Vraag & Antwoord

Beveiliging & privacy

Help! worm volgens mij +hjklog

Anoniem
dewit
52 antwoorden
 • Hallo allemaal,
  ik ben bang te zijn geinfecteerd door een worm oid.
  Mijn emailprogramma heeft volgens mij ontzettend veel mails gestuurd,
  die mijn virusscanner (gelukkig) niet aflevert omdat ze geïnfecteerd zijn.

  Ik heb virusscanner, adaware, spybot en ccleaner gedraaid, maar het probleem blijft.

  Hebben jullie aub een oplossing?
  Hieronder ons hijacklog.

  Alvast ontzettend bedankt.

  Logfile of HijackThis v1.99.1
  Scan saved at 13:02:11, on 16-12-2005
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\LEXBCES.EXE
  C:\WINDOWS\system32\LEXPPS.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\Mixer.exe
  C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
  C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  C:\Documents and Settings\De Wit\Mijn documenten\Picasa2\PicasaMediaDetector.exe
  D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
  C:\PROGRA~1\Webshots\webshots.scr
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\hijackthis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ilse.nl/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ilse.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: (no name) - {F1F27AA3-0D74-96BB-5849-4BA67145ECAF} - ATLIEHELPER.dll (file missing)
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
  O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
  O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
  O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  O4 - HKLM\..\Run: [Picasa Media Detector] C:\Documents and Settings\De Wit\Mijn documenten\Picasa2\PicasaMediaDetector.exe
  O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
  O4 - HKLM\..\Run: [USBToolTip] "D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKLM\..\Run: [dmkut.exe] C:\WINDOWS\system32\dmkut.exe
  O4 - HKLM\..\Run: [ssweeper] atl_helper.exe
  O4 - HKLM\..\Run: [StartCpl] ActionScr.exe
  O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
  O4 - HKCU\..\Run: [bnui] WinInitDll.exe
  O4 - HKCU\..\Run: [InpriseMon] forces_elite.exe
  O4 - HKCU\..\Run: [KeywordFinder] MsNetHelper.exe
  O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
  O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
  O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v6.cab
  O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{8FD7A27C-BC61-45F4-AA71-DDE9A00AA13A}: NameServer = 85.255.115.109,85.255.112.129
  O17 - HKLM\System\CCS\Services\Tcpip\..\{9F9439C6-2E22-40B9-9264-51FAC682EC1B}: NameServer = 85.255.115.109,85.255.112.129
  O17 - HKLM\System\CCS\Services\Tcpip\..\{EB6F838D-3B58-4851-A720-E98DE56F6312}: NameServer = 85.255.115.109,85.255.112.129
  O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll
  O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
 • In veilige modus bekeken:

  [quote:d5298106ef]2005-12-17, 16:45:16, An error was detected on "C:\WINDOWS\system32\W?nSxS\*.*": De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist. [/quote:d5298106ef]
  Map: Winsxs alleen-lezen en verder leeg.

  [quote:d5298106ef]2005-12-17, 16:45:16, An error was detected on "C:\WINDOWS\system32\?ppPatch\*.*": De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist. [/quote:d5298106ef]
  Map: appPatch. Alleen-lezen map. Daarin zit winword.exe als verborgen bestand. Bestandje is 392 kb

  [quote:d5298106ef]2005-12-17, 16:45:16, An error was detected on "C:\WINDOWS\system32\??curity\*.*": De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist. [/quote:d5298106ef]
  Map: security. Alleen-lezen map en leeg.
 • Print deze instructies uit, want tijdens deze fix ben je genoodzaakt de computer te herstarten.
  Download FixWareout van één van deze locaties:
  http://downloads.subratam.org/Fixwareout.exe
  http://swandog46.geekstogo.com/Fixwareout.exe
  Plaatst het op de bureaublad en start het.
  Klik op "Next", daarna op "Install".
  Zorg dat "Run Fixit" aangevinkt is en klik dan op "Finish".
  Volg de aanwijzingen op het scherm.
  Als je gevraagd wordt om de computer opnieuw te starten doe je dit.
  Het zal wat langer duren voor de computer opnieuw volledig opgestart is. Dit is normaal.
  Wanneer de computer opnieuw start, volg je de aanwijzingen op het scherm.
  Als hijackthis opent klik je op "Scan" en daarna vink je de volgende sleutels aan om te fixen:
  [b:c6e36ada6f]R3 - URLSearchHook: (no name) - {F1F27AA3-0D74-96BB-5849-4BA67145ECAF} - ATLIEHELPER.dll (file missing)
  O4 - HKLM\..\Run: [dmkut.exe] C:\WINDOWS\system32\dmkut.exe
  O4 - HKLM\..\Run: [ssweeper] atl_helper.exe
  O4 - HKLM\..\Run: [StartCpl] ActionScr.exe
  O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
  O4 - HKCU\..\Run: [bnui] WinInitDll.exe
  O4 - HKCU\..\Run: [InpriseMon] forces_elite.exe
  O4 - HKCU\..\Run: [KeywordFinder] MsNetHelper.exe
  O17 - HKLM\System\CCS\Services\Tcpip\..\{8FD7A27C-BC61-45F4-AA71-DDE9A00AA13A}: NameServer = 85.255.115.109,85.255.112.129
  O17 - HKLM\System\CCS\Services\Tcpip\..\{9F9439C6-2E22-40B9-9264-51FAC682EC1B}: NameServer = 85.255.115.109,85.255.112.129
  O17 - HKLM\System\CCS\Services\Tcpip\..\{EB6F838D-3B58-4851-A720-E98DE56F6312}: NameServer = 85.255.115.109,85.255.112.129
  O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll[/b:c6e36ada6f]
  Klik daarna op "Fix Checked".
  Sluit Hijackthis en klik op de knop "Proceed".

  Ga naar het Configuratiescherm en klik op "Netwerkverbindingen". Rechtsklik op je standaard verbinding en kies "Eigenschappen".
  Klik op het tabblad "Algemeen" en dubbelklik op "Internet-Protocol (TCP/IP)". Selecteer "Automatisch een DNS-serveradres laten toewijzen".

  Herstart de computer.

  Zoek het bestand c\fixwareout\report.txt en post de inhoud van dit bestandje.
  Maak een nieuwe hijackthislog en post deze.
 • [b:d0d7b4dbcd]De inhoud van c\fixwareout\report.txt[/b:d0d7b4dbcd]

  Fixwareout ver 1.003
  Last edited 12/5/2005
  Post this report in the forums please

  Reg Entries that were deleted
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd

  PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

  »»»»» Search by size and names…

  »»»»» Misc files

  »»»»» Checking for older varients covered by the Rem3 tool


  [b:d0d7b4dbcd]De nieuwe hijacklog[/b:d0d7b4dbcd]

  Logfile of HijackThis v1.99.1
  Scan saved at 17:49:54, on 16-12-2005
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\LEXBCES.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\LEXPPS.EXE
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\Mixer.exe
  C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
  C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
  C:\PROGRA~1\Webshots\webshots.scr
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\hijackthis\HijackThis.exe

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ilse.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
  O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
  O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
  O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
  O4 - HKLM\..\Run: [USBToolTip] "D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
  O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v6.cab
  O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
  O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


  We konden [b:d0d7b4dbcd]04 - HKLM\..\Run: [UnSpyPC] "C:\program Files \ UnspyPC\UnspyPC.exe[/b:d0d7b4dbcd]" niet vinden bij het verwijderen.
 • Lijkt me ok.
  Zijn er nog problemen?
 • :S het lijkt erop dat er nog steeds mailtjes verstuurd worden.
  Dan zou de worm er nog in moeten zitten :(
  We hadden wel gelezen dat er een nieuwe variant van die bagelworm rondwaart, maar we kunnen nog geen programmas oid vinden die de worm verwijderen.

  Ondertussen ook met Panda online gescand, maar dus nog geen resultaat…
 • Ik dacht dat het weg was.
  Kan je even een hijackthislog posten?
 • Logfile of HijackThis v1.99.1
  Scan saved at 19:31:35, on 16-12-2005
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\LEXBCES.EXE
  C:\WINDOWS\system32\LEXPPS.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\Mixer.exe
  C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
  C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
  C:\PROGRA~1\Webshots\webshots.scr
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
  C:\hijackthis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ilse.nl/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ilse.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
  O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
  O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
  O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
  O4 - HKLM\..\Run: [USBToolTip] "D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
  O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v6.cab
  O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
  O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
 • Logje lijkt me ok. Probleem is er nog steeds?
 • Ja, helaas…
  Deze AVG melding verschijnt. Later geeft hij dan ook adressen aan waar naar verzonden schijnt te worden.

  [img:d2d2d02493]http://zfc-zaandijk.nl/melding.JPG[/img:d2d2d02493]
 • Op je bureaublad maak je een nieuwe map. Noem die sysclean.
  Ga naar http://www.trendmicro.com/download/dcs.asp en download de "sysclean package".
  Plaats het in de map sysclean die op je bureaublad staat.
  Ga naar http://www.trendmicro.com/download/pattern.asp en download de "Virus Pattern File (Official Pattern Release)" naar je bureaublad.
  Dit bestandje noemt lptXXX.zip, waar bij de xxx staat voor de versie.
  Unzip lptXXX.zip en je krijgt een bestand dat lpt$vpn.XXX noemt.
  verplaats lpt$vpn.XXX naar de map sysclean op je bureaublad.
  start de computer in veilige modus. (zonder netwerkondersteuning)
  Open de map sysclean op je bureaublad en dubbelklik op sysclean.com.
  plaats een vinkje bij "Automatically clean or delete detected files".
  Klik op "Scan".
  Als de scan klaar is wordt er een logje gemaakt in de map sysclean.
  Start de computer in normale modus post dit logje.
  Maak een nieuwe hijackthislog en post deze.
  Vertel even hoe de situatie is.
 • De log:


  /————————————————————–\
  | Trend Micro Sysclean Package |
  | Copyright 2002, Trend Micro, Inc. |
  | http://www.trendmicro.com |
  \————————————————————–/


  2005-12-17, 12:35:05, Auto-clean mode specified.
  2005-12-17, 12:35:05, Running scanner "C:\Documents and Settings\De Wit\Bureaublad\sysclean\TSC.BIN"…
  2005-12-17, 12:38:09, Scanner "C:\Documents and Settings\De Wit\Bureaublad\sysclean\TSC.BIN" has finished running.
  2005-12-17, 12:38:09, TSC Log:

  Damage Cleanup Engine (DCE) 3.9(Build 1020)
  Windows XP(Build 2600: Service Pack 2)

  Start time : za dec 17 2005 12:35:05

  Load Damage Cleanup Template (DCT) "C:\Documents and Settings\De Wit\Bureaublad\sysclean\tsc.ptn" (version 688) [success]

  Complete time : za dec 17 2005 12:38:09
  Execute pattern count(4590), Virus found count(0), Virus clean count(0), Clean failed count(0)

  2005-12-17, 13:29:12, An error occurred while scanning file "C:\Documents and Settings\De Wit\NTUSER.DAT": Toegang geweigerd.
  2005-12-17, 13:29:12, An error occurred while scanning file "C:\Documents and Settings\De Wit\ntuser.dat.LOG": Toegang geweigerd.
  2005-12-17, 14:13:32, An error occurred while scanning file "C:\Documents and Settings\De Wit\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Toegang geweigerd.
  2005-12-17, 14:13:32, An error occurred while scanning file "C:\Documents and Settings\De Wit\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Toegang geweigerd.
  2005-12-17, 15:04:02, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Toegang geweigerd.
  2005-12-17, 15:04:02, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Toegang geweigerd.
  2005-12-17, 15:04:02, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Toegang geweigerd.
  2005-12-17, 15:04:02, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Toegang geweigerd.
  2005-12-17, 16:29:09, Could not set file for reading on "C:\Program Files\Webroot\Spy Sweeper\Quarantine\cx3sa[1].ssq": Toegang geweigerd.
  2005-12-17, 16:31:09, An error was detected on "C:\System Volume Information\*.*": Toegang geweigerd.
  2005-12-17, 16:38:47, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32.EXE-20C463C1.pf": Toegang geweigerd.
  2005-12-17, 16:38:47, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-0B387BE8.pf": Toegang geweigerd.
  2005-12-17, 16:38:47, Could not set file for reading on "C:\WINDOWS\Prefetch\AGE3.EXE-203E5D99.pf": Toegang geweigerd.
  2005-12-17, 16:38:47, Could not set file for reading on "C:\WINDOWS\Prefetch\AGE3.EXE-2AF981FD.pf": Toegang geweigerd.
  2005-12-17, 16:38:47, Could not set file for reading on "C:\WINDOWS\Prefetch\AUTOPATCHER.EXE-29F33733.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\AUTORUN.EXE-08A9DED1.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGEMC.EXE-361B4758.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGW.EXE-00A2F684.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\BEARSHARE.EXE-35739D34.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\CCLEANER.EXE-09CFC2BC.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\CHKTRUST.EXE-08E53633.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\CLEANMGR.EXE-1F86EA8E.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\CWSHREDDER.EXE-2A5C78F3.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\DCSETUP.EXE-055EF2F9.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\DW15.EXE-14986EB8.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\DXDIAG.EXE-220E128D.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\EBU3.EXE-3272066A.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\EXCEL.EXE-1C75F8D6.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\FLMODMANAGER.EXE-175C1199.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\FREELANCER.EXE-33C1BB1C.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\GOOGLEEARTH.EXE-038E3B0E.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\GOOGLEEARTHSETUP.EXE-2341BB29.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\HITMANPRO2.EXE-002E39B0.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\IDRIVER.EXE-078074A8.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\IDRIVER.EXE-20D017F5.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\IDRIVERT.EXE-28903C83.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\IEDW.EXE-1880380E.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\INS1F.TMP-1C05C75F.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\INS2.TMP-09561CC5.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\INS26.TMP-2E76DF5B.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\INSA6.TMP-061C47E6.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\INSTALL.EXE-3AEF1D3F.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\KONINGKERK.EXE-222AFBDC.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\LAUNCHER.EXE-2338774F.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\LIVEUPDATE.EXE-36641ECB.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGAGENT.EXE-027AF92B.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\LXBHJSWX.EXE-15444448.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\LXBHPSWX.EXE-1D80C624.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\MJ3PRO.EXE-07482CCB.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\MMC.EXE-39071BCC.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\MOVIETHUMB.EXE-1014CF6E.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\MSI25.TMP-1ACDCD58.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\MSI6E.TMP-3420B67E.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIMN.EXE-38BA891D.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNMSGR.EXE-366A1A81.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\NERO.EXE-30D5F6F2.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\NEROSTARTSMART.EXE-3289D1AD.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\PACOMP.EXE-00B3DDB5.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\PACRYPT.EXE-2B5988BA.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\PAEXT.EXE-0CFF9873.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\PICASA2.EXE-071EE291.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\PICASAUPDATE.EXE-3AF4C542.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\POWERPNT.EXE-17CE3F4E.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\REGINCD2.EXE-04F8CC5F.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\REGINI.EXE-2BB3D52B.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E27DD0.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-132038E1.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-13503E51.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-14F3136F.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-18FA5081.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-193066A2.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-197DC677.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1C2CBBF3.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1E743BB3.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1EDA2CF6.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-201C3196.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-23083AE6.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-241163D8.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-24DBE541.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-291868A7.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A94BB85.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2DCEDB30.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E5AF1D7.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E63B614.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2EF1189C.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3262DA63.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-33A78B25.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-39B7B8E6.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3E4BB819.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-438F8D2A.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-43970586.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-48DADA97.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4957EBA5.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-0781A665.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-0F40F254.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-279EF08B.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SOL.EXE-1C0C14EB.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SPLASH.EXE-06215C03.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1344276B.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYSWEEPER.EXE-15D18B6A.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYWAREBLASTER.EXE-20CF1E62.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SWDOCTOR.EXE-3205F7BD.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SWKOTOR2.EXE-27BE031F.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\TEAMSPEAK.EXE-3A2528B1.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-3076CD0A.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-10D55173.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMAD.EXE-300A8CDF.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMINF.EXE-18504990.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEF9D.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA2.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA3.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA5.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA6.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WRSSSDK.EXE-053DAB7A.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Toegang geweigerd.
  2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\_WMANSCP.EXE-01383E00.pf": Toegang geweigerd.
  2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Toegang geweigerd.
  2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Toegang geweigerd.
  2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Toegang geweigerd.
  2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Toegang geweigerd.
  2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Toegang geweigerd.
  2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Toegang geweigerd.
  2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Toegang geweigerd.
  2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Toegang geweigerd.
  2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Toegang geweigerd.
  2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Toegang geweigerd.
  2005-12-17, 16:45:16, An error was detected on "C:\WINDOWS\system32\W?nSxS\*.*": De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist.
  2005-12-17, 16:45:16, An error was detected on "C:\WINDOWS\system32\?ppPatch\*.*": De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist.
  2005-12-17, 16:45:16, An error was detected on "C:\WINDOWS\system32\??curity\*.*": De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist.
  2005-12-17, 16:45:25, Running scanner "C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN"…
  2005-12-17, 18:12:39, Files Detected:
  Copyright © 1990 - 2004 Trend Micro Inc.
  Report Date : 12/17/2005 16:45:26
  VSAPI Engine Version : 7.510-1002
  VSCANTM Version : 1.1-1001
  Virus Pattern Version : 111 (115807 Patterns) (2005/12/15) (311100)
  Command Line: C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\De Wit\Bureaublad\sysclean

  179027 files have been read.
  179027 files have been checked.
  164284 files have been scanned.
  310057 files have been scanned. (including files in archived)
  0 files containing viruses.
  Found 0 viruses totally.
  Maybe 0 viruses totally.
  Stop At : 12/17/2005 18:12:39
  ———*———*———*———*———*———*———*———*
  2005-12-17, 18:12:39, Files Clean:
  Copyright © 1990 - 2004 Trend Micro Inc.
  Report Date : 12/17/2005 16:45:25
  VSAPI Engine Version : 7.510-1002
  VSCANTM Version : 1.1-1001
  Virus Pattern Version : 111 (115807 Patterns) (2005/12/15) (311100)
  Command Line: C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\De Wit\Bureaublad\sysclean

  179027 files have been read.
  179027 files have been checked.
  164284 files have been scanned.
  310057 files have been scanned. (including files in archived)
  0 files containing viruses.
  Found 0 viruses totally.
  Maybe 0 viruses totally.
  Stop At : 12/17/2005 18:12:39 1 hour 27 minutes 8 seconds (5227.89 seconds) has elapsed.

  ———*———*———*———*———*———*———*———*
  2005-12-17, 18:12:39, Clean Fail:
  Copyright © 1990 - 2004 Trend Micro Inc.
  Report Date : 12/17/2005 16:45:25
  VSAPI Engine Version : 7.510-1002
  VSCANTM Version : 1.1-1001
  Virus Pattern Version : 111 (115807 Patterns) (2005/12/15) (311100)
  Command Line: C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\De Wit\Bureaublad\sysclean

  179027 files have been read.
  179027 files have been checked.
  164284 files have been scanned.
  310057 files have been scanned. (including files in archived)
  0 files containing viruses.
  Found 0 viruses totally.
  Maybe 0 viruses totally.
  Stop At : 12/17/2005 18:12:39 1 hour 27 minutes 8 seconds (5227.89 seconds) has elapsed.

  ———*———*———*———*———*———*———*———*
  2005-12-17, 18:12:39, Scanner "C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN" has finished running.
  2005-12-17, 19:57:32, An error was detected on "D:\System Volume Information\*.*": Toegang geweigerd.
  2005-12-17, 19:58:30, Running scanner "C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN"…
  2005-12-17, 20:23:51, Files Detected:
  Copyright © 1990 - 2004 Trend Micro Inc.
  Report Date : 12/17/2005 19:58:30
  VSAPI Engine Version : 7.510-1002
  VSCANTM Version : 1.1-1001
  Virus Pattern Version : 111 (115807 Patterns) (2005/12/15) (311100)
  Command Line: C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\De Wit\Bureaublad\sysclean

  57025 files have been read.
  57025 files have been checked.
  49788 files have been scanned.
  56775 files have been scanned. (including files in archived)
  0 files containing viruses.
  Found 0 viruses totally.
  Maybe 0 viruses totally.
  Stop At : 12/17/2005 20:23:51
  ———*———*———*———*———*———*———*———*
  2005-12-17, 20:23:51, Files Clean:
  Copyright © 1990 - 2004 Trend Micro Inc.
  Report Date : 12/17/2005 19:58:30
  VSAPI Engine Version : 7.510-1002
  VSCANTM Version : 1.1-1001
  Virus Pattern Version : 111 (115807 Patterns) (2005/12/15) (311100)
  Command Line: C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\De Wit\Bureaublad\sysclean

  57025 files have been read.
  57025 files have been checked.
  49788 files have been scanned.
  56775 files have been scanned. (including files in archived)
  0 files containing viruses.
  Found 0 viruses totally.
  Maybe 0 viruses totally.
  Stop At : 12/17/2005 20:23:51 25 minutes 15 seconds (1515.09 seconds) has elapsed.

  ———*———*———*———*———*———*———*———*
  2005-12-17, 20:23:51, Clean Fail:
  Copyright © 1990 - 2004 Trend Micro Inc.
  Report Date : 12/17/2005 19:58:30
  VSAPI Engine Version : 7.510-1002
  VSCANTM Version : 1.1-1001
  Virus Pattern Version : 111 (115807 Patterns) (2005/12/15) (311100)
  Command Line: C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\De Wit\Bureaublad\sysclean

  57025 files have been read.
  57025 files have been checked.
  49788 files have been scanned.
  56775 files have been scanned. (including files in archived)
  0 files containing viruses.
  Found 0 viruses totally.
  Maybe 0 viruses totally.
  Stop At : 12/17/2005 20:23:51 25 minutes 15 seconds (1515.09 seconds) has elapsed.

  ———*———*———*———*———*———*———*———*
  2005-12-17, 20:23:51, Scanner "C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN" has finished running.

  en het probleem is nog niet verholpen

  helaas :cry:
 • hier maak ik me zorgen over:
  2005-12-17, 16:45:16, An error was detected on "C:\WINDOWS\system32\W?nSxS\*.*": De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist.
  2005-12-17, 16:45:16, An error was detected on "C:\WINDOWS\system32\?ppPatch\*.*": De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist.
  2005-12-17, 16:45:16, An error was detected on "C:\WINDOWS\system32\??curity\*.*": De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist.

  Kijk eens of je deze mappen kan vinden. De vraagtekens zullen vervangen zijn door een letter van ons alfabet (dit is slechts schijn).
  Waarschijnlijk zit daar de boosdoener in verstopt.
  Laat even weten hoe de namen van die mappen luiden en welke bestanden je daar vindt.
  Kan zijn dat je dit in veilige modus moet proberen.
 • Ik kan deze mappen niet thuisbrengen in de system32-map. (wel in de windows map)
  Kan je eens iets proberen.
  Open de system32 map, rechtsklik en kies Nieuw - Nieuwe map.
  Noem deze map Securtiy.
  Probeer dit ook voor Winsxs en voor AppPatch.

  Laat me weten of dit lukt zonder meldingen dat de map al bestaat.
 • De mappen kunnen zonder problemen worden aangemaakt.
 • Ik dacht wel dat dit zou lukken.

  Probeer die andere mappen te verwijderen. Doe dit in veilige modus.
  Laat even weten of het lukt.
  Kan je die mappen niet verwijderen, dan hernoem je de mappen.
  Kijk of dit je probleem oplost.
 • Alle 3 de mappen zijn verwijderd.

  Het probleem blijft helaas bestaan :cry:
 • Maak even een hijackthislog en post deze.
 • De nieuwe log:

  Logfile of HijackThis v1.99.1
  Scan saved at 18:43:10, on 18-12-2005
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\LEXBCES.EXE
  C:\WINDOWS\system32\LEXPPS.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  C:\WINDOWS\Mixer.exe
  C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
  C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
  D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
  C:\PROGRA~1\Webshots\webshots.scr
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\hijackthis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ilse.nl/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ilse.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
  O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
  O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
  O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
  O4 - HKLM\..\Run: [USBToolTip] "D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
  O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
  O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v6.cab
  O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
  O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4650/mcfscan.cab
  O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
  O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

  Kaspersky vond 1 virus:
  Trojan.win32.qhost.el

  Het lijkt er op dat het probleem verholpen is :)
 • Logje ziet er goed uit.
  Kasperksy heeft de trojan kunnen verwijderen?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.