Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

trojan horse.vundo.N

None
17 antwoorden
  • ik heb sinds kort lastvan veel pop-ups en een tragere computer
    mijn avg gaf trojan horse.Generic10, trojan horse.vundo.N en
    trojan horse.vundo.O aan
    hij kan ze alleen niet verwijderen
    ik heb ook een online scan gedaan van eset, spybot gebruikt, fixfundo gedaan en housecallgebruikt.
    ze geven wel aan dat ze een trojan horse hebben verwijdert, maar ik merk er niks van. ik heb ook firefox, en die kan ik zonder problemen gebruiken.
    probleem is dat de computer lkkr langzaam is geworden, en ik heb de computer nog maar 3 weken.
    HELP A.U.B. :o

    ik heb ook een scan gedaan met hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:07:47, on 11-5-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Packard Bell\FIJI\ABoard.exe
    C:\Program Files\Packard Bell\FIJI\AOSD.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
    vsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\beheer\AppData\Local\Temp\cbXNHXRJ.dll,#1
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\beheer\AppData\Local\Temp\hgGawVMc.dll,c
    O4 - HKCU\..\Run: [54ac34f2] rundll32.exe "C:\Users\beheer\AppData\Local\Temp\ryjoilvo.dll",b
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1210501557_9f1645dc653987ec3431944f277b43a9&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


    End of file - 9055 bytes
  • Hallo,


    [b:23c6a71a23]Schakel tijdelijk Windows Defender uit[/b:23c6a71a23]
    Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken)
    * Open Windows Defender > Klik [b:23c6a71a23]Tools[/b:23c6a71a23]
    * Klik [b:23c6a71a23]"General Settings"[/b:23c6a71a23] of [b:23c6a71a23]Options[/b:23c6a71a23]
    * Scroll naar [b:23c6a71a23]"Real Time Protection Options"[/b:23c6a71a23]
    * Haal het vinkje weg bij [b:23c6a71a23]"Turn on Real Time Protection (recommended)"[/b:23c6a71a23] > Klik [b:23c6a71a23]"Save"[/b:23c6a71a23]
    * Sluit Windows Defender
    (als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)



    Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
    Kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:23c6a71a23]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\beheer\AppData\Local\Temp\cbXNHXRJ.dll,#1
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\beheer\AppData\Local\Temp\hgGawVMc.dll,c
    O4 - HKCU\..\Run: [54ac34f2] rundll32.exe "C:\Users\beheer\AppData\Local\Temp\ryjoilvo.dll",b
    [/b:23c6a71a23]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Download ATF cleaner (gemaakt door Atribune)
    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:23c6a71a23]Select All[/b:23c6a71a23].
    Klik op de knop [b:23c6a71a23]Empty Selected[/b:23c6a71a23].

    Het volgende doen als je ook FireFox als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:23c6a71a23]Select All[/b:23c6a71a23].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
    Klik op de knop [b:23c6a71a23]Empty Selected[/b:23c6a71a23].

    Het volgende doen als je ook Opera als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:23c6a71a23]Select All[/b:23c6a71a23].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:23c6a71a23]Empty Selected[/b:23c6a71a23].
    Ga naar het tabblad "Main" en klik op de knop [b:23c6a71a23]Exit[/b:23c6a71a23] om het programma af te sluiten.

    Download Malwarebytes' Anti-Malware via [b:23c6a71a23]hier[/b:23c6a71a23] of [b:23c6a71a23]hier[/b:23c6a71a23].

    Dubbelklik mbam-setup.exe om het programma te installeren.[list:23c6a71a23]
    [*:23c6a71a23]Zorg ervoor dat er een vinkje geplaatst is voor [b:23c6a71a23]Update Malwarebytes' Anti-Malware[/b:23c6a71a23] en [b:23c6a71a23]Launch Malwarebytes' Anti-Malware[/b:23c6a71a23], Klik daarna op "finish".
    [*:23c6a71a23]Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
    [*:23c6a71a23]Wanneer het programma volledig up to date is, selecteer "[b:23c6a71a23]Perform Quick Scan[/b:23c6a71a23]", daarna klik [b:23c6a71a23]Scan[/b:23c6a71a23].
    [*:23c6a71a23]Het scannen kan een tijdje duren, dus wees geduldig.
    [*:23c6a71a23]Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
    [*:23c6a71a23]Zorg ervoor dat daar [b:23c6a71a23]alles aangevinkt is[/b:23c6a71a23], daarna klik: [b:23c6a71a23]Remove Selected[/b:23c6a71a23].
    [*:23c6a71a23]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
    [*:23c6a71a23]De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
    [*:23c6a71a23]Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.
    [/list:u:23c6a71a23]
    Extra opmerking:
    [b:23c6a71a23]Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten… dus sta toe dat MBAM de computer opnieuw opstart.[/b:23c6a71a23]
    Herstart de computer en plaats ook een nieuw HJT logje
  • ik heb alle files die ik moet verwijderen gevonden in mijn hijacklog, op 1 na:
    O4 - HKCU\..\Run: [54ac34f2] rundll32.exe "C:\Users\beheer\AppData\Local\Temp\ryjoilvo.dll",b
    in plaats van deze staat er wel 1 bij die er erg op lijkt:
    O4 - HKCU\..\Run: [54ac34f2] rundll32.exe "C:\Users\beheer\AppData\Local\Temp\efbxklfn.dll",b
    ik heb nu maar nix verwijdert, mocht het misgaan
    moet ik anders me nieuwe log laten zien nu windows defender uit is?
  • Mogelijk veranderd hij van naam na een nieuwe opstart, run iig de malwarebytes tool en plaats dat logje samen met een nieuw HJT logje aub.
  • moet ik wel eerst nog die bestanden verwijderen uit de log van hijackthis?
    en wat bedoelt u met: iig?
  • en deze dan ook maar verwijderen?
    O4 - HKCU\..\Run: [54ac34f2] rundll32.exe "C:\Users\beheer\AppData\Local\Temp\efbxklfn.dll",b
    ik heb de scan nog eens gedaan maar de filenaam blijft hetzelfde (heb de comp gerestart)
  • run [b:dc31dda86d]I[/b:dc31dda86d]n [b:dc31dda86d]I[/b:dc31dda86d]eder [b:dc31dda86d]G[/b:dc31dda86d]eval de malwarebytes tool nu eerst even ander blijven we bezig.
  • hijackthis log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:03:01, on 13-5-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Packard Bell\FIJI\ABoard.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Packard Bell\FIJI\AOSD.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
    vsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
    uncleanupscript
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\beheer\AppData\Local\Temp\hgGawVMc.dll,c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1210501557_9f1645dc653987ec3431944f277b43a9&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


    End of file - 8642 bytes

    malware log:
    Malwarebytes' Anti-Malware 1.12
    Database versie: 744

    Scan type: Snelle Scan
    Objecten gescand: 33462
    Verstreken tijd: 2 minute(s), 40 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 1
    Registersleutels geïnfecteerd: 2
    Registerwaarden geïnfecteerd: 2
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 3

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    C:\Users\beheer\AppData\Local\Temp\hgGawVMc.dll (Trojan.Vundo) -> Unloaded module successfully.

    Registersleutels geïnfecteerd:
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\54ac34f2 (Trojan.Agent) -> Quarantined and deleted successfully.

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    C:\Users\beheer\AppData\Local\Temp\hgGawVMc.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Users\beheer\AppData\Local\Temp\ryjoilvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\beheer\AppData\Local\Temp\efbxklfn.dll (Trojan.Agent) -> Delete on reboot.

    ik heb nu al die files gedeleted op die ene na, die mogelijkvan naam veranderde
    ik heb nu nog steeds een error bericht als ik me comp opstart, alleen kan hij nu een andere file niet openen
  • jaja,


    [b:da1615d310]Schakel tijdelijk Windows Defender uit[/b:da1615d310]
    Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken)
    * Open Windows Defender > Klik [b:da1615d310]Tools[/b:da1615d310]
    * Klik [b:da1615d310]"General Settings"[/b:da1615d310] of [b:da1615d310]Options[/b:da1615d310]
    * Scroll naar [b:da1615d310]"Real Time Protection Options"[/b:da1615d310]
    * Haal het vinkje weg bij [b:da1615d310]"Turn on Real Time Protection (recommended)"[/b:da1615d310] > Klik [b:da1615d310]"Save"[/b:da1615d310]
    * Sluit Windows Defender
    (als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)



    Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
    Kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:da1615d310]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\beheer\AppData\Local\Temp\hgGawVMc.dll,c
    [/b:da1615d310]
    Klik op 'Fix checked' om de items te verwijderen.

    Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

    Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
    Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • op die link van combofix kom ik een probleemje tegen.
    er wordt het volgende gezegd:
    Start ComboFix nu nog niet, gezien er nog enkele andere stappen eerst dienen ondernomen te worden.

    Wij adviseren om nu de Windows Recovery Console te installeren. De Windows Recovery Console stelt je in staat om op te starten in een speciale herstel mode die ons de mogelijkheid biedt om je te assisteren in het geval je computer een probleem ondervindt na een poging tot verwijderen van malware.
    Windows Vista gebruikers kunnen hun Windows CD gebruiken om op te starten in de Vista Recovery Omgeving.

    ik heb geen enkele CD bij mijn computer gekregen, dus kan ik dit wel gebruiken?
  • OEPS, sorry, ik zie al dat ik dat niet nodig heb ^.^
  • mijn combofixlog:

    ComboFix 08-05-12.1 - beheer 2008-05-13 23:17:26.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1270 [GMT 2:00]
    Gestart vanuit: C:\Users\beheer\Desktop\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))
    .

    2008-05-13 20:20 . 2008-05-13 20:20 <DIR> d——– C:\Users\beheer\AppData\Roaming\Malwarebytes
    2008-05-13 20:20 . 2008-05-13 20:20 <DIR> d——– C:\Users\All Users\Malwarebytes
    2008-05-13 20:20 . 2008-05-13 20:20 <DIR> d——– C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-13 20:20 . 2008-05-05 20:46 27,048 –a—— C:\Windows\System32\drivers\mbamcatchme.sys
    2008-05-13 20:20 . 2008-05-05 20:46 15,864 –a—— C:\Windows\System32\drivers\mbam.sys
    2008-05-11 16:07 . 2008-05-11 16:07 <DIR> d——– C:\Program Files\Trend Micro
    2008-05-11 15:10 . 2008-05-11 15:10 <DIR> d——– C:\Users\All Users\Messenger Plus!
    2008-05-11 15:10 . 2008-05-11 15:11 <DIR> d——– C:\Program Files\StuffPlug3
    2008-05-11 14:57 . 2008-05-11 16:01 <DIR> d——– C:\Program Files\Messenger Plus! Live
    2008-05-11 12:58 . 2008-05-13 20:15 <DIR> d——– C:\Users\All Users\Spybot - Search & Destroy
    2008-05-11 12:58 . 2008-05-11 12:58 <DIR> d——– C:\Program Files\Spybot - Search & Destroy
    2008-05-11 12:58 . 2008-05-11 13:50 524,288 –ahs—- C:
    tuser.dat{4a26fe53-1f34-11dd-9c2f-001c2532cb35}.TMContainer00000000000000000002.regtrans-ms
    2008-05-11 12:58 . 2008-05-11 13:50 524,288 –ahs—- C:
    tuser.dat{4a26fe53-1f34-11dd-9c2f-001c2532cb35}.TMContainer00000000000000000001.regtrans-ms
    2008-05-11 12:58 . 2008-05-11 13:50 65,536 –ahs—- C:
    tuser.dat{4a26fe53-1f34-11dd-9c2f-001c2532cb35}.TM.blf
    2008-05-11 12:26 . 2008-05-11 12:26 <DIR> d——– C:\Program Files\Sun
    2008-05-11 12:25 . 2008-05-11 12:26 <DIR> d——– C:\Program Files\Java
    2008-05-11 12:24 . 2008-05-11 12:24 <DIR> d——– C:\Program Files\Common Files\Java
    2008-05-11 10:59 . 2008-05-11 12:07 <DIR> d——– C:\Program Files\EsetOnlineScanner
    2008-05-11 10:27 . 2008-05-11 13:50 262,144 –a—— C:
    tuser.dat
    2008-05-11 10:27 . 2008-05-11 13:50 5,120 –ah—– C:
    tuser.dat.LOG1
    2008-05-11 10:27 . 2008-05-11 12:58 0 –ah—– C:
    tuser.dat.LOG2
    2008-05-08 14:42 . 2008-05-13 20:58 <DIR> dr-h-c— C:\$VAULT$.AVG
    2008-05-07 22:46 . 2006-10-26 19:56 32,592 –a—— C:\Windows\System32\msonpmon.dll
    2008-05-07 22:45 . 2008-05-07 22:45 <DIR> d——– C:\Program Files\Microsoft Works
    2008-05-07 22:44 . 2008-05-07 22:44 <DIR> d——– C:\Program Files\Microsoft.NET
    2008-05-07 22:42 . 2008-05-07 22:42 <DIR> d——– C:\Program Files\Microsoft Visual Studio 8
    2008-05-07 22:41 . 2008-05-08 02:57 <DIR> d——– C:\Users\All Users\Microsoft Help
    2008-05-07 22:37 . 2008-05-07 22:37 <DIR> dr-h-c— C:\MSOCache
    2008-05-07 22:13 . 2008-05-07 22:13 <DIR> d——– C:\Program Files\Common Files\Blizzard Entertainment
    2008-05-07 22:11 . 2008-05-08 00:24 <DIR> d——– C:\Program Files\World of Warcraft
    2008-05-07 15:52 . 2008-05-07 15:52 <DIR> d——– C:\Users\All Users\Apple Computer
    2008-05-07 15:52 . 2008-05-07 15:53 <DIR> d——– C:\Program Files\QuickTime
    2008-05-07 15:51 . 2008-05-07 15:51 <DIR> d——– C:\Program Files\Common Files\Kodak
    2008-05-07 15:50 . 2008-05-07 15:52 <DIR> d——– C:\Program Files\Kodak
    2008-05-07 15:49 . 2008-05-07 15:53 <DIR> d——– C:\Users\All Users\Kodak
    2008-05-06 09:17 . 2008-05-06 09:17 <DIR> d——– C:\Users\beheer\AppData\Roaming\DivX
    2008-05-05 21:45 . 2008-05-05 21:45 <DIR> d——– C:\Program Files\DivX
    2008-05-05 21:45 . 2008-05-07 15:51 <DIR> d——– C:\Program Files\Common Files\PX Storage Engine
    2008-05-04 19:18 . 2008-05-04 19:18 <DIR> d——– C:\Program Files\TibiaBot NG
    2008-05-02 11:15 . 2008-05-02 11:15 <DIR> d——– C:\Program Files\EA SPORTS
    2008-04-29 20:01 . 2008-04-29 20:01 98,304 –a—— C:\Windows\System32\CmdLineExt.dll
    2008-04-29 19:56 . 2008-04-29 20:12 <DIR> d——– C:\Program Files\Prey
    2008-04-29 15:00 . 2008-04-29 15:00 <DIR> d–hs—- C:\Windows\ftpcache
    2008-04-29 14:56 . 2008-04-29 14:56 <DIR> d——– C:\Program Files\id Software
    2008-04-28 10:41 . 2008-04-28 10:41 <DIR> d——– C:\Users\All Users\Hewlett-Packard
    2008-04-25 17:01 . 2008-04-25 17:01 <DIR> d——– C:\Program Files\Ubi Soft
    2008-04-24 17:14 . 2008-04-26 11:21 184,506,877 –a—— C:\Windows\MEMORY.DMP
    2008-04-23 19:19 . 2008-04-23 20:30 <DIR> d——– C:\Program Files\EA GAMES
    2008-04-23 19:19 . 2005-02-26 07:34 442,368 -ra—— C:\Windows\System32\vp6vfw.dll
    2008-04-22 15:25 . 2008-04-22 15:25 331 –a—— C:\Windows\doom3.ini
    2008-04-22 15:20 . 2008-04-22 15:24 <DIR> d——– C:\Program Files\DOOM 3
    2008-04-21 14:29 . 2008-04-21 14:29 <DIR> d——– C:\Program Files\DAEMON Tools Lite
    2008-04-21 14:26 . 2008-04-21 14:26 <DIR> d——– C:\Users\beheer\AppData\Roaming\DAEMON Tools
    2008-04-21 14:26 . 2008-04-21 14:26 717,296 –a—— C:\Windows\System32\drivers\sptd.sys
    2008-04-20 20:24 . 2008-04-20 20:27 <DIR> d——– C:\Users\beheer\AppData\Roaming\Bioshock
    2008-04-20 19:45 . 2008-04-20 19:45 <DIR> d——– C:\Program Files\Guitar Pro 5
    2008-04-20 15:34 . 2008-04-20 15:34 <DIR> d—-c— C:\Team17
    2008-04-20 15:34 . 1997-08-26 12:06 315,904 –a—— C:\Windows\IsUninst.exe
    2008-04-20 15:34 . 2008-04-20 15:35 47,104 –a—— C:\Windows\System32\KMVIDC32.DLL
    2008-04-20 12:28 . 2008-05-08 15:46 <DIR> d——– C:\Users\beheer\AppData\Roaming\uTorrent
    2008-04-19 23:13 . 2008-05-06 14:12 <DIR> d——– C:\Users\beheer\AppData\Roaming\Tibia
    2008-04-19 23:13 . 2008-05-05 20:45 <DIR> d——– C:\Program Files\Tibia
    2008-04-19 18:54 . 2000-01-14 18:14 45,568 –a—— C:\Windows\UniFish3.exe
    2008-04-19 18:53 . 2008-04-19 18:53 <DIR> d——– C:\Program Files\Hasbro Interactive
    2008-04-19 15:56 . 2008-05-06 17:12 <DIR> d-a—— C:\Users\All Users\TEMP
    2008-04-19 15:33 . 2008-05-11 16:31 <DIR> d——– C:\Program Files\Steam
    2008-04-19 15:33 . 2008-05-11 16:15 <DIR> d——– C:\Program Files\Common Files\Steam
    2008-04-19 15:16 . 2008-04-19 15:16 <DIR> d——– C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-04-19 15:07 . 2008-04-19 15:07 <DIR> d——– C:\Windows\PCHEALTH
    2008-04-19 15:03 . 2008-04-19 15:07 <DIR> d——– C:\Program Files\Windows Live
    2008-04-19 15:03 . 2008-04-19 15:07 <DIR> d–hsc— C:\Program Files\Common Files\WindowsLiveInstaller
    2008-04-19 15:02 . 2008-04-19 15:02 <DIR> d——– C:\Users\All Users\WLInstaller
    2008-04-19 13:58 . 2008-04-19 13:58 <DIR> d——– C:\Users\All Users\Disney Imagineering
    2008-04-19 13:57 . 2008-04-19 13:57 <DIR> d——– C:\Program Files\Common Files\SWF Studio
    2008-04-19 13:53 . 2008-04-19 13:53 <DIR> d——– C:\Users\All Users\Roaming
    2008-04-19 13:53 . 2008-04-19 13:53 <DIR> d——– C:\Program Files\Disney Imagineering
    2008-04-19 13:53 . 2008-04-19 13:57 1,265 –a—— C:\Windows\disney.ini
    2008-04-19 13:44 . 1998-10-09 14:36 327,168 –a—— C:\Windows\IsUn0413.exe
    2008-04-19 12:08 . 2006-12-15 22:19 897,024 –a—— C:\Windows\System32\hpotiop1.dll
    2008-04-19 12:08 . 2006-12-15 22:19 675,840 –a—— C:\Windows\System32\hpowiav1.dll
    2008-04-19 12:08 . 2006-12-15 22:19 303,104 –a—— C:\Windows\System32\hpovst01.dll
    2008-04-19 12:08 . 2006-12-29 09:57 117,760 –a—— C:\Windows\System32\hpz3l4v2.dll
    2008-04-19 11:57 . 2008-04-19 11:57 194,560 –a—— C:\Windows\System32\WebClnt.dll
    2008-04-19 11:57 . 2008-04-19 11:57 110,080 –a—— C:\Windows\System32\drivers\mrxdav.sys
    2008-04-19 11:56 . 2008-04-19 11:56 8,147,968 –a—— C:\Windows\System32\wmploc.DLL
    2008-04-19 11:56 . 2008-04-19 11:56 1,060,920 –a—— C:\Windows\System32\drivers
    tfs.sys
    2008-04-19 11:56 . 2008-04-19 11:56 356,864 –a—— C:\Windows\System32\MediaMetadataHandler.dll
    2008-04-19 11:56 . 2008-04-19 11:56 41,984 –a—— C:\Windows\System32\drivers\monitor.sys
    2008-04-19 11:56 . 2008-04-19 11:56 7,680 –a—— C:\Windows\System32\spwmp.dll
    2008-04-19 11:56 . 2008-04-19 11:56 4,096 –a—— C:\Windows\System32\msdxm.ocx
    2008-04-19 11:56 . 2008-04-19 11:56 4,096 –a—— C:\Windows\System32\dxmasf.dll
    2008-04-19 11:54 . 2008-04-19 11:54 1,327,104 –a—— C:\Windows\System32\quartz.dll
    2008-04-19 11:53 . 2008-05-11 09:39 <DIR> d——– C:\Users\beheer\AppData\Roaming\AVG7
    2008-04-19 11:53 . 2008-04-19 11:53 1,585,664 –a—— C:\Windows\System32\setupapi.dll
    2008-04-19 11:52 . 2008-04-19 11:52 <DIR> d——– C:\Users\All Users\Grisoft
    2008-04-19 11:52 . 2008-04-24 14:04 <DIR> d——– C:\Users\All Users\avg7
    2008-04-19 11:51 . 2008-04-19 11:51 2,027,008 –a—— C:\Windows\System32\win32k.sys
    2008-04-19 11:51 . 2008-04-19 11:51 296,448 –a—— C:\Windows\System32\gdi32.dll
    2008-04-19 11:51 . 2008-04-19 11:51 223,232 –a—— C:\Windows\System32\WMASF.DLL
    2008-04-19 11:51 . 2008-04-19 11:51 9,728 –a—— C:\Windows\System32\LAPRXY.DLL
    2008-04-19 11:51 . 2008-04-19 11:51 2,048 –a—— C:\Windows\System32\asferror.dll
    2008-04-19 11:50 . 2008-04-19 11:50 4,247,552 –a—— C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-04-19 11:50 . 2008-04-19 11:50 1,686,528 –a—— C:\Windows\System32\gameux.dll
    2008-04-19 11:50 . 2008-04-19 11:50 737,792 –a—— C:\Windows\System32\inetcomm.dll
    2008-04-19 11:50 . 2008-04-19 11:50 84,480 –a—— C:\Windows\System32\INETRES.dll
    2008-04-19 11:50 . 2008-04-19 11:50 11,776 –a—— C:\Windows\System32\sbunattend.exe
    2008-04-19 11:48 . 2008-04-19 11:48 788,992 –a—— C:\Windows\System32\rpcrt4.dll
    2008-04-19 11:48 . 2008-04-19 11:48 130,048 –a—— C:\Windows\System32\drivers\srv2.sys
    2008-04-19 11:48 . 2008-04-19 11:48 101,888 –a—— C:\Windows\System32\drivers\mrxsmb.sys
    2008-04-19 11:48 . 2008-04-19 11:48 84,992 –a—— C:\Windows\System32\drivers\srvnet.sys
    2008-04-19 11:48 . 2008-04-19 11:48 83,968 –a—— C:\Windows\System32\dnsrslvr.dll
    2008-04-19 11:48 . 2008-04-19 11:48 58,368 –a—— C:\Windows\System32\drivers\mrxsmb20.sys
    2008-04-19 11:48 . 2008-04-19 11:48 24,576 –a—— C:\Windows\System32\dnscacheugc.exe
    2008-04-19 11:46 . 2008-04-19 11:46 <DIR> d——– C:\Program Files\MSXML 4.0
    2008-04-19 11:45 . 2008-04-19 11:45 750,080 –a—— C:\Windows\System32\qmgr.dll
    2008-04-19 11:45 . 2008-04-19 11:45 2,048 –a—— C:\Windows\System32\tzres.dll
    2008-04-19 11:44 . 2008-04-19 11:44 <DIR> d——– C:\Users\beheer\AppData\Roaming\Talkback
    2008-04-19 11:44 . 2008-04-19 11:44 1,244,672 –a—— C:\Windows\System32\mcmde.dll
    2008-04-19 11:40 . 2008-04-19 11:40 16 –a—— C:\Windows\System32\coh.cache
    2008-04-19 11:34 . 2008-04-26 18:21 <DIR> d——– C:\Users\beheer\AppData\Roaming\Roxio
    2008-04-19 11:34 . 2008-04-19 12:28 <DIR> d——– C:\Users\beheer\AppData\Roaming\CyberLink
    2008-04-19 11:33 . 2008-04-19 11:33 <DIR> dr——- C:\Users\beheer\Searches
    2008-04-19 11:33 . 2008-04-19 11:38 <DIR> d——– C:\Users\beheer\AppData\Roaming\Packard Bell
    2008-04-19 11:32 . 2008-04-19 20:46 <DIR> dr——- C:\Users\beheer\Contacts
    2008-04-19 11:27 . 2008-05-05 21:45 <DIR> dr——- C:\Users\beheer\Videos

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-07 20:45 ——— d—–w C:\Program Files\MSBuild
    2008-04-29 17:56 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-04-21 11:41 ——— d—–w C:\Program Files\Picasa2
    2008-04-20 10:33 ——— d—–w C:\Program Files\Microsoft Games
    2008-04-19 15:25 ——— d—–w C:\Program Files\Google
    2008-04-19 11:53 ——— d—–w C:\Program Files\Common Files\InstallShield
    2008-04-19 11:49 4,608 —-a-w C:\Windows\System32\w95inf32.dll
    2008-04-19 11:49 2,272 —-a-w C:\Windows\System32\w95inf16.dll
    2008-04-19 10:00 ——— d—–w C:\Program Files\Windows Sidebar
    2008-04-19 10:00 ——— d—–w C:\Program Files\Windows Mail
    2008-04-19 09:58 704,000 —-a-w C:\Windows\System32\PhotoScreensaver.scr
    2008-04-19 09:58 67,584 —-a-w C:\Windows\System32\wlanhlp.dll
    2008-04-19 09:58 542,720 —-a-w C:\Windows\System32\sysmain.dll
    2008-04-19 09:58 502,784 —-a-w C:\Windows\System32\wlansvc.dll
    2008-04-19 09:58 47,104 —-a-w C:\Windows\System32\wlanapi.dll
    2008-04-19 09:58 297,984 —-a-w C:\Windows\System32\wlansec.dll
    2008-04-19 09:58 290,816 —-a-w C:\Windows\System32\wlanmsm.dll
    2008-04-19 09:58 258,232 —-a-w C:\Windows\system32\drivers\acpi.sys
    2008-04-19 09:58 24,064 —-a-w C:\Windows\System32\wtsapi32.dll
    2008-04-19 09:58 2,923,520 —-a-w C:\Windows\explorer.exe
    2008-04-19 09:52 944,184 —-a-w C:\Windows\System32\winload.exe
    2008-04-19 09:50 537,600 —-a-w C:\Windows\AppPatch\AcLayers.dll
    2008-04-19 09:50 449,536 —-a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-04-19 09:50 2,560 —-a-w C:\Windows\AppPatch\AcRes.dll
    2008-04-19 09:50 2,144,256 —-a-w C:\Windows\AppPatch\AcGenral.dll
    2008-04-19 09:50 173,056 —-a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-04-19 09:47 826,368 —-a-w C:\Windows\System32\wininet.dll
    2008-04-19 09:47 56,320 —-a-w C:\Windows\System32\iesetup.dll
    2008-04-19 09:47 52,736 —-a-w C:\Windows\AppPatch\iebrshim.dll
    2008-04-19 09:47 26,624 —-a-w C:\Windows\System32\ieUnatt.exe
    2008-04-19 09:43 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2008-03-31 21:25 831,488 —-a-w C:\Windows\System32\divx_xx0a.dll
    2008-03-31 21:25 823,296 —-a-w C:\Windows\System32\divx_xx0c.dll
    2008-03-31 21:25 823,296 —-a-w C:\Windows\System32\divx_xx07.dll
    2008-03-31 21:25 802,816 —-a-w C:\Windows\System32\divx_xx11.dll
    2008-03-31 21:25 682,496 —-a-w C:\Windows\System32\DivX.dll
    2008-03-31 21:25 161,096 —-a-w C:\Windows\System32\DivXCodecVersionChecker.exe
    2008-03-21 20:30 524,288 —-a-w C:\Windows\System32\DivXsm.exe
    2008-03-21 20:30 3,596,288 —-a-w C:\Windows\System32\qt-dx331.dll
    2008-03-21 20:30 200,704 —-a-w C:\Windows\System32\ssldivx.dll
    2008-03-21 20:30 1,044,480 —-a-w C:\Windows\System32\libdivx.dll
    2008-03-21 20:28 81,920 —-a-w C:\Windows\System32\dpl100.dll
    2008-03-21 20:28 593,920 —-a-w C:\Windows\System32\dpuGUI11.dll
    2008-03-21 20:28 57,344 —-a-w C:\Windows\System32\dpv11.dll
    2008-03-21 20:28 53,248 —-a-w C:\Windows\System32\dpuGUI10.dll
    2008-03-21 20:28 344,064 —-a-w C:\Windows\System32\dpus11.dll
    2008-03-21 20:28 294,912 —-a-w C:\Windows\System32\dpu11.dll
    2008-03-21 20:28 294,912 —-a-w C:\Windows\System32\dpu10.dll
    2008-03-21 20:28 196,608 —-a-w C:\Windows\System32\dtu100.dll
    2008-03-21 20:28 12,288 —-a-w C:\Windows\System32\DivXWMPExtType.dll
    2007-09-18 21:33 174 –sha-w C:\Program Files\desktop.ini
    .

    ——- Sigcheck ——-

    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-19 11:50 1232896]
    "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-19 09:10 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 16:38 4390912 C:\Windows\RtHDVCpl.exe]
    "NvSvc"="C:\Windows\system32
    vsvc.dll" [2007-07-06 21:15 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 21:15 8466432]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 21:15 81920]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
    "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
    "ACTIVBOARD"="C:\Program Files\Packard Bell\FIJI\aboard.exe" [2007-01-18 14:03 79416]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-19 11:52 579584]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-05-05 20:46 1179256]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-19 11:52 219136]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 04:33:46 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\avgwlntf]
    avgwlntf.dll 2008-04-19 11:52 9216 C:\Windows\System32\avgwlntf.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{2D53509A-3ED5-4CC3-9F34-6A268EE77BC5}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{D970F797-5F19-4867-BEAB-05231C597985}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{47021227-DEE2-46B1-8404-F8BA768AE001}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{BD6B22E4-13ED-419C-988A-A75B3DC712EE}C:\\program files\\steam\\steamapps\\benniejuckers\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\benniejuckers\counter-strike source\hl2.exe:hl2
    "UDP Query User{8621F41B-D3F1-438F-9729-785047B2B4C2}C:\\program files\\steam\\steamapps\\benniejuckers\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\benniejuckers\counter-strike source\hl2.exe:hl2
    "TCP Query User{F10CE4DA-0307-4046-939D-8725A708CFEF}C:\\users\\beheer\\desktop\\utorrent.exe"= UDP:C:\users\beheer\desktop\utorrent.exe:utorrent.exe
    "UDP Query User{0109AE69-AB1F-43E2-B426-EDE9EDC5B7A3}C:\\users\\beheer\\desktop\\utorrent.exe"= TCP:C:\users\beheer\desktop\utorrent.exe:utorrent.exe
    "TCP Query User{7B621949-9CC8-45E8-90F5-A991AB24CBB0}C:\\team17\\worms2\\frontend.exe"= UDP:C:\team17\worms2\frontend.exe:Worms 2 Frontend
    "UDP Query User{937C11A0-490D-40E3-A0B1-3BBD9FE006CA}C:\\team17\\worms2\\frontend.exe"= TCP:C:\team17\worms2\frontend.exe:Worms 2 Frontend
    "TCP Query User{0F215929-FA5A-4CCF-A64C-8C95BF29CC4B}C:\\program files\\steam\\steamapps\\common\\quake ii demo\\quake2.exe"= UDP:C:\program files\steam\steamapps\common\quake ii demo\quake2.exe:quake2
    "UDP Query User{65BB292A-0895-4205-97D6-9BDD4FF7FC6B}C:\\program files\\steam\\steamapps\\common\\quake ii demo\\quake2.exe"= TCP:C:\program files\steam\steamapps\common\quake ii demo\quake2.exe:quake2
    "{083CA4CC-315A-40FB-8D8F-D4B4EDB2E280}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{90EA6059-5A76-4C84-84D3-A963C3204430}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{C78C6D22-7C31-45B6-BD16-BBD89C3355AA}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{EAC5E012-18A5-4AA9-BBBC-2D8F7E7535C4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{F31901A9-9B74-4D45-81B2-60B0DA612B16}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
    R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-04-19 11:52]
    S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-11 16:15]

    *Newly Created Service* - CATCHME
    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-05-07 14:42:26 C:\Windows\Tasks\EasyShare Registration Task.job"
    - C:\Windows\system32\rundll32.exeZC:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.20.2.sxt _RegistrationOffer@16
    "2008-05-13 20:59:59 C:\Windows\Tasks\Recovery DVD Creator.job"
    - C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-13 23:20:11
    Windows 6.0.6000 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-05-13 23:20:54
    ComboFix-quarantined-files.txt 2008-05-13 21:20:46

    Pre-Run: 358,822,993,920 bytes beschikbaar
    Post-Run: 359,750,053,888 bytes beschikbaar

    271 — E O F — 2008-05-09 10:49:32


    mijn hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:03:01, on 13-5-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Packard Bell\FIJI\ABoard.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Packard Bell\FIJI\AOSD.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
    vsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
    uncleanupscript
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\beheer\AppData\Local\Temp\hgGawVMc.dll,c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1210501557_9f1645dc653987ec3431944f277b43a9&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


    End of file - 8642 bytes
  • Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
    Kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:1cab879735]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\beheer\AppData\Local\Temp\hgGawVMc.dll,c
    [/b:1cab879735]
    Klik op 'Fix checked' om de items te verwijderen.


    leeg je temp map even.

    Zijn er nu nog problemen??
  • nieuwe log
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:26:47, on 14-5-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Packard Bell\FIJI\ABoard.exe
    C:\Program Files\Packard Bell\FIJI\AOSD.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
    vsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
    uncleanupscript
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1210501557_9f1645dc653987ec3431944f277b43a9&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


    End of file - 8397 bytes

    toen ik de vorige keer hijack opende had ik het niet als admin gedaan
    deze keer wel, en nu kan ik die files niet vinden.
    ik krijg geen error bericht meer als ik de comp opstart, is het zo dan goed?
  • Prima zelfs, het is zo schoon.
  • ontzettend bedankt :D ik heb nooit eerder last van malware gehad, en met mijn nieuwe computer was het meteen raak.
    ik weet nog steeds niet hoe ik aan het virus kwam, maar het is er nu gelukkig af, nogmaals bedankt
  • fijn zo. :D

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.