Vraag & Antwoord

Beveiliging & privacy

trojans,sysdefender etc.

48 antwoorden
  • Opzich ziet't er niet zo verkeerd uit geloof ik.. tenminste.. ik heb erger gezien. de HPZipm12.exe zou je kunnen uitzetten in startup. evenals de jusched.exe. je zou ook eens kunnen kijken op: http://support.f-secure.com/enu/home/ols.shtml Ik ben zeer tevreden met deze scanner. Ik heb een soort van test pc zegmaar, waar ik regelmatig een hele berg troep binnen krijg. deze scanner heeft me nog nooit in de steek gelaten. in tegenstelling van alle geinstalleerde scanners die ik ooit heb gehad.
  • Je maakt een grapje eduard, ik zie zo al op het eerste gezicht een wareout infectie
  • Hallo, [i:a170e166af]Print de onderstaande instructies uit omdat je de computer tijdens het fixen moet herstarten. (kopieer de tekst naar bijv. Word en print dit uit)[/i:a170e166af] Download [color=blue:a170e166af][b:a170e166af]FixWareOut[/b:a170e166af][/color:a170e166af] van één van de volgende links: [list:a170e166af][*:a170e166af][url=http://downloads.subratam.org/Fixwareout.exe][b:a170e166af]http://downloads.subratam.org/Fixwareout.exe[/b:a170e166af][/url] [*:a170e166af][url=http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe][b:a170e166af]http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe[/b:a170e166af][/url][/list:u:a170e166af] Sla het op je bureaublad op en dubbelklik op [b:a170e166af]Fixwareout.exe[/b:a170e166af]. Klik op "Next", daarna op "Install". Zorg dat "Run Fixit" aangevinkt is en klik dan op "Finish". Volg de aanwijzingen op het scherm. Als je gevraagd wordt om de computer opnieuw te starten doe je dit. Het zal wat langer duren voor de computer opnieuw volledig opgestart is. [i:a170e166af]dit is normaal[/i:a170e166af]. Zodra je Bureaublad geladen is, zal een tekstbestand openen (report.txt). [i:a170e166af]Let op! Als je antivirus een scriptblokker heeft krijg je een waarschuwing zoals "malicious script warning" wanneer je dit tooltje gaat draaien. Je kunt deze waarschuwing negeren.[/i:a170e166af] Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:a170e166af] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm O2 - BHO: Google Module - {1B05A5AC-CBE0-4133-945A-3A28C053446F} - lboot32.dll (file missing) [/b:a170e166af] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. [b:a170e166af]Als je problemen hebt met de internet verbinding, voer dan het volgende uit[/b:a170e166af]: Ga naar het Configuratiescherm en klik op "Netwerkverbindingen". Rechtsklik op je standaard verbinding en kies "Eigenschappen". Klik op het tabblad "Algemeen" en dubbelklik op "Internet-Protocol (TCP/IP)". Selecteer "Automatisch een DNS-serveradres laten toewijzen". Ga naar het Configuratiescherm en klik op [i:a170e166af]"Netwerkverbindingen"[/i:a170e166af]. Rechtsklik op je standaard verbinding en kies [i:a170e166af]"Eigenschappen"[/i:a170e166af]. Klik op het tabblad [i:a170e166af]"Algemeen"[/i:a170e166af] en dubbelklik op [i:a170e166af]"Internet-Protocol (TCP/IP)"[/i:a170e166af]. Selecteer [i:a170e166af]"Automatisch een DNS-serveradres laten toewijzen".[/i:a170e166af] Ga naar Start -> Uitvoeren en tik in [i:a170e166af]"cmd" [/i:a170e166af] Druk op enter. Daarna tik je in: [b:a170e166af]ipconfig /flushdns[/b:a170e166af] Druk op enter. Sluit het venster. Herstart je computer nogmaals. Plaats de inhoud van het log dat je hier kan vinden: C:\fixwareout\report.txt, post ook een nieuw HijackThis log.
  • Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 10:25, on 2008-02-12 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS.2\System32\smss.exe C:\WINDOWS.2\system32\winlogon.exe C:\WINDOWS.2\system32\services.exe C:\WINDOWS.2\system32\lsass.exe C:\WINDOWS.2\system32\svchost.exe C:\WINDOWS.2\System32\svchost.exe C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS.2\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\CS Engineering\Scheduler\schedulerd.exe C:\WINDOWS.2\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS.2\system32\HPZipm12.exe C:\WINDOWS.2\System32\snmp.exe C:\WINDOWS.2\system32\svchost.exe C:\WINDOWS.2\system32\svchost.exe C:\WINDOWS.2\system32\mqsvc.exe C:\WINDOWS.2\system32\mqtgsvc.exe C:\WINDOWS.2\system32\WgaTray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Spamihilator\spamihilator.exe C:\Program Files\CS Engineering\Dtgw\dtgw.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\kfn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS.2\system32\taskmgr.exe C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Bureaublad\beveiliging\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [CS Engineering Desktop Gateway (HDN)] C:\Program Files\CS Engineering\Dtgw\dtgw.exe O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe" O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'Lokale service') O4 - Startup: kfn.exe O4 - Startup: Dynomic ASP Dienst.url O4 - Startup: Users O4 - Startup: FreeMem.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - Software - (no file) O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O15 - Trusted Zone: www.euroface.nl O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://asp.dynomic.nl/CACHE/stc/1/binaries/stcweb.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - https://kadata.kadaster.nl/Plugin/mgaxctrl_6.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160997807234 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://cert.abz.nl/vspta3.cab O16 - DPF: {BC24CA88-7256-45BF-A3E5-0C838E0687D4} - http://virusscanasap.4sure.it/U4/enu/vs40/PushInstall/pushinst.cab O16 - DPF: {BFB39D62-28F5-49B8-B156-56281373B156} - https://server.db.kvk.nl/WWWEXT01/install/Plugin/KVKar51.cab O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O18 - Protocol: jit - {D6749987-7E8A-472C-AB19-8F3DF0C9109C} - C:\PROGRA~1\Efdece\NWP\Client\NWPPRO~1.DLL O21 - SSODL: PrxCheck - {8a93c1f8-a5c7-445c-825f-09a668f6b729} - C:\WINDOWS.2\Installer\{8a93c1f8-a5c7-445c-825f-09a668f6b729}\PrxCheck.dll O21 - SSODL: AlrtRunOnce - {7c406c10-92cf-4b56-a78e-af3659a52c0c} - C:\WINDOWS.2\Installer\{7c406c10-92cf-4b56-a78e-af3659a52c0c}\AlrtRunOnce.dll O21 - SSODL: ChkVolume - {a4f763a4-671e-4c43-b446-796255b0719a} - C:\WINDOWS.2\Installer\{a4f763a4-671e-4c43-b446-796255b0719a}\ChkVolume.dll O21 - SSODL: ChkBoot - {6f4308d5-2893-4ebb-a0cb-e00b26a994e4} - C:\WINDOWS.2\Installer\{6f4308d5-2893-4ebb-a0cb-e00b26a994e4}\ChkBoot.dll O21 - SSODL: MonKbd - {3cef0e7f-f062-40df-8df1-51510336b228} - C:\WINDOWS.2\Installer\{3cef0e7f-f062-40df-8df1-51510336b228}\MonKbd.dll O21 - SSODL: zip - {fe8b6a42-c5fb-4510-9b91-2f0111c2d77c} - C:\WINDOWS.2\Installer\{fe8b6a42-c5fb-4510-9b91-2f0111c2d77c}\zip.dll O21 - SSODL: CheckAvp - {c0f41b8b-3807-45ce-afea-a049bb8dd812} - C:\WINDOWS.2\Installer\{c0f41b8b-3807-45ce-afea-a049bb8dd812}\CheckAvp.dll -- End of file - 9074 bytes Username "Henk Grim" - 2008-02-12 10:10:51 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "nameserver"="85.255.115.59 85.255.112.121" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{24B934A3-E9DA-4B4F-8527-2898E7CDB456} "nameserver"="85.255.115.59,85.255.112.121" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F017ADC3-E4B8-431E-972E-40B28A4BC86A} "nameserver"="85.255.115.59,85.255.112.121" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{24B934A3-E9DA-4B4F-8527-2898E7CDB456} "DhcpNameServer"="85.255.115.59,85.255.112.121" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B0F9A678-029D-4E27-9AC3-FD2A6A4AC106} "DhcpNameServer"="85.255.115.59,85.255.112.121" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F017ADC3-E4B8-431E-972E-40B28A4BC86A} "DhcpNameServer"="85.255.115.59,85.255.112.121" <Value cleared. De DNS-omzettingscache is leeggemaakt. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "Spamihilator"="\"C:\\Program Files\\Spamihilator\\spamihilator.exe\"" "CS Engineering Desktop Gateway (HDN)"="C:\\Program Files\\CS Engineering\\Dtgw\\dtgw.exe" "McAfee Managed Services Tray"="\"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myagttry.exe\"" "MVS Splash"="C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\Splash.exe" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\AutorunsDisabled] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "Spamihilator"="\"C:\\Program Files\\Spamihilator\\spamihilator.exe\"" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe" "RoboForm"="\"C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\"" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~
  • en nog even bij vermelden. hij zegt ook steeds naar opstarten computer als alles geladen is , dat hij een bestand niet kan vinden, iets met s3.cookingluck.com
  • Dat ziet er al beter uit, zit u toevallig op een bedrijfs netwerk ?
  • nee, kunnen trouwens de vermeldingen in hijachthislog onder 021 geen kwaad.
  • Kwaad is een groot woord. Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:2f99f3caea] O21 - SSODL: PrxCheck - {8a93c1f8-a5c7-445c-825f-09a668f6b729} - C:\WINDOWS.2\Installer\{8a93c1f8-a5c7-445c-825f-09a668f6b729}\PrxCheck.dll O21 - SSODL: AlrtRunOnce - {7c406c10-92cf-4b56-a78e-af3659a52c0c} - C:\WINDOWS.2\Installer\{7c406c10-92cf-4b56-a78e-af3659a52c0c}\AlrtRunOnce.dll O21 - SSODL: ChkVolume - {a4f763a4-671e-4c43-b446-796255b0719a} - C:\WINDOWS.2\Installer\{a4f763a4-671e-4c43-b446-796255b0719a}\ChkVolume.dll O21 - SSODL: ChkBoot - {6f4308d5-2893-4ebb-a0cb-e00b26a994e4} - C:\WINDOWS.2\Installer\{6f4308d5-2893-4ebb-a0cb-e00b26a994e4}\ChkBoot.dll O21 - SSODL: MonKbd - {3cef0e7f-f062-40df-8df1-51510336b228} - C:\WINDOWS.2\Installer\{3cef0e7f-f062-40df-8df1-51510336b228}\MonKbd.dll O21 - SSODL: zip - {fe8b6a42-c5fb-4510-9b91-2f0111c2d77c} - C:\WINDOWS.2\Installer\{fe8b6a42-c5fb-4510-9b91-2f0111c2d77c}\zip.dll O21 - SSODL: CheckAvp - {c0f41b8b-3807-45ce-afea-a049bb8dd812} - C:\WINDOWS.2\Installer\{c0f41b8b-3807-45ce-afea-a049bb8dd812}\CheckAvp.dll [/b:2f99f3caea] Klik op 'Fix checked' om de items te verwijderen. vertel even hoe het nu gaat aub.
  • kan die bestanden niet fixen en kreeg ook een rare melding. heb ik een nieuwe hijach gedownload en bij deze de log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:48, on 2008-02-12 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS.2\System32\smss.exe C:\WINDOWS.2\system32\winlogon.exe C:\WINDOWS.2\system32\services.exe C:\WINDOWS.2\system32\lsass.exe C:\WINDOWS.2\system32\svchost.exe C:\WINDOWS.2\System32\svchost.exe C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS.2\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\CS Engineering\Scheduler\schedulerd.exe C:\WINDOWS.2\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS.2\system32\HPZipm12.exe C:\Program Files\CS Engineering\Dtgw\dtgw.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe C:\WINDOWS.2\System32\snmp.exe C:\WINDOWS.2\system32\svchost.exe C:\Program Files\Spamihilator\spamihilator.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\WINDOWS.2\system32\svchost.exe C:\WINDOWS.2\system32\mqsvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\kfn.exe C:\WINDOWS.2\system32\mqtgsvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS.2\system32\WgaTray.exe C:\WINDOWS.2\System32\svchost.exe C:\WINDOWS.2\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [CS Engineering Desktop Gateway (HDN)] C:\Program Files\CS Engineering\Dtgw\dtgw.exe O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe" O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'Lokale service') O4 - Startup: kfn.exe O4 - Startup: Dynomic ASP Dienst.url O4 - Startup: Users O4 - Startup: FreeMem.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - Software - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O15 - Trusted Zone: www.euroface.nl O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://asp.dynomic.nl/CACHE/stc/1/binaries/stcweb.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - https://kadata.kadaster.nl/Plugin/mgaxctrl_6.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160997807234 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://cert.abz.nl/vspta3.cab O16 - DPF: {BC24CA88-7256-45BF-A3E5-0C838E0687D4} - http://virusscanasap.4sure.it/U4/enu/vs40/PushInstall/pushinst.cab O16 - DPF: {BFB39D62-28F5-49B8-B156-56281373B156} - https://server.db.kvk.nl/WWWEXT01/install/Plugin/KVKar51.cab O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O18 - Protocol: jit - {D6749987-7E8A-472C-AB19-8F3DF0C9109C} - C:\PROGRA~1\Efdece\NWP\Client\NWPPRO~1.DLL O21 - SSODL: PrxCheck - {8a93c1f8-a5c7-445c-825f-09a668f6b729} - C:\WINDOWS.2\Installer\{8a93c1f8-a5c7-445c-825f-09a668f6b729}\PrxCheck.dll O21 - SSODL: ChkBoot - {6f4308d5-2893-4ebb-a0cb-e00b26a994e4} - C:\WINDOWS.2\Installer\{6f4308d5-2893-4ebb-a0cb-e00b26a994e4}\ChkBoot.dll O21 - SSODL: AlrtRunOnce - {7c406c10-92cf-4b56-a78e-af3659a52c0c} - C:\WINDOWS.2\Installer\{7c406c10-92cf-4b56-a78e-af3659a52c0c}\AlrtRunOnce.dll O21 - SSODL: ChkVolume - {a4f763a4-671e-4c43-b446-796255b0719a} - C:\WINDOWS.2\Installer\{a4f763a4-671e-4c43-b446-796255b0719a}\ChkVolume.dll O21 - SSODL: MonKbd - {3cef0e7f-f062-40df-8df1-51510336b228} - C:\WINDOWS.2\Installer\{3cef0e7f-f062-40df-8df1-51510336b228}\MonKbd.dll O21 - SSODL: CheckAvp - {c0f41b8b-3807-45ce-afea-a049bb8dd812} - C:\WINDOWS.2\Installer\{c0f41b8b-3807-45ce-afea-a049bb8dd812}\CheckAvp.dll O21 - SSODL: zip - {15f9f5ea-b65e-4665-b918-52e45a44d55f} - C:\WINDOWS.2\Installer\{15f9f5ea-b65e-4665-b918-52e45a44d55f}\zip.dll O21 - SSODL: SysRom - {4c0ccfbf-5ebc-4ec6-890c-383eacf43e45} - C:\WINDOWS.2\Installer\{4c0ccfbf-5ebc-4ec6-890c-383eacf43e45}\SysRom.dll O21 - SSODL: DriveKernel - {bf1d6ad9-0a6d-498a-a033-9e83a190f4f3} - C:\WINDOWS.2\Installer\{bf1d6ad9-0a6d-498a-a033-9e83a190f4f3}\DriveKernel.dll O21 - SSODL: UnknownSys - {46fff31d-d617-46a0-be50-69d2c63154f3} - C:\WINDOWS.2\Installer\{46fff31d-d617-46a0-be50-69d2c63154f3}\UnknownSys.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CSE Scheduler Daemon (CSE Scheduler) - CS Net - C:\Program Files\CS Engineering\Scheduler\schedulerd.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - (no file) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Beveiligingsservice tegen virussen en spyware (myAgtSvc) - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.2\system32\HPZipm12.exe O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe O23 - Service: Universele Plug en Play-apparaathost upnphostlanmanserver (upnphostlanmanserver) - Unknown owner - C:\WINDOWS.2\system32\vgan.exe -- End of file - 11331 bytes
  • 1) Open een kladblokbestand. 2) Kopieer onderstaande code in dit kladblokbestand. 3) Ga naar Bestand - Opslaan als. -Bij "Opslaan in" kies je: Bureaublad -Bij "Bestandsnaam" zet je: fix.reg -Bij "Opslaan als type" selecteer je: Alle bestanden (*.*). -Klik op de knop Opslaan. [code:1:f8d51e710b] REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PrxCheck"=- "AlrtRunOnce"=- "ChkVolume"=- "ChkBoot"=- "MonKbd"=- "zip"=- "CheckAvp"=- [/code:1:f8d51e710b] 4) Sla dit op als [b:f8d51e710b]fix.reg[/b:f8d51e710b] kies voor opslaan als *alle bestanden en plaats het op je bureaublad. Zo moet die regfix er nadien uitzien: [img:f8d51e710b]http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif[/img:f8d51e710b] Dubbelklik erop. Bij de vraag of je het wilt toevoegen aan het register, klik je op ja/ok. plaats even een nieuw HJT logje aub
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:39, on 2008-02-12 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS.2\System32\smss.exe C:\WINDOWS.2\system32\winlogon.exe C:\WINDOWS.2\system32\services.exe C:\WINDOWS.2\system32\lsass.exe C:\WINDOWS.2\system32\svchost.exe C:\WINDOWS.2\System32\svchost.exe C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS.2\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\CS Engineering\Scheduler\schedulerd.exe C:\WINDOWS.2\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS.2\system32\HPZipm12.exe C:\Program Files\CS Engineering\Dtgw\dtgw.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe C:\WINDOWS.2\System32\snmp.exe C:\WINDOWS.2\system32\svchost.exe C:\Program Files\Spamihilator\spamihilator.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\WINDOWS.2\system32\svchost.exe C:\WINDOWS.2\system32\mqsvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\kfn.exe C:\WINDOWS.2\system32\mqtgsvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS.2\system32\WgaTray.exe C:\WINDOWS.2\System32\svchost.exe C:\WINDOWS.2\explorer.exe C:\Program Files\Efdece\NWP\Client\nwp.exe C:\PROGRA~1\Efdece\NWP\Server\EFDECE~1.EXE C:\WINDOWS.2\system32\taskmgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqDIREC.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Cisco Systems\SSL VPN Client\GUI.exe C:\WINDOWS.2\system32\mstsc.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [CS Engineering Desktop Gateway (HDN)] C:\Program Files\CS Engineering\Dtgw\dtgw.exe O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe" O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'Lokale service') O4 - Startup: kfn.exe O4 - Startup: Dynomic ASP Dienst.url O4 - Startup: Users O4 - Startup: FreeMem.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - Software - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O15 - Trusted Zone: www.euroface.nl O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://asp.dynomic.nl/CACHE/stc/1/binaries/stcweb.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - https://kadata.kadaster.nl/Plugin/mgaxctrl_6.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160997807234 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://cert.abz.nl/vspta3.cab O16 - DPF: {BC24CA88-7256-45BF-A3E5-0C838E0687D4} - http://virusscanasap.4sure.it/U4/enu/vs40/PushInstall/pushinst.cab O16 - DPF: {BFB39D62-28F5-49B8-B156-56281373B156} - https://server.db.kvk.nl/WWWEXT01/install/Plugin/KVKar51.cab O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O18 - Protocol: jit - {D6749987-7E8A-472C-AB19-8F3DF0C9109C} - C:\PROGRA~1\Efdece\NWP\Client\NWPPRO~1.DLL O21 - SSODL: SysRom - {4c0ccfbf-5ebc-4ec6-890c-383eacf43e45} - C:\WINDOWS.2\Installer\{4c0ccfbf-5ebc-4ec6-890c-383eacf43e45}\SysRom.dll O21 - SSODL: DriveKernel - {bf1d6ad9-0a6d-498a-a033-9e83a190f4f3} - C:\WINDOWS.2\Installer\{bf1d6ad9-0a6d-498a-a033-9e83a190f4f3}\DriveKernel.dll O21 - SSODL: UnknownSys - {46fff31d-d617-46a0-be50-69d2c63154f3} - C:\WINDOWS.2\Installer\{46fff31d-d617-46a0-be50-69d2c63154f3}\UnknownSys.dll O21 - SSODL: PrxCheck - {8a93c1f8-a5c7-445c-825f-09a668f6b729} - C:\WINDOWS.2\Installer\{8a93c1f8-a5c7-445c-825f-09a668f6b729}\PrxCheck.dll O21 - SSODL: MonKbd - {3cef0e7f-f062-40df-8df1-51510336b228} - C:\WINDOWS.2\Installer\{3cef0e7f-f062-40df-8df1-51510336b228}\MonKbd.dll O21 - SSODL: ChkBoot - {6f4308d5-2893-4ebb-a0cb-e00b26a994e4} - C:\WINDOWS.2\Installer\{6f4308d5-2893-4ebb-a0cb-e00b26a994e4}\ChkBoot.dll O21 - SSODL: CheckAvp - {c0f41b8b-3807-45ce-afea-a049bb8dd812} - C:\WINDOWS.2\Installer\{c0f41b8b-3807-45ce-afea-a049bb8dd812}\CheckAvp.dll O21 - SSODL: ChkVolume - {a4f763a4-671e-4c43-b446-796255b0719a} - C:\WINDOWS.2\Installer\{a4f763a4-671e-4c43-b446-796255b0719a}\ChkVolume.dll O21 - SSODL: AlrtRunOnce - {7c406c10-92cf-4b56-a78e-af3659a52c0c} - C:\WINDOWS.2\Installer\{7c406c10-92cf-4b56-a78e-af3659a52c0c}\AlrtRunOnce.dll O21 - SSODL: zip - {15f9f5ea-b65e-4665-b918-52e45a44d55f} - C:\WINDOWS.2\Installer\{15f9f5ea-b65e-4665-b918-52e45a44d55f}\zip.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CSE Scheduler Daemon (CSE Scheduler) - CS Net - C:\Program Files\CS Engineering\Scheduler\schedulerd.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - (no file) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Beveiligingsservice tegen virussen en spyware (myAgtSvc) - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.2\system32\HPZipm12.exe O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe O23 - Service: Universele Plug en Play-apparaathost upnphostlanmanserver (upnphostlanmanserver) - Unknown owner - C:\WINDOWS.2\system32\vgan.exe -- End of file - 11914 bytes
  • Ok anders. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:b6f1bc465c]Combofix[/b:b6f1bc465c][/url] naar je Bureaublad. Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:b6f1bc465c]download Combofix opnieuw[/b:b6f1bc465c]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:b6f1bc465c] Dubbelklik op [b:b6f1bc465c]Combofix.exe[/b:b6f1bc465c] Volg de instructies, aanvaard de disclaimer door [b:b6f1bc465c]1[/b:b6f1bc465c] (continue) te typen, gevolgd door [b:b6f1bc465c]ENTER[/b:b6f1bc465c]. Tijdens het runnen van de fix, [b:b6f1bc465c]NIET[/b:b6f1bc465c] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:b6f1bc465c] Wanneer de fix voltooid is en na herstart, zal de log [b:b6f1bc465c]combofix.txt[/b:b6f1bc465c] openen. [i:b6f1bc465c]Plaats dit log in je volgende post samen met een nieuw HijackThis log.[/i:b6f1bc465c]
  • ComboFix 08-02-13.1 - Henk Grim 2008-02-12 22:10:57.18 - [color=red:2cbcd721d3][b:2cbcd721d3]FAT32[/b:2cbcd721d3][/color:2cbcd721d3]x86 Gestart vanuit: C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt [color=red:2cbcd721d3][b:2cbcd721d3]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:2cbcd721d3][/color:2cbcd721d3] . (((((((((((((((((((( Bestanden Gemaakt van 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))) . 2008-02-12 16:42 . 2008-02-12 16:42 9,728 --a------ C:\Program Files\tmp12041281.exe 2008-02-12 16:42 . 2008-02-12 16:42 9,728 --a------ C:\Program Files\tmp12040625.exe 2008-02-12 16:42 . 2008-02-12 16:42 9,728 --a------ C:\Program Files\tmp12040187.exe 2008-02-12 16:42 . 2008-02-12 16:43 9,728 --a------ C:\Program Files\tmp12039968.exe 2008-02-12 16:42 . 2008-02-12 16:42 9,728 --a------ C:\Program Files\tmp12038687.exe 2008-02-12 16:42 . 2008-02-12 16:42 9,728 --a------ C:\Program Files\tmp12038546.exe 2008-02-12 13:40 . 2008-02-12 13:40 8,704 --a------ C:\WINDOWS.2\system32\LogCrypt.dll 2008-02-12 13:36 . 2008-02-12 13:36 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-12 13:11 . 2008-02-12 13:11 12,288 --a------ C:\Program Files\tmp9757562.exe 2008-02-12 13:11 . 2008-02-12 13:11 10,240 --a------ C:\Program Files\tmp9751953.exe 2008-02-12 13:07 . 2008-02-12 13:07 <DIR> dr-h----- C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Onlangs geopend 2008-02-12 13:06 . 2007-05-02 04:01 49,265 --a------ C:\WINDOWS.2\system32\jpicpl32.cpl 2008-02-12 01:50 . 2008-02-12 01:50 10,240 --a------ C:\Program Files\tmp4982093.exe 2008-02-12 01:50 . 2008-02-12 01:50 10,240 --a------ C:\Program Files\tmp4982062.exe 2008-02-11 12:41 . 2008-02-11 12:41 <DIR> d--hs---- C:\FOUND.002 2008-02-11 11:56 . 2008-02-11 11:56 46,080 --a------ C:\Program Files\tmp163296.exe 2008-02-11 11:56 . 2008-02-11 11:56 46,080 --a------ C:\Program Files\tmp160515.exe 2008-02-11 11:56 . 2008-02-11 11:56 12,288 --a------ C:\Program Files\tmp156921.exe 2008-02-10 11:26 . 2008-02-10 11:26 12,288 --a------ C:\Program Files\tmp52032906.exe 2008-02-10 11:26 . 2008-02-10 11:26 12,288 --a------ C:\Program Files\tmp52031703.exe 2008-02-10 11:25 . 2008-02-10 11:26 10,240 --a------ C:\Program Files\tmp52031562.exe 2008-02-10 11:25 . 2008-02-10 11:26 10,240 --a------ C:\Program Files\tmp52031468.exe 2008-02-10 11:25 . 2008-02-10 11:25 10,240 --a------ C:\Program Files\tmp52031375.exe 2008-02-10 11:25 . 2008-02-10 11:25 10,240 --a------ C:\Program Files\tmp52031359.exe 2008-02-10 11:25 . 2008-02-10 11:25 10,240 --a------ C:\Program Files\tmp52030984.exe 2008-02-10 11:25 . 2008-02-10 11:25 10,240 --a------ C:\Program Files\tmp52030234.exe 2008-02-10 11:25 . 2008-02-10 11:25 10,240 --a------ C:\Program Files\tmp52029890.exe 2008-02-09 21:55 . 2008-02-09 21:55 <DIR> d-------- C:\RVAXO 2008-02-09 20:53 . 2008-02-08 17:18 675,663 --a------ C:\WINDOWS.2\system32\RVAXO.bat 2008-02-09 20:53 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS.2\system32\remove.exe 2008-02-09 18:04 . 2008-02-09 18:04 <DIR> d-------- C:\VundoFix Backups 2008-02-09 11:07 . 2008-02-09 11:07 <DIR> d-------- C:\Program Files\SysCleaner 2008-02-09 10:56 . 2008-02-09 10:56 46,080 --a------ C:\Program Files\tmp360703.exe 2008-02-09 10:56 . 2008-02-09 10:56 12,288 --a------ C:\Program Files\tmp359703.exe 2008-02-09 10:56 . 2008-02-09 10:56 10,240 --a------ C:\Program Files\tmp359546.exe 2008-02-09 10:56 . 2008-02-09 10:56 10,240 --a------ C:\Program Files\tmp359515.exe 2008-02-09 10:56 . 2008-02-09 10:56 10,240 --a------ C:\Program Files\tmp359375.exe 2008-02-09 10:56 . 2008-02-09 10:56 10,240 --a------ C:\Program Files\tmp359312.exe 2008-02-09 10:56 . 2008-02-09 10:56 10,240 --a------ C:\Program Files\tmp359187.exe 2008-02-09 10:56 . 2008-02-09 10:56 10,240 --a------ C:\Program Files\tmp359171.exe 2008-02-08 13:20 . 2008-02-08 13:20 10,240 --a------ C:\Program Files\tmp2670953.exe 2008-02-08 11:52 . 2008-02-08 11:52 17,920 --ahs---- C:\WINDOWS.2\system32\imapiz.dll 2008-02-08 11:39 . 2008-02-08 11:39 10,240 --a------ C:\Program Files\tmp152671.exe 2008-02-08 10:36 . 2008-02-08 10:36 <DIR> d--hs---- C:\FOUND.001 2008-02-08 10:21 . 2008-02-12 18:54 309 --a-s---- C:\WINDOWS.2\system32\413092562.dat 2008-02-08 10:21 . 2008-02-08 10:21 1 --a------ C:\WINDOWS.2\system32\rc.dat 2008-02-08 10:21 . 2008-02-08 10:21 1 --a------ C:\WINDOWS.2\system32\ps1.dat 2008-02-08 10:20 . 2008-02-08 10:20 53,760 --a------ C:\WINDOWS.2\system32\lboot32.dll 2008-02-08 10:20 . 2008-02-08 10:20 38,400 -r-hs---- C:\WINDOWS.2\system32\vgan.exe 2008-02-08 10:16 . 2008-02-08 10:39 69,632 --a------ C:\WINDOWS.2\system32\csrssw.dll 2008-02-08 10:15 . 2008-02-08 10:15 <DIR> d--hs---- C:\FOUND.000 2008-02-08 10:01 . 2008-02-08 10:01 53,760 --a------ C:\WINDOWS.2\system32\wsots32.dll 2008-02-08 10:01 . 2008-02-08 10:00 38,400 -r-hs---- C:\WINDOWS.2\system32\ctypey.exe 2008-02-08 10:01 . 2008-02-08 10:01 34,432 --a------ C:\WINDOWS.2\system32\drivers\ntio922.sys 2008-02-08 10:01 . 2008-02-08 10:02 29 --a------ C:\WINDOWS.2\system32\gwartsqp.tmp 2008-02-08 10:01 . 2008-02-08 10:01 0 --a------ C:\5E.tmp 2008-02-08 10:01 . 2008-02-08 10:01 0 --a------ C:\5D.tmp 2008-02-08 09:59 . 2008-02-08 09:59 78,848 --a------ C:\WINDOWS.2\taskmon.exe 2008-02-08 09:59 . 2008-02-08 09:58 13,682 --a------ C:\WINDOWS.2\system32\n2ewma1xxsv234.exe 2008-02-08 09:58 . 2008-02-08 09:58 17,872 --a------ C:\WINDOWS.2\system32\wind32.exe 2008-02-08 09:58 . 2008-02-08 09:58 17,872 --a------ C:\syslmbr.exe 2008-02-07 23:11 . 2008-02-07 23:11 594 --a------ C:\MFW22.xml 2008-02-07 20:43 . 2008-02-07 20:42 28,224 --a------ C:\WINDOWS.2\system32\QnOUEej4.exe 2008-02-07 20:43 . 2008-02-07 20:43 166 --a------ C:\key.shm 2008-02-06 19:34 . 2008-02-06 19:34 36,864 --a------ C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\winrlid.exe 2008-02-06 19:34 . 2008-02-06 19:34 28,672 --a------ C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\winswvg.exe 2008-02-06 19:34 . 2004-08-03 23:03 24,576 --a------ C:\WINDOWS.2\system32\userini.exe 2008-02-02 21:46 . 2008-02-02 21:46 635,337 --a------ C:\WINDOWS.2\system32\unins000.exe 2008-02-02 21:46 . 1998-06-24 00:00 200,496 --a-s---- C:\WINDOWS.2\system32\DBLIST32.OCX 2008-02-02 21:46 . 2002-10-04 13:39 198,848 --a-s---- C:\WINDOWS.2\system32\MCI32.OCX 2008-02-02 21:46 . 1998-06-24 00:00 164,144 --a-s---- C:\WINDOWS.2\system32\COMCT232.OCX 2008-02-02 21:46 . 1998-06-24 00:00 103,744 --a-s---- C:\WINDOWS.2\system32\MSCOMM32.OCX 2008-02-02 21:46 . 2000-05-22 16:58 83,144 --a-s---- C:\WINDOWS.2\system32\PICCLP32.OCX 2008-02-02 21:46 . 1998-06-24 01:00 67,376 --a-s---- C:\WINDOWS.2\system32\SYSINFO.OCX 2008-02-02 21:46 . 2008-02-02 21:46 2,241 --a------ C:\WINDOWS.2\system32\unins000.dat 2008-02-02 16:03 . 2008-02-01 09:50 245,760 --a------ C:\WINDOWS.2\system32\JkDefragScreenSaver.exe 2008-02-02 16:03 . 2008-02-01 09:50 110,592 --a------ C:\WINDOWS.2\system32\JkDefragScreenSaver.scr 2008-02-01 21:10 . 2008-02-01 21:10 594 --a------ C:\MFW21.xml 2008-01-30 17:18 . 2008-01-30 17:18 594 --a------ C:\MFW20.xml 2008-01-30 11:43 . 25,984 C:\WINDOWS.2\system32\drivers\Jnq72.sys 2008-01-30 11:43 . 2008-01-30 11:43 0 --a------ C:\B1.tmp 2008-01-30 11:43 . 2008-01-30 11:43 0 --a------ C:\B0.tmp 2008-01-30 11:43 . 2008-01-30 11:43 0 --a------ C:\AF.tmp 2008-01-30 11:43 . 2008-01-30 11:43 0 --a------ C:\AE.tmp 2008-01-30 11:43 . 2008-01-30 11:43 0 --a------ C:\AD.tmp 2008-01-30 11:43 . 2008-01-30 11:43 0 --a------ C:\AC.tmp 2008-01-17 13:45 . 2008-01-17 13:45 <DIR> d-------- C:\Program Files\Foxit Software 2008-01-16 14:49 . 2008-01-16 14:49 <DIR> d-------- C:\Program Files\REAAL 2008-01-16 14:49 . 2004-03-09 16:45 275,216 --a-s---- C:\WINDOWS.2\system32\MSDATGRD.OCX 2008-01-16 14:49 . 2000-05-22 17:58 118,976 --a------ C:\WINDOWS.2\system32\msadodc.ocx 2008-01-16 14:49 . 2002-10-31 14:31 50,080 --a------ C:\WINDOWS.2\system32\c1regsvr.exe 2008-01-16 14:49 . 1998-10-19 13:34 37,062 --a------ C:\WINDOWS.2\system32\odbcinst.hlp 2008-01-16 14:49 . 2001-07-30 18:40 24,576 --a------ C:\WINDOWS.2\system32\msxml3a.dll 2008-01-16 14:49 . 1998-10-19 13:34 324 --a------ C:\WINDOWS.2\system32\odbcinst.cnt 2008-01-16 14:47 . 2008-01-16 14:47 <DIR> d-------- C:\temp\3.50 - 20070926 CDROM September . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-10 20:58 12,632 ----a-w C:\WINDOWS.2\system32\lsdelete.exe 2008-02-08 09:01 70,144 ----a-w C:\nethlpr.exe 2008-02-08 09:01 10,880 ----a-w C:\WINDOWS.2\system32\drivers\ndisaluo.sys 2008-02-08 09:00 25,600 ----a-w C:\WINDOWS.2\system32\fci.exe 2008-01-10 20:50 --------- d-----w C:\Program Files\HDGraph 2008-01-09 19:21 --------- d-----w C:\Program Files\IObit 2008-01-09 19:20 19,728 ----a-w C:\WINDOWS.2\system32\pgdfgsvc.exe 2008-01-08 11:21 --------- d-----w C:\Program Files\Common Files\McAfee 2008-01-08 11:16 --------- d-----w C:\Program Files\McAfee 2008-01-07 19:08 --------- d-----w C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\SiteAdvisor 2007-12-21 17:46 --------- d-----w C:\Program Files\Enigma Software Group 2007-12-14 12:15 --------- d-----w C:\Program Files\7+ Offerte 2007-12-13 11:44 --------- d-----w C:\Program Files\Winbank 2007-12-05 14:27 4,540 ----a-w C:\Program Files\INSTALL.LOG 2007-11-14 07:29 450,560 ----a-w C:\WINDOWS.2\system32\dllcache\jscript.dll 2007-01-25 08:18 528 ----a-w C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\SetPaths.bat 2007-01-25 08:18 2,416 ----a-w C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\GetPaths.vbs 2005-07-04 23:33 28,368 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT 2005-01-24 09:42 1,601,536 ----a-w C:\Documents and Settings\Administrator\Application Data\SecureTraveler.exe 2004-08-26 18:36 141 ----a-w C:\Program Files\pcdocrx_order.html 2004-08-03 23:03 102,400 ----a-w C:\Program Files\Common Files\msjro.dll 2004-07-18 09:32 98,304 ----a-w C:\Program Files\Common Files\interop.adodb.dll 2004-07-18 09:32 9,216 ----a-w C:\Program Files\Common Files\Interop.JRO.dll 2003-04-09 09:09 560 ------w C:\Program Files\Global.sw 2002-11-08 14:59 0 ------w C:\Program Files\Common Files\as.ini 2001-11-23 11:08 712,704 ----a-w C:\WINDOWS.2\inf\OTHER\AUDIO3D.DLL 2001-11-20 15:58 493,568 ------w C:\Program Files\kod.exe 2001-10-19 23:59 6,630 ----a-w C:\Program Files\UNWISE.INI 2001-09-28 16:00 164,864 ----a-w C:\Program Files\UNWISE.EXE 2001-09-07 12:00 487,424 ----a-w C:\Program Files\Common Files\msado15.dll 2001-03-11 09:59 766 ----a-w C:\Program Files\pcdoc.ico 1999-09-23 10:36 266 --sh--w C:\Program Files\desktop.ini 1999-09-23 10:36 11,209 ---h--w C:\Program Files\folder.htt 2006-10-09 09:56 5 --sha-w C:\WINDOWS.2\system32\ebfcbdda8_s.dll . [code:1:2cbcd721d3]<pre> ------w 30,208 2000-02-11 16:56:52 C:\WINDOWS\Favorieten\Koppelingen\W\Toggle .exe ----a-w 30,208 2000-02-11 16:56:52 C:\Documents And Settings\Henk Grim\Favorieten\Koppelingen\W\Toggle .exe ----a-w 30,208 2000-02-11 16:56:52 C:\Documents And Settings\Administrator\Favorieten\Koppelingen\W\Toggle .exe ----a-w 30,208 2000-02-11 16:56:52 C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Favorieten\Koppelingen\W\Toggle .exe </pre>[/code:1:2cbcd721d3] ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2007-08-17 16:24 716800] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 14:39 68856] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-03 11:38 160592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840] "Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2007-08-17 16:24 716800] "CS Engineering Desktop Gateway (HDN)"="C:\Program Files\CS Engineering\Dtgw\dtgw.exe" [2006-10-04 09:58 45056] "McAfee Managed Services Tray"="C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe" [2007-06-11 13:34 190016] "MVS Splash"="C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" [2007-03-13 21:55 468544] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\ kfn.exe [2005-04-18 08:48:52 1723520] Dynomic ASP Dienst.url [2006-06-26 13:16:16 213] FreeMem.exe [2001-03-23 19:25:02 61440] C:\Documents And Settings\All Users.WINDOWS.2\Menu Start\Programma's\Opstarten\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 0 (0x0) "HideShutdownScripts"= 0 (0x0) "RunLogonScriptSync"= 0 (0x0) "RunStartupScriptSync"= 0 (0x0) "HideStartupScripts"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) "NoWelcomeScreen"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoMovingBands"= 0 (0x0) "NoCloseDragDropBands"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoChangeKeyboardNavigationIndicators"= 0 (0x0) "NoChangeAnimation"= 0 (0x0) "NoAddPrinter"= 0 (0x0) "NoDeletePrinter"= 0 (0x0) "RestrictCpl"= 0 (0x0) "DisallowCpl"= 0 (0x0) "NoViewOnDrive"= 0 (0x0) "RestrictRun"= 0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "SysRom"= {4c0ccfbf-5ebc-4ec6-890c-383eacf43e45} - C:\WINDOWS.2\Installer\{4c0ccfbf-5ebc-4ec6-890c-383eacf43e45}\SysRom.dll [2008-02-08 11:39 14374] "DriveKernel"= {bf1d6ad9-0a6d-498a-a033-9e83a190f4f3} - C:\WINDOWS.2\Installer\{bf1d6ad9-0a6d-498a-a033-9e83a190f4f3}\DriveKernel.dll [2008-02-12 13:11 13862] "UnknownSys"= {46fff31d-d617-46a0-be50-69d2c63154f3} - C:\WINDOWS.2\Installer\{46fff31d-d617-46a0-be50-69d2c63154f3}\UnknownSys.dll [2008-02-08 11:39 14374] "PrxCheck"= {8a93c1f8-a5c7-445c-825f-09a668f6b729} - C:\WINDOWS.2\Installer\{8a93c1f8-a5c7-445c-825f-09a668f6b729}\PrxCheck.dll [2008-02-08 11:39 14374] "MonKbd"= {3cef0e7f-f062-40df-8df1-51510336b228} - C:\WINDOWS.2\Installer\{3cef0e7f-f062-40df-8df1-51510336b228}\MonKbd.dll [2008-02-11 11:56 14374] "ChkBoot"= {6f4308d5-2893-4ebb-a0cb-e00b26a994e4} - C:\WINDOWS.2\Installer\{6f4308d5-2893-4ebb-a0cb-e00b26a994e4}\ChkBoot.dll [2008-02-08 10:00 12838] "CheckAvp"= {c0f41b8b-3807-45ce-afea-a049bb8dd812} - C:\WINDOWS.2\Installer\{c0f41b8b-3807-45ce-afea-a049bb8dd812}\CheckAvp.dll [2008-02-11 11:56 14374] "ChkVolume"= {a4f763a4-671e-4c43-b446-796255b0719a} - C:\WINDOWS.2\Installer\{a4f763a4-671e-4c43-b446-796255b0719a}\ChkVolume.dll [2008-02-11 11:56 14374] "AlrtRunOnce"= {7c406c10-92cf-4b56-a78e-af3659a52c0c} - C:\WINDOWS.2\Installer\{7c406c10-92cf-4b56-a78e-af3659a52c0c}\AlrtRunOnce.dll [2008-02-08 13:20 14374] "zip"= {15f9f5ea-b65e-4665-b918-52e45a44d55f} - C:\WINDOWS.2\Installer\{15f9f5ea-b65e-4665-b918-52e45a44d55f}\zip.dll [2008-02-12 13:11 38438] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll, wowfx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=C:\WINDOWS.2\pss\Adobe Reader Snelle start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Start^Programma's^Opstarten^autorun.exe] path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Start\Programma's\Opstarten\autorun.exe backup=C:\WINDOWS.2\pss\autorun.exeCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Start^Programma's^Opstarten^eFax 4.2.lnk] path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Start\Programma's\Opstarten\eFax 4.2.lnk backup=C:\WINDOWS.2\pss\eFax 4.2.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Start^Programma's^Opstarten^Fast Note.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Start^Programma's^Opstarten^KPN TaskBar Icon.LNK] path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Start\Programma's\Opstarten\KPN TaskBar Icon.LNK backup=C:\WINDOWS.2\pss\KPN TaskBar Icon.LNKCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Start\Programma's\Opstarten\Microsoft Office.lnk backup=C:\WINDOWS.2\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Start^Programma's^Opstarten^SideSlide.lnk] path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Start\Programma's\Opstarten\SideSlide.lnk backup=C:\WINDOWS.2\pss\SideSlide.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk] path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Start\Programma's\Opstarten\Windows Desktop Search.lnk backup=C:\WINDOWS.2\pss\Windows Desktop Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Henk Grim.HENK-6H0YJSNWIW^Menu Start^Programma's^Opstarten^EfdeceServer.lnk] path=C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\EfdeceServer.lnk backup=C:\WINDOWS.2\pss\EfdeceServer.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Henk Grim.HENK-6H0YJSNWIW^Menu Start^Programma's^Opstarten^ExceptionsLog.txt] path=C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\ExceptionsLog.txt backup=C:\WINDOWS.2\pss\ExceptionsLog.txtStartup [HKLM\~\startupfolder\C:^Documents and Settings^Henk Grim.HENK-6H0YJSNWIW^Menu Start^Programma's^Opstarten^findfast.exe] path=C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\findfast.exe backup=C:\WINDOWS.2\pss\findfast.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^Henk Grim.HENK-6H0YJSNWIW^Menu Start^Programma's^Opstarten^Google Desktop.lnk] path=C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\Google Desktop.lnk backup=C:\WINDOWS.2\pss\Google Desktop.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Henk Grim.HENK-6H0YJSNWIW^Menu Start^Programma's^Opstarten^kfn.exe] path=C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\kfn.exe backup=C:\WINDOWS.2\pss\kfn.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^Henk Grim.HENK-6H0YJSNWIW^Menu Start^Programma's^Opstarten^PaperMaster Live Menu 7.0.lnk] path=C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\PaperMaster Live Menu 7.0.lnk backup=C:\WINDOWS.2\pss\PaperMaster Live Menu 7.0.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Henk Grim.HENK-6H0YJSNWIW^Menu Start^Programma's^Opstarten^PaperMaster Tray Menu 7.0.lnk] path=C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\PaperMaster Tray Menu 7.0.lnk backup=C:\WINDOWS.2\pss\PaperMaster Tray Menu 7.0.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Henk Grim.HENK-6H0YJSNWIW^Menu Start^Programma's^Opstarten^SpamExperts.lnk] path=C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\SpamExperts.lnk backup=C:\WINDOWS.2\pss\SpamExperts.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] --a------ 2007-06-28 18:11 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-07-14 15:09 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2004-08-03 23:03 110592 C:\WINDOWS.2\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] --a------ 2002-10-15 18:00 1818624 C:\WINDOWS.2\mixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CANON DR2580C SVC] -ra------ 2007-09-14 13:08 106496 C:\WINDOWS.2\system32\DR25SVC.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-03 23:03 15360 C:\WINDOWS.2\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.2] --a------ 2006-07-14 21:36 107008 C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firewall auto setup] C:\DOCUME~1\HENKGR~1.HEN\LOCALS~1\Temp\winlogon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2007-10-24 12:36 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hitman Pro Expiration Helper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1] --a------ 2001-09-07 15:00 44032 C:\WINDOWS.2\ime\imkr6_1\IMEKRMIG.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a------ 2004-08-03 22:32 208952 C:\WINDOWS.2\IME\imjp8_1\IMJPMIG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InterMute] C:\WINDOWS.2\twain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS.2\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPN SMS mail] --a------ 2005-06-28 14:23 1019904 C:\Program Files\KPN SMS mail\eSMS Executive Windows.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mdac_runonce] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\noskrnl] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Printer] C:\WINDOWS.2\system32\printer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Quicknote] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm] --a------ 2008-02-03 11:38 160592 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] C:\WINDOWS.2\mrofinu27.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runtime.exe] C:\WINDOWS.2\system32\runtime.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDFix] C:\SDFix\RunThis.bat /second [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SerExt] --------- 2004-07-07 09:52 61440 C:\WINDOWS.2\system32\SerExt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Pack 1] C:\DOCUME~1\HENKGR~1.HEN\LOCALS~1\Temp\qgbbzjzt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag] --a------ 2007-07-27 21:39 3647656 C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spoolsv] C:\WINDOWS.2\system32\spoolvs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-05-02 04:15 75520 C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System] --a------ 2008-02-08 09:58 17872 C:\WINDOWS.2\system32\wind32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemSv12] C:\WINDOWS.2\system32\newmaxxsv234.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemSv121] --a------ 2008-02-08 09:58 13682 C:\WINDOWS.2\system32\n2ewma1xxsv234.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskmon] --a------ 2008-02-08 09:59 78848 C:\WINDOWS.2\taskmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcactive] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcmonitor] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader] C:\Windows\xpupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMDM PMSP Service] C:\WINDOWS.2\system32\cssrss.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wosa] R0 Jnq72;Jnq72;C:\WINDOWS.2\system32\Drivers\Jnq72.sys [] R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Spyware Terminator\sp_rsdrv2.sys [2006-10-06 16:58] R2 CSE Scheduler;CSE Scheduler Daemon;"C:\Program Files\CS Engineering\Scheduler\schedulerd.exe" [2007-02-22 18:00] R3 AVMWAN;AVM NDIS WAN CAPI-stuurprogramma;C:\WINDOWS.2\system32\DRIVERS\avmwan.sys [2001-08-17 20:13] R3 CSVirtA;Cisco Systems SSL VPN Adapter;C:\WINDOWS.2\system32\DRIVERS\CSVirtA.sys [2006-10-16 16:59] R3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI v2.0;C:\WINDOWS.2\system32\DRIVERS\fpcibase.sys [2001-08-17 20:14] S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [] S2 myAgtSvc;McAfee Beveiligingsservice tegen virussen en spyware;C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [] S2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS.2\system32\inetsrv\inetinfo.exe [2004-08-04 00:03] S2 upnphostlanmanserver;Universele Plug en Play-apparaathost upnphostlanmanserver;C:\WINDOWS.2\system32\vgan.exe srv [] S3 DectEnum;DectEnum;C:\WINDOWS.2\system32\Drivers\DectEnum.sys [2004-07-07 09:48] S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\HENKGR~1.HEN\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [] S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Spyware Terminator\FileObjInfo.sys [2006-10-06 16:58] S3 Gigusb;Dect USB Driver;C:\WINDOWS.2\system32\Drivers\Gigusb.sys [2004-07-07 09:58] S3 IUAPIWDM;ISDN USB Interface (Ver. 1.20.0029);C:\WINDOWS.2\system32\DRIVERS\IUAPIWDM.sys [2003-08-19 17:46] S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS.2\system32\3D.tmp [] S3 siellif;siellif;C:\WINDOWS.2\system32\Drivers\siellif.sys [2004-07-07 09:46] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-13 22:16:42 Windows 5.1.2600 Service Pack 2 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-02-13 22:18:10 ComboFix-quarantined-files.txt 2008-02-13 21:17:44 . 2008-02-11 11:03:19 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:25, on 2008-02-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS.2\System32\smss.exe C:\WINDOWS.2\system32\winlogon.exe C:\WINDOWS.2\system32\services.exe C:\WINDOWS.2\system32\lsass.exe C:\WINDOWS.2\system32\svchost.exe C:\WINDOWS.2\System32\svchost.exe C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS.2\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\CS Engineering\Scheduler\schedulerd.exe C:\WINDOWS.2\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS.2\system32\HPZipm12.exe C:\Program Files\CS Engineering\Dtgw\dtgw.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe C:\WINDOWS.2\System32\snmp.exe C:\WINDOWS.2\system32\svchost.exe C:\Program Files\Spamihilator\spamihilator.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\WINDOWS.2\system32\svchost.exe C:\WINDOWS.2\system32\mqsvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\kfn.exe C:\WINDOWS.2\system32\mqtgsvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS.2\system32\WgaTray.exe C:\WINDOWS.2\System32\svchost.exe C:\PROGRA~1\Efdece\NWP\Server\EFDECE~1.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Cisco Systems\SSL VPN Client\GUI.exe C:\WINDOWS.2\explorer.exe C:\WINDOWS.2\system32\notepad.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [CS Engineering Desktop Gateway (HDN)] C:\Program Files\CS Engineering\Dtgw\dtgw.exe O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe" O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'Lokale service') O4 - Startup: kfn.exe O4 - Startup: Dynomic ASP Dienst.url O4 - Startup: Users O4 - Startup: FreeMem.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - Software - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O15 - Trusted Zone: www.euroface.nl O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://asp.dynomic.nl/CACHE/stc/1/binaries/stcweb.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - https://kadata.kadaster.nl/Plugin/mgaxctrl_6.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160997807234 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://cert.abz.nl/vspta3.cab O16 - DPF: {BC24CA88-7256-45BF-A3E5-0C838E0687D4} - http://virusscanasap.4sure.it/U4/enu/vs40/PushInstall/pushinst.cab O16 - DPF: {BFB39D62-28F5-49B8-B156-56281373B156} - https://server.db.kvk.nl/WWWEXT01/install/Plugin/KVKar51.cab O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O18 - Protocol: jit - {D6749987-7E8A-472C-AB19-8F3DF0C9109C} - C:\PROGRA~1\Efdece\NWP\Client\NWPPRO~1.DLL O21 - SSODL: SysRom - {4c0ccfbf-5ebc-4ec6-890c-383eacf43e45} - C:\WINDOWS.2\Installer\{4c0ccfbf-5ebc-4ec6-890c-383eacf43e45}\SysRom.dll O21 - SSODL: DriveKernel - {bf1d6ad9-0a6d-498a-a033-9e83a190f4f3} - C:\WINDOWS.2\Installer\{bf1d6ad9-0a6d-498a-a033-9e83a190f4f3}\DriveKernel.dll O21 - SSODL: UnknownSys - {46fff31d-d617-46a0-be50-69d2c63154f3} - C:\WINDOWS.2\Installer\{46fff31d-d617-46a0-be50-69d2c63154f3}\UnknownSys.dll O21 - SSODL: PrxCheck - {8a93c1f8-a5c7-445c-825f-09a668f6b729} - C:\WINDOWS.2\Installer\{8a93c1f8-a5c7-445c-825f-09a668f6b729}\PrxCheck.dll O21 - SSODL: MonKbd - {3cef0e7f-f062-40df-8df1-51510336b228} - C:\WINDOWS.2\Installer\{3cef0e7f-f062-40df-8df1-51510336b228}\MonKbd.dll O21 - SSODL: ChkBoot - {6f4308d5-2893-4ebb-a0cb-e00b26a994e4} - C:\WINDOWS.2\Installer\{6f4308d5-2893-4ebb-a0cb-e00b26a994e4}\ChkBoot.dll O21 - SSODL: CheckAvp - {c0f41b8b-3807-45ce-afea-a049bb8dd812} - C:\WINDOWS.2\Installer\{c0f41b8b-3807-45ce-afea-a049bb8dd812}\CheckAvp.dll O21 - SSODL: ChkVolume - {a4f763a4-671e-4c43-b446-796255b0719a} - C:\WINDOWS.2\Installer\{a4f763a4-671e-4c43-b446-796255b0719a}\ChkVolume.dll O21 - SSODL: AlrtRunOnce - {7c406c10-92cf-4b56-a78e-af3659a52c0c} - C:\WINDOWS.2\Installer\{7c406c10-92cf-4b56-a78e-af3659a52c0c}\AlrtRunOnce.dll O21 - SSODL: zip - {15f9f5ea-b65e-4665-b918-52e45a44d55f} - C:\WINDOWS.2\Installer\{15f9f5ea-b65e-4665-b918-52e45a44d55f}\zip.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CSE Scheduler Daemon (CSE Scheduler) - CS Net - C:\Program Files\CS Engineering\Scheduler\schedulerd.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - (no file) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Beveiligingsservice tegen virussen en spyware (myAgtSvc) - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.2\system32\HPZipm12.exe O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe O23 - Service: Universele Plug en Play-apparaathost upnphostlanmanserver (upnphostlanmanserver) - Unknown owner - C:\WINDOWS.2\system32\vgan.exe -- End of file - 11679 bytes
  • Verwijder ComboFix via [b:859c910f22]Start[/b:859c910f22] > [b:859c910f22]Uitvoeren[/b:859c910f22], kopiëer en plak [b:859c910f22]Combofix /U[/b:859c910f22] klik op OK of toets Enter. Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan. [img:859c910f22]http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG[/img:859c910f22] Wil je dan eerst dit tooltje laten runnen aub. Download: [url="http://home.hetnet.nl/~stefsmeenk/RVAXO.exe"][color="blue"][b:859c910f22]RVAXO.exe[/b:859c910f22][/color][/url] Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken. Je kunt het programma laten uitpakken naar je bureaublad. Open nu de map RVAXO op je bureaublad en dubbelklik [b:859c910f22]RVAXO.cmd[/b:859c910f22] Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal. [b:859c910f22]Mogelijk[/b:859c910f22] start er ook een uninstaller van een rogue scanner op, [b:859c910f22]sluit deze niet af[/b:859c910f22] maar volg eventuele aanwijzingen en laat deze zijn werk doen. Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw. Laat deze lopen en wacht tot er een logfile opent. Deze is eventueel ook hier te vinden: C:\[b:859c910f22]RVAXO-results.log[/b:859c910f22] Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis. Herstart je PC niet? Laat [b:859c910f22]RVAXO[/b:859c910f22] nog een keer lopen en post dan het nieuwe logje: [b:859c910f22]C:\rvaxo-results.log [/b:859c910f22]
  • Topicstarter heeft RVAXO al gebruikt, verwijder daarom eerst de oude versie van RVAXO. Open daarvoor de map RVAXO op je bureaublad en dubbelklik [b:438fec62f4]Uninstall[/b:438fec62f4].cmd Download RVAXO dan opnieuw: [url=http://home.hetnet.nl/~stefsmeenk/RVAXO.exe][color=blue:438fec62f4]RVAXO.exe[/color:438fec62f4][/url]
  • eerst even een samenvatting wat hij deed vanmorgen bij opnieuw opstarten . en eigenlijk steeds doet. Ik krijg met namelijk eerst een melding dat hij zoekt naar iets van s3.cookingluck.com. Als ik AVG draai dan kom ik het trojan.Qhost virus tegen , hij kan dit niet verwijderen. Google neemt volgens mij andere pagina's aan dus.Ook meldingen van systemdefender, syscleaner en windows security center. In de volgende post de logjes.
  • RVAXO kan ik wel downloaden maar niet openen!
  • U had hem toch wel eerst helemaal verwijderd toch. Het heeft echt geen zin om met andere scanners dan die ik aanbied te scannen want die krijgen het toch niet weg. Open de map RVAXO op je bureaublad en dubbelklik [b:600748626f]Uninstall.cmd[/b:600748626f] Dit zal alles van RVAXO doen verwijderen. Download: [url=http://home.hetnet.nl/~stefsmeenk/RVAXO.exe][color=blue:600748626f][b:600748626f]RVAXO.exe[/b:600748626f][/color:600748626f][/url] Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken. Je kunt het programma laten uitpakken naar je bureaublad. Open nu de map RVAXO op je bureaublad en dubbelklik [b:600748626f]RVAXO.cmd[/b:600748626f] Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal. [b:600748626f]Mogelijk[/b:600748626f] start er ook een uninstaller van een rogue scanner op, [b:600748626f]sluit deze niet af[/b:600748626f] maar volg eventuele aanwijzingen en laat deze zijn werk doen. Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw. Laat deze lopen en wacht tot er een logfile opent. Deze is eventueel ook hier te vinden: C:\[b:600748626f]RVAXO-results.log[/b:600748626f] Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis. Herstart je PC niet? Laat [b:600748626f]RVAXO[/b:600748626f] nog een keer lopen en post dan het nieuwe logje: [b:600748626f]C:\rvaxo-results.log [/b:600748626f]
  • ---RVAXO.exe Updated: [b:cd4fb4d04b]2008-02-13[/b:cd4fb4d04b]---first run--- [b:cd4fb4d04b]Files found:[/b:cd4fb4d04b] C:\WINDOWS.2\system32\spoolvs.exe C:\WINDOWS.2\system32\xlibgfl254.dll C:\Program Files\udefender_setup.exe C:\Program Files\ucleaner_setup.exe C:\Program Files\tmp359187.exe C:\Program Files\tmp359171.exe C:\Program Files\tmp359312.exe C:\Program Files\tmp152671.exe C:\Program Files\tmp156921.exe C:\Program Files\tmp359515.exe C:\Program Files\tmp52029890.exe C:\Program Files\tmp52030234.exe C:\Program Files\tmp359546.exe C:\Program Files\tmp2670953.exe C:\Program Files\tmp359375.exe C:\Program Files\tmp339968.exe C:\Program Files\tmp359703.exe C:\Program Files\tmp360703.exe C:\Program Files\tmp52031359.exe C:\Program Files\tmp52030984.exe C:\Program Files\tmp4982093.exe C:\Program Files\tmp4982062.exe C:\Program Files\tmp160515.exe C:\Program Files\tmp52031375.exe C:\Program Files\tmp52031562.exe C:\Program Files\tmp340906.exe C:\Program Files\tmp9751953.exe C:\Program Files\tmp52031468.exe C:\Program Files\tmp9757562.exe C:\Program Files\tmp340937.exe C:\Program Files\tmp163296.exe C:\Program Files\tmp52031703.exe C:\Program Files\tmp52032906.exe C:\Program Files\tmp12038546.exe C:\Program Files\tmp12038687.exe C:\Program Files\tmp341703.exe C:\Program Files\tmp808421.exe C:\Program Files\tmp353109.exe C:\Program Files\tmp12040187.exe C:\Program Files\tmp12040625.exe C:\Program Files\tmp380000.exe C:\Program Files\tmp380625.exe C:\Program Files\tmp12041281.exe C:\Program Files\tmp12039968.exe C:\Program Files\tmp381312.exe C:\Program Files\tmp821734.exe C:\Program Files\tmp902296.exe C:\Program Files\tmp402000.exe C:\Program Files\tmp2687046.exe C:\Program Files\tmp2695265.exe C:\Program Files\tmp2701562.exe C:\Program Files\tmp2708578.exe C:\Program Files\tmp2715625.exe C:\Program Files\tmp402796.exe C:\Program Files\tmp2724218.exe C:\Program Files\tmp2730593.exe C:\Program Files\tmp2738828.exe C:\Program Files\tmp2748218.exe C:\Program Files\tmp2756328.exe C:\Program Files\tmp2763000.exe C:\Program Files\tmp107750.exe C:\Program Files\tmp2770187.exe C:\Program Files\tmp107343.exe C:\Program Files\tmp1080578.exe C:\Program Files\tmp1089125.exe C:\Program Files\tmp1090953.exe C:\Program Files\tmp1090937.exe C:\Program Files\tmp1098453.exe C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Application Data\printer.exe C:\WINDOWS.2\shell.exe C:\WINDOWS.2\system32\printer.exe C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\PROGRA~1\Opstarten\findfast.exe C:\Documents And Settings\All Users.WINDOWS.2\Menu Start\PROGRA~1\Opstarten\autorun.exe C:\??.tmp [b:cd4fb4d04b]Uninstallers:[/b:cd4fb4d04b] [b:cd4fb4d04b]Folders Found:[/b:cd4fb4d04b] C:\Program Files\AntiVirusPro C:\Program Files\SystemDefender C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Application Data\ultra Hosts-file was reset, If you use a custom hosts file please replace it... --------------RVAXO.exe last run--------------- [b:cd4fb4d04b]Files found:[/b:cd4fb4d04b] [b:cd4fb4d04b]Folders Found:[/b:cd4fb4d04b] --------------RVAXO.exe finished---------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:43, on 2008-02-14 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS.2\System32\smss.exe C:\WINDOWS.2\system32\winlogon.exe C:\WINDOWS.2\system32\services.exe C:\WINDOWS.2\system32\lsass.exe C:\WINDOWS.2\system32\svchost.exe C:\WINDOWS.2\System32\svchost.exe C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS.2\system32\spoolsv.exe C:\WINDOWS.2\Explorer.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\CS Engineering\Scheduler\schedulerd.exe C:\WINDOWS.2\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS.2\system32\HPZipm12.exe C:\WINDOWS.2\System32\snmp.exe C:\WINDOWS.2\system32\svchost.exe C:\WINDOWS.2\system32\svchost.exe C:\WINDOWS.2\system32\mqsvc.exe C:\WINDOWS.2\system32\mqtgsvc.exe C:\WINDOWS.2\system32\wuauclt.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\CS Engineering\Dtgw\dtgw.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS.2\system32\BluetoothAuthorizationAgent.exe C:\Program Files\Spamihilator\spamihilator.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\kfn.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O2 - BHO: (no name) - {F8133731-A74D-4D0E-85C3-6B585E563EC3} - C:\WINDOWS.2\system32\STKIT43.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [CS Engineering Desktop Gateway (HDN)] C:\Program Files\CS Engineering\Dtgw\dtgw.exe O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe" O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [BluetoothAuthorizationAgent] C:\WINDOWS.2\system32\BluetoothAuthorizationAgent.exe O4 - HKLM\..\Run: [AntiVirusPro] C:\Program Files\AntiVirusPro\AntiVirusPro.exe O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'Lokale service') O4 - Startup: kfn.exe O4 - Startup: Dynomic ASP Dienst.url O4 - Startup: Users O4 - Startup: FreeMem.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - Software - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O15 - Trusted Zone: www.euroface.nl O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://asp.dynomic.nl/CACHE/stc/1/binaries/stcweb.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - https://kadata.kadaster.nl/Plugin/mgaxctrl_6.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160997807234 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://cert.abz.nl/vspta3.cab O16 - DPF: {BC24CA88-7256-45BF-A3E5-0C838E0687D4} - http://virusscanasap.4sure.it/U4/enu/vs40/PushInstall/pushinst.cab O16 - DPF: {BFB39D62-28F5-49B8-B156-56281373B156} - https://server.db.kvk.nl/WWWEXT01/install/Plugin/KVKar51.cab O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O18 - Protocol: jit - {D6749987-7E8A-472C-AB19-8F3DF0C9109C} - C:\PROGRA~1\Efdece\NWP\Client\NWPPRO~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CSE Scheduler Daemon (CSE Scheduler) - CS Net - C:\Program Files\CS Engineering\Scheduler\schedulerd.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - (no file) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Beveiligingsservice tegen virussen en spyware (myAgtSvc) - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.2\system32\HPZipm12.exe O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe O23 - Service: Universele Plug en Play-apparaathost upnphostlanmanserver (upnphostlanmanserver) - Unknown owner - C:\WINDOWS.2\system32\vgan.exe -- End of file - 10429 bytes
  • steeds weer allerlei troep op min pc komt telekens weer terug. scan met AVG, Ad-aware gedaan. ook Combofix. Hier mijn log, wat betekenen de verwijzinegn bij 021? Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 00:58, on 2008-02-12 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS.2\System32\smss.exe C:\WINDOWS.2\system32\winlogon.exe C:\WINDOWS.2\system32\services.exe C:\WINDOWS.2\system32\lsass.exe C:\WINDOWS.2\system32\svchost.exe C:\WINDOWS.2\System32\svchost.exe C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS.2\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\CS Engineering\Scheduler\schedulerd.exe C:\WINDOWS.2\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS.2\system32\HPZipm12.exe C:\WINDOWS.2\System32\snmp.exe C:\WINDOWS.2\system32\svchost.exe C:\WINDOWS.2\system32\svchost.exe C:\WINDOWS.2\system32\mqsvc.exe C:\WINDOWS.2\system32\mqtgsvc.exe C:\WINDOWS.2\system32\WgaTray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Spamihilator\spamihilator.exe C:\Program Files\CS Engineering\Dtgw\dtgw.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents And Settings\Henk Grim.HENK-6H0YJSNWIW\Menu Start\Programma's\Opstarten\kfn.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS.2\explorer.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe C:\WINDOWS.2\system32\taskmgr.exe C:\Documents and Settings\Henk Grim.HENK-6H0YJSNWIW\Bureaublad\beveiliging\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Module - {1B05A5AC-CBE0-4133-945A-3A28C053446F} - lboot32.dll (file missing) O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [CS Engineering Desktop Gateway (HDN)] C:\Program Files\CS Engineering\Dtgw\dtgw.exe O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe" O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'Lokale service') O4 - Startup: kfn.exe O4 - Startup: Dynomic ASP Dienst.url O4 - Startup: Users O4 - Startup: FreeMem.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O15 - Trusted Zone: www.euroface.nl O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://asp.dynomic.nl/CACHE/stc/1/binaries/stcweb.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - https://kadata.kadaster.nl/Plugin/mgaxctrl_6.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160997807234 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://cert.abz.nl/vspta3.cab O16 - DPF: {BC24CA88-7256-45BF-A3E5-0C838E0687D4} - http://virusscanasap.4sure.it/U4/enu/vs40/PushInstall/pushinst.cab O16 - DPF: {BFB39D62-28F5-49B8-B156-56281373B156} - https://server.db.kvk.nl/WWWEXT01/install/Plugin/KVKar51.cab O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{24B934A3-E9DA-4B4F-8527-2898E7CDB456}: NameServer = 85.255.115.59,85.255.112.121 O17 - HKLM\System\CCS\Services\Tcpip\..\{F017ADC3-E4B8-431E-972E-40B28A4BC86A}: NameServer = 85.255.115.59,85.255.112.121 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.59 85.255.112.121 O18 - Protocol: jit - {D6749987-7E8A-472C-AB19-8F3DF0C9109C} - C:\PROGRA~1\Efdece\NWP\Client\NWPPRO~1.DLL O21 - SSODL: PrxCheck - {8a93c1f8-a5c7-445c-825f-09a668f6b729} - C:\WINDOWS.2\Installer\{8a93c1f8-a5c7-445c-825f-09a668f6b729}\PrxCheck.dll O21 - SSODL: AlrtRunOnce - {7c406c10-92cf-4b56-a78e-af3659a52c0c} - C:\WINDOWS.2\Installer\{7c406c10-92cf-4b56-a78e-af3659a52c0c}\AlrtRunOnce.dll O21 - SSODL: ChkVolume - {a4f763a4-671e-4c43-b446-796255b0719a} - C:\WINDOWS.2\Installer\{a4f763a4-671e-4c43-b446-796255b0719a}\ChkVolume.dll O21 - SSODL: ChkBoot - {6f4308d5-2893-4ebb-a0cb-e00b26a994e4} - C:\WINDOWS.2\Installer\{6f4308d5-2893-4ebb-a0cb-e00b26a994e4}\ChkBoot.dll O21 - SSODL: MonKbd - {3cef0e7f-f062-40df-8df1-51510336b228} - C:\WINDOWS.2\Installer\{3cef0e7f-f062-40df-8df1-51510336b228}\MonKbd.dll O21 - SSODL: zip - {fe8b6a42-c5fb-4510-9b91-2f0111c2d77c} - C:\WINDOWS.2\Installer\{fe8b6a42-c5fb-4510-9b91-2f0111c2d77c}\zip.dll O21 - SSODL: CheckAvp - {c0f41b8b-3807-45ce-afea-a049bb8dd812} - C:\WINDOWS.2\Installer\{c0f41b8b-3807-45ce-afea-a049bb8dd812}\CheckAvp.dll -- End of file - 9877 bytes

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.