Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

msn-virus

None
15 antwoorden
  • goeiedag ik heb helaas ook een msn virusje, ondanks dat ik er geen een heb aangeklikt oid. mijn vrienden krijgen af en toe een bericht van me waarin het volgende staat:

    Wow I finally found a way to lose weight and is inexpensive. Try 5 dollars and I lost 9 pounds in 15 days. Check it out also, I hope it can help you too

    ik hoop dat iemand iets kan vinden! heb meerdere malen gescand met avg en adaware maar niets te vinden! bij voorbaat dank dennis!
    hieronder een hjt logje:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 9:55:35, on 23-3-2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\chimpie\Documents\dennis\beveiliging\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=PRESARIO&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=PRESARIO&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OpenOffice.org 2.2 .lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.hyves.nl
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab
    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com
    dqnbk/downloads/sysinfo.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02
    esources/VistaMSNPUpldnl-nl.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1228467101907&h=cf9948a44cfaf8cc3af6fac0228a6793/&filename=jinstall-6u11-windows-i586-jc.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


    End of file - 10596 bytes
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:0a9de80230]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab[/b:0a9de80230]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Download [b:0a9de80230]MalwareBytes' Anti-Malware[/color:0a9de80230][/b:0a9de80230] en sla het op je bureaublad op.
    Dubbelklik op [b:0a9de80230]mbam-setup.exe[/b:0a9de80230] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:0a9de80230]
    [*:0a9de80230]Update MalwareBytes' Anti-Malware
    [*:0a9de80230]Start MalwareBytes' Anti-Malware
    [/list:u:0a9de80230]Klik daarna op "[b:0a9de80230]Voltooien[/b:0a9de80230]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:0a9de80230]
    [*:0a9de80230]Zodra het programma gestart is, ga dan naar het tabblad "[b:0a9de80230]Instellingen[/b:0a9de80230]".
    [*:0a9de80230]Vink hier aan: "[b:0a9de80230]Sluit Internet Explorer tijdens verwijdering van malware[/b:0a9de80230]".
    [*:0a9de80230]Ga daarna naar het tabblad "[b:0a9de80230]Scanner[/b:0a9de80230]", kies hier voor "[b:0a9de80230]Snelle Scan[/b:0a9de80230]".
    [*:0a9de80230]Druk vervolgens op "[b:0a9de80230]Scannen[/b:0a9de80230]" om de scan te starten.
    [*:0a9de80230]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:0a9de80230]Wanneer de scan voltooid is, klik op [b:0a9de80230]OK[/b:0a9de80230], daarna "[b:0a9de80230]Bekijk Resultaten[/b:0a9de80230]" om de resultaten te zien.
    [*:0a9de80230]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:0a9de80230]Verwijder geselecteerde[/b:0a9de80230]".
    [*:0a9de80230]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:0a9de80230]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:0a9de80230]Logs[/b:0a9de80230]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis
  • oke onwijs bedankt. heb alles doorlopen, hierbij het resultaat:

    log malwarebytes:

    Malwarebytes' Anti-Malware 1.34
    Database versie: 1890
    Windows 6.0.6001 Service Pack 1

    24-3-2009 13:21:16
    mbam-log-2009-03-24 (13-21-16).txt

    Scan type: Snelle Scan
    Objecten gescand: 63712
    Verstreken tijd: 5 minute(s), 13 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 20
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)











    log hjt:


    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 13:31:54, on 24-3-2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\chimpie\Documents\dennis\beveiliging\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=PRESARIO&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=PRESARIO&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OpenOffice.org 2.2 .lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.hyves.nl
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com
    dqnbk/downloads/sysinfo.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02
    esources/VistaMSNPUpldnl-nl.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1228467101907&h=cf9948a44cfaf8cc3af6fac0228a6793/&filename=jinstall-6u11-windows-i586-jc.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


    End of file - 10537 bytes
  • Download [b:d285698950]Combofix[/color:d285698950][/b:d285698950] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:d285698950]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:d285698950]download Combofix opnieuw[/b:d285698950].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:d285698950][/i:d285698950][list:d285698950][*:d285698950]Dubbelklik op [b:d285698950]Combofix.exe[/b:d285698950] om het te starten.
    [*:d285698950][i:d285698950]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:d285698950]
    [*:d285698950]Klik op [b:d285698950]OK[/b:d285698950] in het "NirCmd" venstertje.
    [*:d285698950]Klik na afloop terug op [b:d285698950]Ja[/b:d285698950] om het scannen op malware te starten.
    [*:d285698950]Tijdens het runnen van de fix, [b:d285698950]NIET[/b:d285698950] in het venster klikken, want dit zal je pc doen vasthangen.
    [*:d285698950]Wanneer de fix voltooid is en na herstart, zal de log [b:d285698950]Combofix.txt[/b:d285698950] openen.[/list:u:d285698950]Post dit logje in je volgende antwoord
  • hierbij, ik hoop dat het goed is gegaan, hij gaf wel aan dat er nog iets aan antivirus liep maar dat kreeg ik niet uit, hij gaf wel zelf aan dat combofix door zou gaan..


    ComboFix 09-03-23.01 - chimpie 2009-03-24 22:27:31.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.1013.343 [GMT 1:00]
    Gestart vanuit: c:\users\chimpie\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    AV: Norton Internet Security *On-access scanning enabled* (Updated)
    FW: Norton Internet Security *enabled*
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\x64

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-02-24 to 2009-03-24 ))))))))))))))))))))))))))))))
    .

    2009-03-24 11:54 . 2009-03-24 11:54 <DIR> d——– c:\users\chimpie\AppData\Roaming\Malwarebytes
    2009-03-24 11:54 . 2009-03-24 11:54 <DIR> d——– c:\users\All Users\Malwarebytes
    2009-03-24 11:54 . 2009-03-24 11:54 <DIR> d——– c:\programdata\Malwarebytes
    2009-03-24 11:54 . 2009-03-24 11:54 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-03-24 11:54 . 2009-02-11 10:19 38,496 –a—— c:\windows\System32\drivers\mbamswissarmy.sys
    2009-03-24 11:54 . 2009-02-11 10:19 15,504 –a—— c:\windows\System32\drivers\mbam.sys
    2009-03-20 09:07 . 2009-03-20 09:07 <DIR> d——– c:\windows\LastGood
    2009-03-17 09:50 . 2009-03-17 09:50 <DIR> d——– c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    2009-03-17 09:50 . 2009-03-17 09:50 <DIR> d——– c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    2009-03-17 09:50 . 2009-03-17 09:50 <DIR> d——– c:\program files\iTunes
    2009-03-17 09:50 . 2009-03-17 09:50 <DIR> d——– c:\program files\iPod
    2009-03-17 09:50 . 2008-04-17 12:12 107,368 –a—— c:\windows\System32\GEARAspi.dll
    2009-03-17 09:50 . 2009-01-15 12:19 23,848 –a—— c:\windows\System32\drivers\GEARAspiWDM.sys
    2009-03-17 09:48 . 2009-03-17 09:48 <DIR> d——– c:\program files\QuickTime
    2009-03-16 09:57 . 2008-06-20 02:14 622,080 –a—— c:\windows\System32\icardagt.exe
    2009-03-16 09:57 . 2008-06-20 02:14 105,016 –a—— c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2009-03-16 09:57 . 2008-06-20 02:14 97,800 –a—— c:\windows\System32\infocardapi.dll
    2009-03-16 09:57 . 2008-06-20 02:14 43,544 –a—— c:\windows\System32\PresentationHostProxy.dll
    2009-03-16 09:57 . 2008-06-20 02:14 37,384 –a—— c:\windows\System32\infocardcpl.cpl
    2009-03-16 09:57 . 2008-06-20 02:14 11,264 –a—— c:\windows\System32\icardres.dll
    2009-03-16 09:56 . 2008-06-20 02:14 781,344 –a—— c:\windows\System32\PresentationNative_v0300.dll
    2009-03-16 09:56 . 2008-06-20 02:14 326,160 –a—— c:\windows\System32\PresentationHost.exe
    2009-03-16 09:46 . 2008-07-27 19:03 282,112 –a—— c:\windows\System32\mscoree.dll
    2009-03-16 09:46 . 2008-07-27 19:03 158,720 –a—— c:\windows\System32\mscorier.dll
    2009-03-16 09:46 . 2008-07-27 19:03 96,760 –a—— c:\windows\System32\dfshim.dll
    2009-03-16 09:46 . 2008-07-27 19:03 83,968 –a—— c:\windows\System32\mscories.dll
    2009-03-16 09:46 . 2008-07-27 19:03 41,984 –a—— c:\windows\System32
    etfxperf.dll
    2009-03-12 09:48 . 2009-03-04 11:26 15,688 –a—— c:\windows\System32\lsdelete.exe
    2009-03-11 05:19 . 2008-12-16 04:29 8,147,456 –a—— c:\windows\System32\wmploc.DLL
    2009-03-11 05:19 . 2009-02-09 04:10 2,033,152 –a—— c:\windows\System32\win32k.sys
    2009-03-11 05:19 . 2008-11-27 05:43 268,288 –a—— c:\windows\System32\schannel.dll
    2009-03-11 05:19 . 2008-12-16 06:31 7,680 –a—— c:\windows\System32\spwmp.dll
    2009-03-11 05:19 . 2008-12-16 06:31 4,096 –a—— c:\windows\System32\msdxm.ocx
    2009-03-11 05:19 . 2008-12-16 06:31 4,096 –a—— c:\windows\System32\dxmasf.dll
    2009-03-05 23:59 . 2009-03-05 23:59 1,900,544 –a—— c:\windows\System32\usbaaplrc.dll
    2009-03-05 23:59 . 2009-03-05 23:59 36,864 –a—— c:\windows\System32\drivers\usbaapl.sys
    2009-03-04 11:26 . 2009-03-04 11:26 64,160 –a—— c:\windows\System32\drivers\Lbd.sys
    2009-03-04 10:59 . 2009-03-04 10:59 <DIR> d–h-c— c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-03-04 10:59 . 2009-03-04 10:59 <DIR> d–h-c— c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-03-04 10:37 . 2009-03-24 13:27 <DIR> d——– c:\users\chimpie\Tracing
    2009-03-04 10:36 . 2009-03-04 10:36 <DIR> d——– c:\program files\Windows Live SkyDrive
    2009-03-04 10:36 . 2009-03-04 10:36 <DIR> d——– c:\program files\Microsoft
    2009-03-04 10:35 . 2009-03-04 10:36 <DIR> d——– c:\program files\Windows Live
    2009-03-04 10:28 . 2009-03-04 10:28 <DIR> d——– c:\program files\Common Files\Windows Live

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-17 08:50 ——— d—–w c:\program files\Common Files\Apple
    2009-03-16 09:38 ——— d—–w c:\program files\Windows Mail
    2009-03-16 08:46 ——— d—–w c:\programdata\Microsoft Help
    2009-03-06 15:12 21,256 —-a-w c:\windows\Help\OEM\scripts\HPScript.exe
    2009-03-05 10:29 16,648 —-a-w c:\windows\Help\OEM\scripts\HC_ProtectSmartPatch.exe
    2009-03-04 09:58 ——— d—–w c:\program files\Lavasoft
    2009-02-27 18:30 ——— d—–w c:\program files\Microsoft Silverlight
    2009-02-17 17:26 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-02-17 17:25 ——— d—–w c:\program files\Hewlett-Packard
    2009-02-06 17:52 49,504 —-a-w c:\windows\System32\sirenacm.dll
    2009-02-04 09:26 325,128 —-a-w c:\windows\system32\drivers\avgldx86.sys
    2009-02-04 09:26 10,520 —-a-w c:\windows\System32\avgrsstx.dll
    2009-02-04 09:26 ——— d—–w c:\programdata\avg8
    2009-02-03 20:02 ——— d—–w c:\users\chimpie\AppData\Roaming\Hewlett-Packard
    2009-02-03 19:40 ——— d—–w c:\users\chimpie\AppData\Roaming\InstallShield
    2009-02-03 19:34 ——— d—–w c:\programdata\Hewlett-Packard
    2009-01-30 16:24 14,600 —-a-w c:\windows\Help\OEM\scripts\HC_InstallHPHC.exe
    2009-01-15 06:11 827,392 —-a-w c:\windows\System32\wininet.dll
    2008-06-20 11:20 174 –sha-w c:\program files\desktop.ini
    2007-05-28 10:46 224 —-a-w c:\users\chimpie\AppData\Roaming\wklnhst.dat
    2008-01-20 23:23 16,384 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-01-20 23:23 32,768 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-01-20 23:23 16,384 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2007-11-08 19:56 22 –sha-w c:\windows\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "LaCie Backup"="c:\program files\LaCie\Backup Software\\LaCieBackup.exe" [2006-07-06 2596864]
    "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-04 515416]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{1B8079E3-0B1E-4582-9427-3CDE175F9C3E}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
    "{D71F37DC-2720-4078-A46F-EEA2A4508A22}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
    "{20F82E45-AB04-482B-B437-D7765756BB71}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{5176FBCB-F6FA-479A-8778-11F9E6051739}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{0B19A04F-9D73-44DB-A8F8-EDEFF04E6D3B}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
    "{6845A9ED-F858-4ADF-AF7F-19C4FC53FC69}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
    "{64B474D1-E6CE-4425-81E1-192688861706}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
    "{282DFBB6-FC37-41BF-B4F2-FED8D0A1FEAA}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
    "{E62346CC-868E-4D2F-BD65-DEF2CBF30240}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
    "{6E731FF4-7095-4F27-B2D5-7350FE2D0C81}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{23A65998-3A27-4217-BC03-851AF49524D5}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{6EE39AA6-0788-42BF-B2FF-37256CEA6B38}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{0AA6BF01-FAAE-4CD9-94A2-164D4602CB00}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{BA606E5F-206A-4D54-837F-3679B368B9BE}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{C3530A5A-EF1C-4DF8-8B80-121A5802CA05}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{B90A30AF-3739-4BEC-96FB-44966B511FFA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{F0158878-8215-4FF8-AA53-B9C47491F7C1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-03-04 64160]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-05-27 325128]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-27 298264]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96ff23d8-363a-11dd-aeac-001b2403b819}]
    \shell\AutoRun\command - G:\ImageTools.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-03-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-04 11:26]

    2009-03-24 c:\windows\Tasks\User_Feed_Synchronization-{BEC0F0A7-CC2A-4DEE-AFA2-9F2F1E9B5782}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
    HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe


    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    mStart Page = hxxp://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=PRESARIO&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    Trusted Zone: hyves.nl
    Trusted Zone: www.nu.nl
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-24 22:31:53
    Windows 6.0.6001 Service Pack 1 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2009-03-24 22:34:10
    ComboFix-quarantined-files.txt 2009-03-24 21:34:07

    Pre-Run: 61.958.479.872 bytes beschikbaar
    Post-Run: 62,140,919,808 bytes beschikbaar

    203 — E O F — 2009-03-16 09:15:56
  • het volgende heb ik overigens NIET gezien:

    Klik op OK in het "NirCmd" venstertje.
    Klik na afloop terug op Ja om het scannen op malware te starten.



    dit is niet gebeurt, hij is direct gaan scannen, er volgde een log.txt en dit heb ik gepost.

    bvd mvg Dennis!
  • Dat is geen probleem, verder zie ik niks meer in je log zijn er nog problemen?
  • op zich niet, ik weet niet of ik dat virus nog uitzend, alleem mijn email werkt op dit moment even niet ik weet neit of dit tijdelijk is en / of aan orange ligt, en de boel is er niet sneller op geworden, integendeel eigenlijk.. traag is het juiste woord terwijl ik daar eigenlijk geen last van had..

    nogmaals bedankt voor de hulp trouwens!

    Dennis!
  • Dit is mij nog niet overkomen maar de helft van mijn klas wel. 2 computers waren helemaal kapot en moesten opnieuw geinstalleerd worden. De mail wordt automatisch rondgestuurd als je dit virus hebt.
  • Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren [b:1818234381]ComboFix /U[/b:1818234381] typen en op enter drukken!!)


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt


    Het lijkt me onwaarschijnlijk dat je computer trager is geworden omdat je het virus hebt verwijdert.
    Het kan verbeelding zijn, maar het kan ook zijn dat er iets was wat jouw computer heeft vertraagd ik verzeker je er in iedergeval van dat het niet door mijn instructies komt.


    Misschien dat je computer sneller gaat na deze laatste instructies.
  • beste helpers, ik heb tot op heden geen melding meer gehad van vrienden die die msn-virusjes van mij ontvingen dus ik heb goede hoop dat het over is. nogmaals hartelijk bedankt allemaal!

    groeten Dennis!
  • Graag gedaan
  • Jawel, na 2 virusvrije dagen stuur ik wederom van die msn berichtjes door, dit keer over oprah winfrey en afvallen ofzo.. En uiteraard heb ik niets geaccepteerd of aangeklikt. Heb wel enorm problemen gehad met itunes dat elke keer direct vastliep wanneer ik het opende of muziek wilde importeren. Zou er een lek in itunes kunnen zitten oid? Ik word er wel echt helemaal gek van voel me nogal lullig, iedereen krijgt die dingen van mij.. Terwijl ik door jullie er helemaal vanaf was! Hier voor de zekerheid nog maar even een HJT log:



    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 19:49:12, on 2-4-2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\chimpie\Documents\dennis\beveiliging\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=PRESARIO&pf=laptop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OpenOffice.org 2.2 .lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.hyves.nl
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com
    dqnbk/downloads/sysinfo.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02
    esources/VistaMSNPUpldnl-nl.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.233.221.236:8081/activex/AMC.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


    End of file - 9032 bytes
  • heb overigens inmiddels windows live verwijderd.. nieuw wachtwoord aangemaakt voor account, messenger opnieuw geinstalleerd. msn meldde zich vanzelf weer aan na afmelden, mijn accountnaam wijzigde zomaar. vandaar opnieuw geinstalleerd en nieuw ww..

    mvg dennis
  • Logje is schoon.


    Download [b:daece98ab9]Combofix[/color:daece98ab9][/b:daece98ab9] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:daece98ab9]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:daece98ab9]download Combofix opnieuw[/b:daece98ab9].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:daece98ab9][/i:daece98ab9][list:daece98ab9][*:daece98ab9]Dubbelklik op [b:daece98ab9]Combofix.exe[/b:daece98ab9] om het te starten.
    [*:daece98ab9][i:daece98ab9]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:daece98ab9]
    [*:daece98ab9]Klik op [b:daece98ab9]OK[/b:daece98ab9] in het "NirCmd" venstertje.
    [*:daece98ab9]Klik na afloop terug op [b:daece98ab9]Ja[/b:daece98ab9] om het scannen op malware te starten.
    [*:daece98ab9]Tijdens het runnen van de fix, [b:daece98ab9]NIET[/b:daece98ab9] in het venster klikken, want dit zal je pc doen vasthangen.
    [*:daece98ab9]Wanneer de fix voltooid is en na herstart, zal de log [b:daece98ab9]Combofix.txt[/b:daece98ab9] openen.[/list:u:daece98ab9]Post dit logje in je volgende antwoord

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.