuwslezer.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\NU.nl Nieuwslezer.lnk
    backup=C:\WINDOWS\pss\NU.nl Nieuwslezer.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Windows^Menu Start^Programma's^Opstarten^Webshots.lnk]
    path=C:\Documents and Settings\Windows\Menu Start\Programma's\Opstarten\Webshots.lnk
    backup=C:\WINDOWS\pss\Webshots.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-04 01:03 15360 –a—— C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\feedreader.exe]
    C:\Program Files\FeedReader30\feedreader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
    C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    2001-12-12 01:40 196608 –a—— C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
    2006-07-13 06:21 57344 –a—— C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 10:50 155648 –a—— C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\WINDOWS\system32\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2004-11-02 20:24 32768 –a—— C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype Recorder]
    C:\Program Files\Skype Recorder\Skype Recorder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
    C:\Program Files\SPAMfighter\SFAgent.exe update delay 60

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-07-12 03:00 132496 –a—— C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-06-16 20:30 68856 –a—— C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

    R0 viaidexp;viaidexp;C:\WINDOWS\system32\drivers\viaidexp.sys
    R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;\??\C:\Program Files\ASTRA32\ASTRA32.sys
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe"
    S1 ctredrv.sys;ctredrv.sys;\??\C:\WINDOWS\system32\drivers\ctredrv.sys
    S1 SABKUTIL;SABKUTIL;\??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys
    S2 ZLZXPWMN;ZLZXPWMN;\??\C:\WINDOWS\system32\zlzxpwmn.jbv
    S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ac35b5e-92ea-11dc-a59f-000c763b201f}]
    \Shell\AutoRun\command - F:\setupSNK.exe

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-11-25 20:26:00 C:\WINDOWS\Tasks\dfrg.job"
    - C:\WINDOWS\system32\dfrg.msc
    "2007-11-20 18:55:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    "2007-10-21 17:55:44 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-26 14:29:22
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-11-26 14:30:41
    C:\ComboFix2.txt … 2007-11-25 22:15
    .
    — E O F —
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:36:52, on 26-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
    O3 - Toolbar: 2nd &Speech Center - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\PROGRA~1\2NDSPE~1\tts4ie.dll
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Windows\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
    O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com
    esources/scan8/oscan8.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotoservice.dixons.nl/Dixons/UserControls/Part/Upload/ImageUploader4.cab
    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.nl/clients/uploader_v2.2.0.6.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    End of file - 6201 bytes


  • Ik heb maar vast een systeemscan gemaakt ik hoop dat je er verder mee kan?
    Groeten Leen.
  • Weet je zeker dat je de goede file hebt geupload 8)
    USD_1.34.8_BlackManos_Pack_13.42.rar

    Hoe is het inmiddels met je problemen?

    Pim
  • [

    Hoe is het inmiddels met je problemen?

    Pim[/quote
    Het vervelende scherm komt niet meer in beeld de computer is nog wat traag en soms opent hij niet helemaal een site en geeft dan aan dat ik het afsluiten moet. Ben net klaar met superantispyware draaien er zaten 19 adware files in en die heb ik verweiderd

    waaronder 4 belangrijke de rest was cookies:

    Adware.AdRotator/RightOnz
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{62C12F5B-0182-43B7-A06E-F88454E6A780}\RP1\A0000017.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{62C12F5B-0182-43B7-A06E-F88454E6A780}\RP5\A0000309.EXE

    Unclassified.Unknown Origin
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{62C12F5B-0182-43B7-A06E-F88454E6A780}\RP5\A0000291.DLL

    Adware.AdRotator/AdsSite
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{62C12F5B-0182-43B7-A06E-F88454E6A780}\RP5\A0000310.EXE
  • Die files zitten in je systeemherstel, daar doen we later wel wat aan :)

    Doe het volgende nog even:

    Download ATF Cleaner (by Atribune)

    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:7925a57c19]Select All[/b:7925a57c19].
    Klik op de knop [b:7925a57c19]Empty Selected[/b:7925a57c19].

    Het volgende doen als je ook [u:7925a57c19]FireFox[/u:7925a57c19] als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:7925a57c19]Select All[/b:7925a57c19].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
    Klik op de knop [b:7925a57c19]Empty Selected.[/b:7925a57c19]

    Het volgende doen als je ook [u:7925a57c19]Opera[/u:7925a57c19] als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:7925a57c19]Select All[/b:7925a57c19].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:7925a57c19]Empty Selected[/b:7925a57c19].
    Ga naar het tabblad "Main" en klik op de knop [b:7925a57c19]Exit[/b:7925a57c19] om het programma af te sluiten.

    Heeft het geholpen?

    Pim

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.