Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hijackthis log. Wat te doen?

Anoniem
None
9 antwoorden
  • Op de computervan mijn dochters is window's ERG traag. kan iemand het Hijackthis log bekijken en mij vertellen wat te doen?
    n.b. ik ben absoluut geen expert op computer gebied.
    alvast bedankt.
    Harm Scheper


    Logfile of HijackThis v1.99.1
    Scan saved at 13:05:31, on 14-12-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\WINDOWS\system32\NVATray.exe
    C:\Program Files\Microsoft Works\WkDetect.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Harm\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imonline.nl/D-lys
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082
    l-nl\msntb.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082
    l-nl\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119
    l-nl\bin\WindowsSearch.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082
    l-nl\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119
    l-nl\msntabres.dll/229?4f18ffbc7984ef884d4ecc21fae8751
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119
    l-nl\msntabres.dll/230?4f18ffbc7984ef884d4ecc21fae8751
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin3.dll
    O12 - Plugin for .MPG: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin3.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140558630156
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe










  • Niet veel bijzonders te zien in het logje, ik bedoel dus aan malware.

    Voer onderstaande uit aub.
    Start HJT opnieuw en doe een systemscan only, vink deze regel aan en klik op fix checked.

    [b:94bff7ce39]O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k[/b:94bff7ce39]


    · [u:94bff7ce39]Clean de Cache and Cookies in
  • Hallo J.,
    Heb alles uitgevoerd wat je schreef en doe hierbij een log van Combofix
    en HJT. hoop dat je er wat mee kunt. Kan nu niet meer verder want de meiden gaan naar bed.
    groet Harm.

    Owner - 06-12-15 21:41:21,64 Service Pack 2
    ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Owner\Bureaublad"

    ((((((((((((((((((((((((((((((( Files Created from 2006-11-15 to 2006-12-15 ))))))))))))))))))))))))))))))))))


    2006-12-15 13:43 <DIR> dr-h—– C:\Documents and Settings\Owner\Onlangs geopend
    2006-12-15 11:57 <DIR> d——– C:\Documents and Settings\All Users\Application Data\TEMP
    2006-12-08 11:32 <DIR> d——– C:\Program Files\Windows Media Connect 2
    2006-12-08 11:29 <DIR> d——– C:\WINDOWS\system32\drivers\UMDF
    2006-12-06 16:49 <DIR> d——– C:\WINDOWS\WBEM
    2006-12-06 16:49 <DIR> d——– C:\WINDOWS\system32
    l-nl
    2006-12-06 16:47 <DIR> d–h—– C:\WINDOWS\ie7
    2006-12-06 16:44 121,856 ——— C:\WINDOWS\system32\xmllite.dll
    2006-12-06 16:42 <DIR> d——– C:\WINDOWS
    etwork diagnostic
    2006-12-06 11:05 816,672 –a—— C:\WINDOWS\system32\drivers\avg7core.sys
    2006-12-06 11:05 4,224 –a—— C:\WINDOWS\system32\drivers\avg7rsw.sys
    2006-12-06 11:05 3,968 –a—— C:\WINDOWS\system32\drivers\avgclean.sys
    2006-12-06 11:05 28,416 –a—— C:\WINDOWS\system32\drivers\avg7rsxp.sys
    2006-12-06 11:05 18,240 –a—— C:\WINDOWS\system32\drivers\avgmfx86.sys
    2006-12-06 11:05 <DIR> d——– C:\Documents and Settings\Owner\Application Data\AVG7
    2006-12-06 11:04 <DIR> d——– C:\Program Files\Grisoft
    2006-12-06 11:04 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Grisoft
    2006-12-05 11:03 <DIR> d——– C:\Program Files\Windows Defender
    2006-12-04 16:30 51,072 –a—— C:\WINDOWS\system32\drivers\ikhlayer.sys
    2006-12-04 16:30 30,592 –a—— C:\WINDOWS\system32\drivers\ikhfile.sys
    2006-12-04 16:30 <DIR> d——– C:\Program Files\Spyware Doctor
    2006-12-04 16:30 <DIR> d——– C:\Documents and Settings\Owner\Application Data\PC Tools
    2006-12-04 16:28 78,336 –a—— C:\WINDOWS\system32\drivers\ssi.sys
    2006-12-04 16:28 102,912 –a—— C:\WINDOWS\system32\islzma.dll
    2006-12-04 16:28 <DIR> d——– C:\Program Files\Webroot
    2006-12-04 16:28 <DIR> d——– C:\Program Files\Lavasoft
    2006-12-04 16:28 <DIR> d——– C:\Documents and Settings\Owner\Application Data\Webroot
    2006-12-04 16:27 <DIR> d——– C:\Program Files\SpywareBlaster
    2006-12-04 16:18 <DIR> d——– C:\Program Files\Hitman Pro
    2006-12-04 15:38 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Avg7
    2006-12-04 13:35 <DIR> d——– C:\Documents and Settings\Owner\Application Data\Lavasoft
    2006-12-04 13:13 <DIR> d——– C:\Program Files\Spybot - Search & Destroy
    2006-12-04 13:13 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2006-12-04 12:55 <DIR> d——– C:\WINDOWS\system32\GroupPolicy
    2006-12-04 10:36 <DIR> d——– C:\WINDOWS\system32\ActiveScan
    2006-11-23 11:05 39,488 –a—— C:\WINDOWS\system32\drivers\Pcouffin.sys
    2006-11-23 11:05 <DIR> d——– C:\Program Files\CloneDVD
    2006-11-15 18:02 <DIR> d——– C:\Program Files\MSXML 4.0
    2006-11-15 18:02 <DIR> d——– C:\237ed50681ade7f7ccce2e80


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-12-15 21:13 376 –a—— C:\Documents and Settings\Owner\Application Data\.googlewebacchosts
    2006-12-06 19:48 82448 –a—— C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
    2006-11-14 09:52 1880 –a—— C:\WINDOWS\AUTOLNCH.REG
    2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 21:03 6049280 ——— C:\WINDOWS\system32\ieframe.dll
    2006-11-07 21:03 50688 ——— C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-07 21:03 458752 ——— C:\WINDOWS\system32\msfeeds.dll
    2006-11-07 21:03 413696 –a—— C:\WINDOWS\system32\vbscript.dll
    2006-11-07 21:03 231424 –a—— C:\WINDOWS\system32\webcheck.dll
    2006-11-07 21:03 180736 ——— C:\WINDOWS\system32\ieui.dll
    2006-11-07 21:03 156160 –a—— C:\WINDOWS\system32\msls31.dll
    2006-11-07 03:27 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
    2006-11-07 03:27 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
    2006-11-07 03:26 71680 –a—— C:\WINDOWS\system32\admparse.dll
    2006-11-07 03:26 55296 –a—— C:\WINDOWS\system32\iesetup.dll
    2006-11-07 03:26 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
    2006-11-07 03:26 43008 –a—— C:\WINDOWS\system32\iernonce.dll
    2006-11-07 03:26 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
    2006-11-07 03:26 13312 –a—— C:\WINDOWS\system32\ieudinit.exe
    2006-11-07 03:26 123904 –a—— C:\WINDOWS\system32\advpack.dll
    2006-11-07 03:25 161792 –a—— C:\WINDOWS\system32\ieakui.dll
    2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
    2006-11-02 23:35 8271872 –a—— C:\WINDOWS\system32\wmploc.dll
    2006-11-02 22:53 99840 –a—— C:\WINDOWS\system32\wmpshell.dll
    2006-11-02 22:52 257536 –a—— C:\WINDOWS\system32\wmerror.dll
    2006-11-02 22:50 7680 –a—— C:\WINDOWS\system32\asferror.dll
    2006-11-02 11:52 42496 ——— C:\WINDOWS\system32\wpdshextres.dll
    2006-10-29 15:53 63488 –a—— C:\WINDOWS\xobglu16.dll
    2006-10-29 15:53 23552 –a—— C:\WINDOWS\xobglu32.dll
    2006-10-29 15:52 ——– d——– C:\Program Files\Lasermedia
    2006-10-20 13:23 ——– d——– C:\Program Files\Avanquest update
    2006-10-20 13:17 ——– d——– C:\Program Files\Motorola Phone Tools
    2006-10-20 02:39 714752 –a—— C:\WINDOWS\system32\sxs.dll
    2006-10-18 21:58 8704 –a—— C:\WINDOWS\system32\wdfmgr.exe
    2006-10-18 21:58 8704 –a—— C:\WINDOWS\system32\uwdf.exe
    2006-10-18 21:47 991744 –a—— C:\WINDOWS\system32\drmv2clt.dll
    2006-10-18 21:47 937984 –a—— C:\WINDOWS\system32\WMNetMgr.dll
    2006-10-18 21:47 767488 ——— C:\WINDOWS\system32\WMVSENCD.dll
    2006-10-18 21:47 757248 –a—— C:\WINDOWS\system32\WMADMOD.dll
    2006-10-18 21:47 656896 ——— C:\WINDOWS\system32\WMVXENCD.dll
    2006-10-18 21:47 63488 –a—— C:\WINDOWS\system32\wpdmtpus.dll
    2006-10-18 21:47 629760 –a—— C:\WINDOWS\system32\wpd_ci.dll
    2006-10-18 21:47 613376 ——— C:\WINDOWS\system32\wmpmde.dll
    2006-10-18 21:47 603648 –a—— C:\WINDOWS\system32\WMSPDMOD.dll
    2006-10-18 21:47 542720 –a—— C:\WINDOWS\system32\blackbox.dll
    2006-10-18 21:47 535040 ——— C:\WINDOWS\system32\wmdrmsdk.dll
    2006-10-18 21:47 429056 –a—— C:\WINDOWS\system32\WMDRMdev.dll
    2006-10-18 21:47 414208 –a—— C:\WINDOWS\system32\msscp.dll
    2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\wmvdmoe2.dll
    2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\wmvdmod.dll
    2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\WMVADVE.DLL
    2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\WMVADVD.dll
    2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\wmsdmoe2.dll
    2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\wmsdmod.dll
    2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\wdfapi.dll
    2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\MPG4DMOD.dll
    2006-10-18 21:47 4096 ——— C:\WINDOWS\system32\MP4SDMOD.dll
    2006-10-18 21:47 4096 ——— C:\WINDOWS\system32\MP43DMOD.dll
    2006-10-18 21:47 37376 –a—— C:\WINDOWS\system32\wmdmps.dll
    2006-10-18 21:47 35840 –a—— C:\WINDOWS\system32\wpdconns.dll
    2006-10-18 21:47 356352 –a—— C:\WINDOWS\system32\wpdsp.dll
    2006-10-18 21:47 348672 –a—— C:\WINDOWS\system32\WMDRMNet.dll
    2006-10-18 21:47 33792 –a—— C:\WINDOWS\system32\wmdmlog.dll
    2006-10-18 21:47 321536 –a—— C:\WINDOWS\system32\mswmdm.dll
    2006-10-18 21:47 317440 ——— C:\WINDOWS\system32\MP4SDECD.dll
    2006-10-18 21:47 314880 –a—— C:\WINDOWS\system32\wmpdxm.dll
    2006-10-18 21:47 295936 ——— C:\WINDOWS\system32\wmpeffects.dll
    2006-10-18 21:47 284160 ——— C:\WINDOWS\system32\PortableDeviceApi.dll
    2006-10-18 21:47 276992 –a—— C:\WINDOWS\system32\Audiodev.dll
    2006-10-18 21:47 27136 –a—— C:\WINDOWS\system32\MsPMSNSv.dll
    2006-10-18 21:47 2603008 ——— C:\WINDOWS\system32\WpdShext.dll
    2006-10-18 21:47 259072 ——— C:\WINDOWS\system32\MPG4DECD.dll
    2006-10-18 21:47 259072 ——— C:\WINDOWS\system32\MP43DECD.dll
    2006-10-18 21:47 2450944 –a—— C:\WINDOWS\system32\wmvcore.dll
    2006-10-18 21:47 242688 –a—— C:\WINDOWS\system32\wmpasf.dll
    2006-10-18 21:47 229376 –a—— C:\WINDOWS\system32\cewmdm.dll
    2006-10-18 21:47 222208 –a—— C:\WINDOWS\system32\WMASF.dll
    2006-10-18 21:47 212992 ——— C:\WINDOWS\system32\MFPLAT.dll
    2006-10-18 21:47 211456 –a—— C:\WINDOWS\system32\qasf.dll
    2006-10-18 21:47 204288 –a—— C:\WINDOWS\system32\wmpsrcwp.dll
    2006-10-18 21:47 199168 ——— C:\WINDOWS\system32\PortableDeviceWMDRM.dll
    2006-10-18 21:47 179712 –a—— C:\WINDOWS\system32\msnetobj.dll
    2006-10-18 21:47 175616 –a—— C:\WINDOWS\system32\MsPMSP.dll
    2006-10-18 21:47 166912 ——— C:\WINDOWS\system32\PortableDeviceTypes.dll
    2006-10-18 21:47 1661440 –a—— C:\WINDOWS\system32\wmpencen.dll
    2006-10-18 21:47 1574912 ——— C:\WINDOWS\system32\WMVENCOD.dll
    2006-10-18 21:47 157184 –a—— C:\WINDOWS\system32\wmidx.dll
    2006-10-18 21:47 154624 –a—— C:\WINDOWS\system32\wpdmtp.dll
    2006-10-18 21:47 1543680 ——— C:\WINDOWS\system32\WMVDECOD.dll
    2006-10-18 21:47 1382912 ——— C:\WINDOWS\system32\WMVSDECD.dll
    2006-10-18 21:47 133632 ——— C:\WINDOWS\system32\WPDShServiceObj.dll
    2006-10-18 21:47 1329152 –a—— C:\WINDOWS\system32\WMSPDMOE.dll
    2006-10-18 21:47 132096 ——— C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
    2006-10-18 21:47 130048 ——— C:\WINDOWS\system32\wmpps.dll
    2006-10-18 21:47 11264 –a—— C:\WINDOWS\system32\LAPRXY.dll
    2006-10-18 21:47 1117696 –a—— C:\WINDOWS\system32\WMADMOE.dll
    2006-10-18 21:47 101888 ——— C:\WINDOWS\system32\PortableDeviceClassExtension.dll
    2006-10-18 20:03 100864 –a—— C:\WINDOWS\system32\logagent.exe
    2006-10-18 20:00 38528 –a—— C:\WINDOWS\system32\drivers\wpdusb.sys
    2006-10-18 20:00 249856 ——— C:\WINDOWS\system32\drmupgds.exe
    2006-10-18 20:00 17408 ——— C:\WINDOWS\system32\wpdshextautoplay.exe
    2006-10-17 12:06 78336 –a—— C:\WINDOWS\system32\ieencode.dll
    2006-10-17 12:05 40960 –a—— C:\WINDOWS\system32\licmgr10.dll
    2006-10-17 12:05 206336 ——— C:\WINDOWS\system32\WinFXDocObj.exe
    2006-10-17 12:05 105984 –a—— C:\WINDOWS\system32\url.dll
    2006-10-17 12:04 101376 –a—— C:\WINDOWS\system32\occache.dll
    2006-10-17 12:03 17408 –a—— C:\WINDOWS\system32\corpol.dll
    2006-10-17 11:58 61952 ——— C:\WINDOWS\system32\icardie.dll
    2006-10-17 11:58 12288 ——— C:\WINDOWS\system32\msfeedssync.exe
    2006-10-17 11:57 36352 –a—— C:\WINDOWS\system32\imgutil.dll
    2006-10-17 11:57 266752 ——— C:\WINDOWS\system32\iertutil.dll
    2006-10-17 11:56 45568 –a—— C:\WINDOWS\system32\mshta.exe
    2006-10-17 11:28 48128 –a—— C:\WINDOWS\system32\mshtmler.dll
    2006-10-17 11:27 380928 ——— C:\WINDOWS\system32\ieapfltr.dll
    2006-10-13 13:41 144384 –a—— C:\WINDOWS\system32
    wprovau.dll
    2006-10-02 15:28 312128 ——— C:\WINDOWS\system32\msdelta.dll
    2006-09-28 20:13 95344 ——— C:\WINDOWS\system32\WUDFCoinstaller.dll
    2006-09-28 18:56 55808 ——— C:\WINDOWS\system32\WudfSvc.dll
    2006-09-28 18:56 316416 ——— C:\WINDOWS\system32\WUDFx.dll
    2006-09-28 18:56 165376 ——— C:\WINDOWS\system32\WudfPlatform.dll
    2006-09-28 18:56 146432 ——— C:\WINDOWS\system32\WudfHost.exe
    2006-09-25 17:58 23856 –a—— C:\WINDOWS\system32\spupdsvc.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "VirtualCloneDrive"="\"C:\\Program Files\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
    "nwiz"="nwiz.exe /install"
    "NVIDIA nForce APU1 Utilities"="NVATray.exe"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
    "Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
    "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
    "CloneCDTray"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\CloneCDTray.exe\""
    "CloneCDElbyCDFL"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
    "NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
    "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000004

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "Spyware Doctor"=""
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
    "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "Spyware Doctor"=""
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
    "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    Completion time: 06-12-15 21:42:28.37
    C:\ComboFix.txt … 06-12-15 21:42





    Logfile of HijackThis v1.99.1
    Scan saved at 22:02:45, on 15-12-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\WINDOWS\system32\NVATray.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Microsoft Works\WkDetect.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119
    l-nl\bin\WindowsSearch.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119
    l-nl\bin\WindowsSearchIndexer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Google\Web Accelerator\googlewebaccwarden.exe
    C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Tijdelijke map 3 voor hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imonline.nl/D-lys
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082
    l-nl\msntb.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082
    l-nl\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119
    l-nl\bin\WindowsSearch.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082
    l-nl\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119
    l-nl\msntabres.dll/229?4f18ffbc7984ef884d4ecc21fae8751
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119
    l-nl\msntabres.dll/230?4f18ffbc7984ef884d4ecc21fae8751
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin3.dll
    O12 - Plugin for .MPG: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin3.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140558630156
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    succes en bedankt zover.















  • Hallo,

    Niet geschoten is altijd mis ?

    Wil je Hitmanpro uninstallen met alle componenten aub.

    Aub onderstaande proberen uit te voeren .
    Download [b:b73c35891f] naar je Bureaublad:[list:b73c35891f][*:b73c35891f]Dubbelklik [b:b73c35891f]drweb-cureit.exe[/b:b73c35891f] Klik op udate
    [*:b73c35891f]Na de update verschijnt er een nieuw icoontje op je buroblad "CureIt.exe" dubbelklik het en klik op Scan, sta het toe om de express scan te starten.
    [*:b73c35891f]Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
    klik de [b:b73c35891f]Yes to all[/b:b73c35891f] knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    [*:b73c35891f]Eenmaal de korte scan is beëindigd, kan je de drives selecteren die je wilt laten scannen.
    [*:b73c35891f]Selecteer hier [b:b73c35891f]alle drives[/b:b73c35891f]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    [*:b73c35891f]Klik daarna de [b:b73c35891f]groene pijl[/b:b73c35891f] rechts om de scan te starten.
    [*:b73c35891f]Klik [b:b73c35891f]Yes to all[/b:b73c35891f] wanneer er gevraagd wordt om cure of move uit te voeren.
    [*:b73c35891f]Wanneer de scan beëindigd is, kijk of je kunt op het icoontje naast de gevonden bestanden klikken: [img:b73c35891f]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:b73c35891f]
    [*:b73c35891f]Indien ja,klik er op en klik vervolgens op het icoontje er juist onder en selecteer [b:b73c35891f]Move incurable[/b:b73c35891f] zoals je hier ziet:
    [img:b73c35891f]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:b73c35891f]
    Dit verplaatst gevonden bestanden naar de "%userprofile%\DoctorWeb\quarantaine-map" indien herstel niet mogelijk is.
    [*:b73c35891f]Nadat de scan gedaan is, in het menu bovenaan, klik [b:b73c35891f]File[/b:b73c35891f] en kies [b:b73c35891f]Save report List[/b:b73c35891f]. Bewaar het op je Bureaublad.
    [*:b73c35891f]Sluit daarna Dr.Web Cureit.
    [*:b73c35891f][b:b73c35891f]Herstart[/b:b73c35891f] je computer!! [i:b73c35891f]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart[/i:b73c35891f].
    [*:b73c35891f]Na het herstarten, [b:b73c35891f]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post[/b:b73c35891f].
    [/list:u:b73c35891f]

    Negeer popups over Buy of 50% korting

    Plaats ook een nieuw HJT logje.

    J
  • hallo J,

    Ik heb de door jouw gevraagde actie's uitgevoerd. De actie's met de icoontjes van DrWeb is niet gelukt. kreeg de icoontjes niet werkend
    hierbij de logjes van DrWeb en HJT.



    DrWeb-log:

    ysb_prompt.Vhtm C:\Program Files\Harm\Serial for CloneCD_bestanden Trojan.Isbar.83 Deleted.


    HJT-log

    Logfile of HijackThis v1.99.1
    Scan saved at 13:59:34, on 19-12-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\WINDOWS\system32\NVATray.exe
    C:\Program Files\Microsoft Works\WkDetect.exe
    C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119
    l-nl\bin\WindowsSearch.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119
    l-nl\bin\WindowsSearchIndexer.exe
    C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119
    l-nl\bin\WindowsSearchFilter.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Tijdelijke map 5 voor hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imonline.nl/D-lysclub
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082
    l-nl\msntb.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082
    l-nl\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119
    l-nl\bin\WindowsSearch.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082
    l-nl\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119
    l-nl\msntabres.dll/229?4f18ffbc7984ef884d4ecc21fae8751
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119
    l-nl\msntabres.dll/230?4f18ffbc7984ef884d4ecc21fae8751
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin3.dll
    O12 - Plugin for .MPG: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin3.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140558630156
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    Hopelijk kun je hier wat mee,
    groeten,
    Harm













  • Hoi J.,

    Ik vond in kladblok nog een compleet log van DrWeb. dit hoort eigenlijk bij het vorige bericht.
    groet
    Harm


    =============================================================================
    Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060)
    Copyright © Igor Daniloff, 1992-2006
    Log generated on: 2006-12-18, 19:04:08 [KINDEREN][Owner]
    Command-line: "C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
    Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2
    =============================================================================
    Engine version: 4.33 (4.33.5.10110)
    Engine API version: 2.01
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 251 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43361.cdb - 879 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43360.cdb - 988 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 356 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 8 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\cwn43306.cdb - 781 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 772 virus records
    [Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
    Total virus records: 162403
    Key file: C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\cureit.key
    License key number: 0000000010
    Registered to: Dr.Web CureIt Project
    License key activates: 2005-03-05
    License key expires: 2007-03-05

    —————————————————————————–
    Scan statistics
    —————————————————————————–
    Objects scanned: 0
    Infected objects found: 0
    Objects with modifications found: 0
    Suspicious objects found: 0
    Adware programs found: 0
    Dialer programs found: 0
    Joke programs found: 0
    Riskware programs found: 0
    Hacktool programs found: 0
    Objects cured: 0
    Objects deleted: 0
    Objects renamed: 0
    Objects moved: 0
    Objects ignored: 0
    Scan speed: 0 Kb/s
    Scan time: 00:00:00
    —————————————————————————–

    [Scan path] c:\documents and settings\all users\menu start\programma's\opstarten\desktop.ini
    [Scan path] c:\documents and settings\all users\menu start\programma's\opstarten\herinneringen van microsoft works agenda.lnk
    [Scan path] c:\documents and settings\all users\menu start\programma's\opstarten\microsoft works calendar reminders.lnk
    [Scan path] c:\documents and settings\owner\bureaublad\cureit.exe
    [Scan path] c:\documents and settings\owner\local settings\temp\rarsfx0\_start.exe
    [Scan path] c:\documents and settings\owner\local settings\temp\rarsfx0\cureit.exe
    [Scan path] c:\documents and settings\owner\menu start\programma's\opstarten\desktop.ini
    [Scan path] c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
    [Scan path] c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    [Scan path] c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe
    [Scan path] c:\program files\common files\microsoft shared\dw\dwtrig20.exe
    [Scan path] c:\program files\common files\microsoft shared\information retrieval\msitss.dll
    [Scan path] c:\program files\common files\microsoft shared\web components\10\owc10.dll
    [Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll
    [Scan path] c:\program files\common files\microsoft shared\web folders\pkmcdo.dll
    [Scan path] c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
    [Scan path] c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
    [Scan path] c:\program files\common files\system\ole db\oledb32.dll
    [Scan path] c:\program files\elaborate bytes\clonecd\clonecdtray.exe
    [Scan path] c:\program files\elaborate bytes\clonecd\elbycheck.exe
    [Scan path] c:\program files\elaborate bytes\virtualclonedrive\elbyvcdshell.dll
    [Scan path] c:\program files\elaborate bytes\virtualclonedrive\vcddaemon.exe
    [Scan path] c:\program files\google\googletoolbar3.dll
    [Scan path] c:\program files\google\googletoolbarnotifier\1.2.908.5008\googletoolbarnotifier.exe
    [Scan path] c:\program files\google\web accelerator\googlewebaccclient.exe
    [Scan path] c:\program files\google\web accelerator\googlewebacctoolbar.dll
    [Scan path] c:\program files\google\web accelerator\googlewebaccwarden.exe
    [Scan path] c:\program files\grisoft\avg free\avgamsvr.exe
    [Scan path] c:\program files\grisoft\avg free\avgcc.exe
    [Scan path] c:\program files\grisoft\avg free\avgse.dll
    [Scan path] c:\program files\grisoft\avg free\avgupsvc.exe
    [Scan path] c:\program files\grisoft\avg free\avgw.exe
    [Scan path] c:\program files\internet explorer\iexplore.exe
    [Scan path] c:\program files\java\jre1.5.0_09\bin\jusched.exe
    [Scan path] c:\program files\java\jre1.5.0_09\bin\ssv.dll
    [Scan path] c:\program files\messenger\msmsgs.exe
    [Scan path] c:\program files\microsoft activesync\aatp.dll
    [Scan path] c:\program files\microsoft activesync\wcescomm.exe
    [Scan path] c:\program files\microsoft office\office10\msohev.dll
    [Scan path] c:\program files\microsoft office\office10\olkfstub.dll
    [Scan path] c:\program files\microsoft office\office10\osa.exe
    [Scan path] c:\program files\microsoft works\wkdetect.exe
    [Scan path] c:\program files\microsoft works\wkssb.exe
    [Scan path] c:\program files\msn messenger\fsshext.8.0.0812.00.dll
    [Scan path] c:\program files\msn messenger\msgrapp.8.0.0812.00.dll
    [Scan path] c:\program files\msn messenger\msnmsgr.exe
    [Scan path] c:\program files\msn toolbar suite\db\02.05.0000.1082
    l-nl\deskbar.dll
    [Scan path] c:\program files\msn toolbar suite\ds\02.05.0001.1119
    l-nl\bin\windowssearch.exe
    [Scan path] c:\program files\msn toolbar suite\ext\02.05.0001.1119
    l-nl\msnlext.dll
    [Scan path] c:\program files\msn toolbar suite\tb\02.05.0000.1082
    l-nl\msntb.dll
    [Scan path] c:\program files
    vidia corporation
    vmixer
    vmixertray.exe
    [Scan path] c:\program files\outlook express\setup50.exe
    [Scan path] c:\program files\outlook express\wabfind.dll
    [Scan path] c:\program files\spybot - search & destroy\sdhelper.dll
    [Scan path] c:\program files\windows defender\mpshhook.dll
    [Scan path] c:\program files\windows defender\msascui.exe
    [Scan path] c:\program files\windows defender\msmpeng.exe
    [Scan path] c:\program files\windows media player\wmpnetwk.exe
    [Scan path] c:\windows\explorer.exe
    [Scan path] c:\windows\inf\unregmp2.exe
    [Scan path] c:\windows\microsoft.net\framework\v1.1.4322\aspnet_state.exe
    [Scan path] c:\windows\msagent\agentpsh.dll
    [Scan path] c:\windows
    etwork diagnostic\xpnetdiag.exe
    [Scan path] c:\windows\system32\advapi32.dll
    [Scan path] c:\windows\system32\advpack.dll
    [Scan path] c:\windows\system32\alg.exe
    [Scan path] c:\windows\system32\appwiz.cpl
    [Scan path] c:\windows\system32\audiodev.dll
    [Scan path] c:\windows\system32\autochk.exe
    [Scan path] c:\windows\system32\browseui.dll
    [Scan path] c:\windows\system32\cabview.dll
    [Scan path] c:\windows\system32\cisvc.exe
    [Scan path] c:\windows\system32\clipsrv.exe
    [Scan path] c:\windows\system32\cnbjmon.dll
    [Scan path] c:\windows\system32\comdlg32.dll
    [Scan path] c:\windows\system32\crypt32.dll
    [Scan path] c:\windows\system32\cryptext.dll
    [Scan path] c:\windows\system32\cryptnet.dll
    [Scan path] c:\windows\system32\cscdll.dll
    [Scan path] c:\windows\system32\cscui.dll
    [Scan path] c:\windows\system32\csrss.exe
    [Scan path] c:\windows\system32\ctfmon.exe
    [Scan path] c:\windows\system32\deskadp.dll
    [Scan path] c:\windows\system32\deskmon.dll
    [Scan path] c:\windows\system32\deskperf.dll
    [Scan path] c:\windows\system32\dfsshlex.dll
    [Scan path] c:\windows\system32\diskcopy.dll
    [Scan path] c:\windows\system32\dllhost.exe
    [Scan path] c:\windows\system32\dmadmin.exe
    [Scan path] c:\windows\system32\docprop.dll
    [Scan path] c:\windows\system32\docprop2.dll
    [Scan path] c:\windows\system32\drivers\acpi.sys
    [Scan path] c:\windows\system32\drivers\aec.sys
    [Scan path] c:\windows\system32\drivers\afd.sys
    [Scan path] c:\windows\system32\drivers\amdk7.sys
    [Scan path] c:\windows\system32\drivers\arp1394.sys
    [Scan path] c:\windows\system32\drivers\asyncmac.sys
    [Scan path] c:\windows\system32\drivers\atapi.sys
    [Scan path] c:\windows\system32\drivers\atmarpc.sys
    [Scan path] c:\windows\system32\drivers\audstub.sys
    [Scan path] c:\windows\system32\drivers\avg7core.sys
    [Scan path] c:\windows\system32\drivers\avg7rsw.sys
    [Scan path] c:\windows\system32\drivers\avg7rsxp.sys
    [Scan path] c:\windows\system32\drivers\avgclean.sys
    [Scan path] c:\windows\system32\drivers\avmwan.sys
    [Scan path] c:\windows\system32\drivers\ccdecode.sys
    [Scan path] c:\windows\system32\drivers\cdrom.sys
    [Scan path] c:\windows\system32\drivers\disk.sys
    [Scan path] c:\windows\system32\drivers\dmboot.sys
    [Scan path] c:\windows\system32\drivers\dmio.sys
    [Scan path] c:\windows\system32\drivers\dmload.sys
    [Scan path] c:\windows\system32\drivers\dmusic.sys
    [Scan path] c:\windows\system32\drivers\drmkaud.sys
    [Scan path] c:\windows\system32\drivers\elbycdfl.sys
    [Scan path] c:\windows\system32\drivers\elbycdio.sys
    [Scan path] c:\windows\system32\drivers\elbydelay.sys
    [Scan path] c:\windows\system32\drivers\elbyvcd.sys
    [Scan path] c:\windows\system32\drivers\fdc.sys
    [Scan path] c:\windows\system32\drivers\flpydisk.sys
    [Scan path] c:\windows\system32\drivers\fltmgr.sys
    [Scan path] c:\windows\system32\drivers\ftdisk.sys
    [Scan path] c:\windows\system32\drivers\fxusbase.sys
    [Scan path] c:\windows\system32\drivers\gameenum.sys
    [Scan path] c:\windows\system32\drivers\hidusb.sys
    [Scan path] c:\windows\system32\drivers\hpzid412.sys
    [Scan path] c:\windows\system32\drivers\hpzipr12.sys
    [Scan path] c:\windows\system32\drivers\hpzius12.sys
    [Scan path] c:\windows\system32\drivers\http.sys
    [Scan path] c:\windows\system32\drivers\i8042prt.sys
    [Scan path] c:\windows\system32\drivers\imapi.sys
    [Scan path] c:\windows\system32\drivers\ip6fw.sys
    [Scan path] c:\windows\system32\drivers\ipfltdrv.sys
    [Scan path] c:\windows\system32\drivers\ipinip.sys
    [Scan path] c:\windows\system32\drivers\ipnat.sys
    [Scan path] c:\windows\system32\drivers\ipsec.sys
    [Scan path] c:\windows\system32\drivers\irenum.sys
    [Scan path] c:\windows\system32\drivers\isapnp.sys
    [Scan path] c:\windows\system32\drivers\kbdclass.sys
    [Scan path] c:\windows\system32\drivers\kmixer.sys
    [Scan path] c:\windows\system32\drivers\mouclass.sys
    [Scan path] c:\windows\system32\drivers\mouhid.sys
    [Scan path] c:\windows\system32\drivers\mrxdav.sys
    [Scan path] c:\windows\system32\drivers\mrxsmb.sys
    [Scan path] c:\windows\system32\drivers\msgpc.sys
    [Scan path] c:\windows\system32\drivers\mskssrv.sys
    [Scan path] c:\windows\system32\drivers\mspclock.sys
    [Scan path] c:\windows\system32\drivers\mspqm.sys
    [Scan path] c:\windows\system32\drivers\mssmbios.sys
    [Scan path] c:\windows\system32\drivers\mstee.sys
    [Scan path] c:\windows\system32\drivers
    abtsfec.sys
    [Scan path] c:\windows\system32\drivers
    disip.sys
    [Scan path] c:\windows\system32\drivers
    distapi.sys
    [Scan path] c:\windows\system32\drivers
    disuio.sys
    [Scan path] c:\windows\system32\drivers
    diswan.sys
    [Scan path] c:\windows\system32\drivers
    etbios.sys
    [Scan path] c:\windows\system32\drivers
    etbt.sys
    [Scan path] c:\windows\system32\drivers
    ic1394.sys
    [Scan path] c:\windows\system32\drivers
    mnt.sys
    [Scan path] c:\windows\system32\drivers
    v4_mini.sys
    [Scan path] c:\windows\system32\drivers
    v_agp.sys
    [Scan path] c:\windows\system32\drivers
    vapu.sys
    [Scan path] c:\windows\system32\drivers
    vax.sys
    [Scan path] c:\windows\system32\drivers
    wlnkflt.sys
    [Scan path] c:\windows\system32\drivers
    wlnkfwd.sys
    [Scan path] c:\windows\system32\drivers
    wlnkipx.sys
    [Scan path] c:\windows\system32\drivers
    wlnknb.sys
    [Scan path] c:\windows\system32\drivers
    wlnkspx.sys
    [Scan path] c:\windows\system32\drivers\ohci1394.sys
    [Scan path] c:\windows\system32\drivers\parport.sys
    [Scan path] c:\windows\system32\drivers\pci.sys
    [Scan path] c:\windows\system32\drivers\pciide.sys
    [Scan path] c:\windows\system32\drivers\pfc.sys
    [Scan path] c:\windows\system32\drivers\processr.sys
    [Scan path] c:\windows\system32\drivers\psched.sys
    [Scan path] c:\windows\system32\drivers\ptilink.sys
    [Scan path] c:\windows\system32\drivers\ptserlp.sys
    [Scan path] c:\windows\system32\drivers\rasacd.sys
    [Scan path] c:\windows\system32\drivers\rasl2tp.sys
    [Scan path] c:\windows\system32\drivers\raspppoe.sys
    [Scan path] c:\windows\system32\drivers\raspptp.sys
    [Scan path] c:\windows\system32\drivers\raspti.sys
    [Scan path] c:\windows\system32\drivers\rdbss.sys
    [Scan path] c:\windows\system32\drivers\rdpcdd.sys
    [Scan path] c:\windows\system32\drivers\redbook.sys
    [Scan path] c:\windows\system32\drivers\rootmdm.sys
    [Scan path] c:\windows\system32\drivers\rtl8139.sys
    [Scan path] c:\windows\system32\drivers\scsiport.sys
    [Scan path] c:\windows\system32\drivers\secdrv.sys
    [Scan path] c:\windows\system32\drivers\serenum.sys
    [Scan path] c:\windows\system32\drivers\serial.sys
    [Scan path] c:\windows\system32\drivers\serscan.sys
    [Scan path] c:\windows\system32\drivers\slip.sys
    [Scan path] c:\windows\system32\drivers\splitter.sys
    [Scan path] c:\windows\system32\drivers\sqcaptur.sys
    [Scan path] c:\windows\system32\drivers\sr.sys
    [Scan path] c:\windows\system32\drivers\srv.sys
    [Scan path] c:\windows\system32\drivers\streamip.sys
    [Scan path] c:\windows\system32\drivers\swenum.sys
    [Scan path] c:\windows\system32\drivers\swmidi.sys
    [Scan path] c:\windows\system32\drivers\sysaudio.sys
    [Scan path] c:\windows\system32\drivers\tcpip.sys
    [Scan path] c:\windows\system32\drivers\tcpip6.sys
    [Scan path] c:\windows\system32\drivers\termdd.sys
    [Scan path] c:\windows\system32\drivers\tunmp.sys
    [Scan path] c:\windows\system32\drivers\update.sys
    [Scan path] c:\windows\system32\drivers\usbccgp.sys
    [Scan path] c:\windows\system32\drivers\usbhub.sys
    [Scan path] c:\windows\system32\drivers\usbohci.sys
    [Scan path] c:\windows\system32\drivers\usbprint.sys
    [Scan path] c:\windows\system32\drivers\usbscan.sys
    [Scan path] c:\windows\system32\drivers\usbser.sys
    [Scan path] c:\windows\system32\drivers\usbstor.sys
    [Scan path] c:\windows\system32\drivers\vclone.sys
    [Scan path] c:\windows\system32\drivers\vga.sys
    [Scan path] c:\windows\system32\drivers\vmodem.sys
    [Scan path] c:\windows\system32\drivers\vpctcom.sys
    [Scan path] c:\windows\system32\drivers\vvoice.sys
    [Scan path] c:\windows\system32\drivers\wanarp.sys
    [Scan path] c:\windows\system32\drivers\wceusbsh.sys
    [Scan path] c:\windows\system32\drivers\wdmaud.sys
    [Scan path] c:\windows\system32\drivers\ws2ifsl.sys
    [Scan path] c:\windows\system32\drivers\wstcodec.sys
    [Scan path] c:\windows\system32\drivers\wudfpf.sys
    [Scan path] c:\windows\system32\drivers\wudfrd.sys
    [Scan path] c:\windows\system32\dskquoui.dll
    [Scan path] c:\windows\system32\dsquery.dll
    [Scan path] c:\windows\system32\dssec.dll
    [Scan path] c:\windows\system32\dsuiext.dll
    [Scan path] c:\windows\system32\extmgr.dll
    [Scan path] c:\windows\system32\fontext.dll
    [Scan path] c:\windows\system32\fxsmon.dll
    [Scan path] c:\windows\system32\gdi32.dll
    [Scan path] c:\windows\system32\hpzipm12.exe
    [Scan path] c:\windows\system32\hpzlnt04.dll
    [Scan path] c:\windows\system32\hticons.dll
    [Scan path] c:\windows\system32\icmui.dll
    [Scan path] c:\windows\system32\ie4uinit.exe
    [Scan path] c:\windows\system32\iedkcs32.dll
    [Scan path] c:\windows\system32\ieframe.dll
    [Scan path] c:\windows\system32\ieudinit.exe
    [Scan path] c:\windows\system32\imagehlp.dll
    [Scan path] c:\windows\system32\imapi.exe
    [Scan path] c:\windows\system32\inetcomm.dll
    [Scan path] c:\windows\system32\itss.dll
    [Scan path] c:\windows\system32\kerberos.dll
    [Scan path] c:\windows\system32\kernel32.dll
    [Scan path] c:\windows\system32\localspl.dll
    [Scan path] c:\windows\system32\locator.exe
    [Scan path] c:\windows\system32\logonui.exe
    [Scan path] c:\windows\system32\lsass.exe
    [Scan path] c:\windows\system32\lz32.dll
    [Scan path] c:\windows\system32\mmcshext.dll
    [Scan path] c:\windows\system32\mmsys.cpl
    [Scan path] c:\windows\system32\mnmsrvc.exe
    [Scan path] c:\windows\system32\mscoree.dll
    [Scan path] c:\windows\system32\mscories.dll
    [Scan path] c:\windows\system32\msdtc.exe
    [Scan path] c:\windows\system32\mshtml.dll
    [Scan path] c:\windows\system32\msieftp.dll
    [Scan path] c:\windows\system32\msiexec.exe
    [Scan path] c:\windows\system32\mstask.dll
    [Scan path] c:\windows\system32\msv1_0.dll
    [Scan path] c:\windows\system32\msvidctl.dll
    [Scan path] c:\windows\system32\mswsock.dll
    [Scan path] c:\windows\system32\mydocs.dll
    [Scan path] c:\windows\system32
    erocheck.exe
    [Scan path] c:\windows\system32
    etdde.exe
    [Scan path] c:\windows\system32
    etplwiz.dll
    [Scan path] c:\windows\system32
    etshell.dll
    [Scan path] c:\windows\system32
    tlanui2.dll
    [Scan path] c:\windows\system32
    tsd.exe
    [Scan path] c:\windows\system32
    tshrui.dll
    [Scan path] c:\windows\system32
    vatray.exe
    [Scan path] c:\windows\system32
    vcpl.dll
    [Scan path] c:\windows\system32
    vmctray.dll
    [Scan path] c:\windows\system32
    vshell.dll
    [Scan path] c:\windows\system32
    vsvc32.exe
    [Scan path] c:\windows\system32
    wiz.exe
    [Scan path] c:\windows\system32\occache.dll
    [Scan path] c:\windows\system32\ole32.dll
    [Scan path] c:\windows\system32\oleaut32.dll
    [Scan path] c:\windows\system32\olecli32.dll
    [Scan path] c:\windows\system32\olecnv32.dll
    [Scan path] c:\windows\system32\olesvr32.dll
    [Scan path] c:\windows\system32\olethk32.dll
    [Scan path] c:\windows\system32\pctspk.exe
    [Scan path] c:\windows\system32\photowiz.dll
    [Scan path] c:\windows\system32\pjlmon.dll
    [Scan path] c:\windows\system32\printui.dll
    [Scan path] c:\windows\system32\regsvr32.exe
    [Scan path] c:\windows\system32\remotepg.dll
    [Scan path] c:\windows\system32\rpcrt4.dll
    [Scan path] c:\windows\system32\rpcss.dll
    [Scan path] c:\windows\system32\rshx32.dll
    [Scan path] c:\windows\system32\rsvp.exe
    [Scan path] c:\windows\system32\rsvpsp.dll
    [Scan path] c:\windows\system32\rundll32.exe
    [Scan path] c:\windows\system32\scardsvr.exe
    [Scan path] c:\windows\system32\scecli.dll
    [Scan path] c:\windows\system32\schannel.dll
    [Scan path] c:\windows\system32\sclgntfy.dll
    [Scan path] c:\windows\system32\sendmail.dll
    [Scan path] c:\windows\system32\services.exe
    [Scan path] c:\windows\system32\sessmgr.exe
    [Scan path] c:\windows\system32\setup\fxsocm.dll
    [Scan path] c:\windows\system32\shdocvw.dll
    [Scan path] c:\windows\system32\shell32.dll
    [Scan path] c:\windows\system32\shimgvw.dll
    [Scan path] c:\windows\system32\shmedia.dll
    [Scan path] c:\windows\system32\shmgrate.exe
    [Scan path] c:\windows\system32\shscrap.dll
    [Scan path] c:\windows\system32\slayerxp.dll
    [Scan path] c:\windows\system32\smlogsvc.exe
    [Scan path] c:\windows\system32\smss.exe
    [Scan path] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
    [Scan path] c:\windows\system32\spoolsv.exe
    [Scan path] c:\windows\system32\ss3dfo.scr
    [Scan path] c:\windows\system32\stobject.dll
    [Scan path] c:\windows\system32\svchost.exe
    [Scan path] c:\windows\system32\syncui.dll
    [Scan path] c:\windows\system32\tcpmon.dll
    [Scan path] c:\windows\system32\themeui.dll
    [Scan path] c:\windows\system32\twext.dll
    [Scan path] c:\windows\system32\ups.exe
    [Scan path] c:\windows\system32\url.dll
    [Scan path] c:\windows\system32\urlmon.dll
    [Scan path] c:\windows\system32\usbmon.dll
    [Scan path] c:\windows\system32\user32.dll
    [Scan path] c:\windows\system32\userinit.exe
    [Scan path] c:\windows\system32\version.dll
    [Scan path] c:\windows\system32\voxport.dll
    [Scan path] c:\windows\system32\vssvc.exe
    [Scan path] c:\windows\system32\wbem\wmiapsrv.exe
    [Scan path] c:\windows\system32\wdigest.dll
    [Scan path] c:\windows\system32\webcheck.dll
    [Scan path] c:\windows\system32\wgalogon.dll
    [Scan path] c:\windows\system32\wiascr.dll
    [Scan path] c:\windows\system32\wiashext.dll
    [Scan path] c:\windows\system32\wininet.dll
    [Scan path] c:\windows\system32\winlogon.exe
    [Scan path] c:\windows\system32\wldap32.dll
    [Scan path] c:\windows\system32\wlnotify.dll
    [Scan path] c:\windows\system32\wmpshell.dll
    [Scan path] c:\windows\system32\wpdshext.dll
    [Scan path] c:\windows\system32\wpdshserviceobj.dll
    [Scan path] c:\windows\system32\wshext.dll
    [Scan path] c:\windows\system32\wuaucpl.cpl
    [Scan path] c:\windows\system32\zipfldr.dll
    —————————————————————————–
    Scan statistics
    —————————————————————————–
    Objects scanned: 352
    Infected objects found: 0
    Objects with modifications found: 0
    Suspicious objects found: 0
    Adware programs found: 0
    Dialer programs found: 0
    Joke programs found: 0
    Riskware programs found: 0
    Hacktool programs found: 0
    Objects cured: 0
    Objects deleted: 0
    Objects renamed: 0
    Objects moved: 0
    Objects ignored: 0
    Scan speed: 3353 Kb/s
    Scan time: 00:00:34
    —————————————————————————–

    [Scan path] D:\
    [Scan path] C:\
    C:\hiberfil.sys - read error
    C:\WINDOWS\system32\config\system.LOG - read error
    C:\WINDOWS\system32\config\software.LOG - read error
    C:\WINDOWS\system32\config\default.LOG - read error
    C:\WINDOWS\system32\config\SAM.LOG - read error
    C:\WINDOWS\system32\config\SECURITY.LOG - read error
    C:\WINDOWS\system32\config\DEFAULT - read error
    C:\WINDOWS\system32\config\SECURITY - read error
    C:\WINDOWS\system32\config\SOFTWARE - read error
    C:\WINDOWS\system32\config\SYSTEM - read error
    C:\WINDOWS\system32\config\SAM - read error
    C:\WINDOWS\SoftwareDistribution\EventCache\{9185C~1.BIN - read error
    C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
    C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLASS.DAT - read error
    C:\Documents and Settings\LocalService\NTUSER~1.LOG - read error
    C:\Documents and Settings\LocalService\NTUSER.DAT - read error
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\USRCLASS.DAT - read error
    C:\Documents and Settings\Owner
    tuser.dat - read error
    C:\Documents and Settings\Owner\NTUSER~1.LOG - read error
    C:\Documents and Settings\Owner\Local Settings\Temp\GOOGLE~1.PAC - read error
    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\USRCLASS.DAT - read error
    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{0DB00~1 - read error
    C:\Program Files\Harm\Serial for CloneCD_bestanden\ysb_prompt.Vhtm infected with Trojan.Isbar.83 - deleted

    —————————————————————————–
    Scan statistics
    —————————————————————————–
    Objects scanned: 149572
    Infected objects found: 1
    Objects with modifications found: 0
    Suspicious objects found: 0
    Adware programs found: 0
    Dialer programs found: 0
    Joke programs found: 0
    Riskware programs found: 0
    Hacktool programs found: 0
    Objects cured: 0
    Objects deleted: 1
    Objects renamed: 0
    Objects moved: 0
    Objects ignored: 0
    Scan speed: 649 Kb/s
    Scan time: 01:14:02
    —————————————————————————–

    =============================================================================
    Total session statistics
    =============================================================================
    Objects scanned: 149924
    Infected objects found: 1
    Objects with modifications found: 0
    Suspicious objects found: 0
    Adware programs found: 0
    Dialer programs found: 0
    Joke programs found: 0
    Riskware programs found: 0
    Hacktool programs found: 0
    Objects cured: 0
    Objects deleted: 1
    Objects renamed: 0
    Objects moved: 0
    Objects ignored: 0
    Scan speed: 669 Kb/s
    Scan time: 01:14:36
    =============================================================================







































  • beetje poetsen nog.

    Download [b:576070a191]ATF cleaner[/b:576070a191] (by Atribune)

    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:576070a191]Select All[/b:576070a191].
    Klik op de knop [b:576070a191]Empty Selected[/b:576070a191].

    Gebruik je ook Firefox als browser:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:576070a191]Select All[/b:576070a191].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit verwijdert het vinkje bij "Firefox saved passwords";)
    Klik op de knop [b:576070a191]Empty Selected[/b:576070a191].

    Gebruik je ook Opera als browser:
    Klik op tabblad "Opera", plaats een vinkje bij [b:576070a191]Select All[/b:576070a191].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:576070a191]Empty Selected[/b:576070a191].
    Ga naar het tabblad "Main" en klik op de knop [b:576070a191]Exit[/b:576070a191] om het programma af te sluiten

    Hoe is het met de traagheid.
    J
  • Hallo J,

    Alles gedaan wat je voorgesteld hebt en de traagheid is iets beter geworden maar ik heb de indruk dat er in de achtergrond veel gebeurt wat het systeem er niet sneller op maakt. Ik heb het systeem 2 keer gedefragmenteerd en dat ziet er nu beter uit. (meer aaneengesloten bestanden)
    Wat mij opvalt is dat wanneer je een programma wilt openen dat dit lang duurt. Wanneer ik vanuit "Start" een toepassing wil starten duurt het ongeveer 20 -30 seconden voordat de toepassing eindelijk ge-opend is.
    Ook heb ik voor de meiden een account met beperkte mogelijkheden aangemaakt zodat ze niet meer allerlei zooi kunnen installeren. Misschien moet ik het opstartmenu met programma's die in de achtergrond actief zijn eens grondig aanpassen (ik weet niet hoe maar daar zal ik via een ander forum wel achter komen hoop ik) Misschien heb jij nog wat tips?
    Wat ik nu wel weet is dat er geen rotzooi meer op de pc zit en het CPU-gebruik in rust is 0 tot 2%.

    In ieder geval hartelijk dank voor alles.

    met vriendelijke groet,

    Harm.
  • Nou Harm, de cpu is iig weer goed.
    Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt

    Hier nog wat tips. tips

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.