Vraag & Antwoord

Beveiliging & privacy

Verwijderen van een aantal hardnekkige *.exe programma's

Anoniem
None
18 antwoorden
 • Hallo,

  Ik heb een aantal *.exe programma's op mijn computer staan, die ik op tot nu toe niet op een normale manier heb kunnen verwijderen. Deze programma's, behalve CTFMON.EXE als systeem/Windows-programma, heb ik van de computer verwijderd en zij blijven als opstartprogramma
  elke keer weer terugkomen.

  Het gaat om de volgende bestanden:

  - HKLM\..\Run: [HI-SPEED USB DEVICE Coinstaller] PL15Co2K.exe
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
  O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
  O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [Arovax Shield] C:\Program Files\Arovax Shield\ArovaxShield.exe -tray

  Verder heb ik volgens AVG-AntiSpyware last van het volgende spyware: Adware.Screensavers

  Voor de rest is mijn computer volgens mij hartstikke schoon van virussen, spyware en andere troep. Wie zou mij willen helpen bij dit probleem.

  Bijgaand Hijackthis log:
  Logfile of HijackThis v1.99.1
  Scan saved at 1:49:32, on 26-5-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16441)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  C:\Program Files\Comodo\Firewall\cmdagent.exe
  C:\Program Files\Eset\nod32krn.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\Program Files\Prevx1\PXAgent.exe
  C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Program Files\Eset\nod32kui.exe
  C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\SiteAdvisor\6066\SAService.exe
  C:\WINDOWS\system32\SearchIndexer.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Beveiliging\Diverse beveiligingen\HijackThis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
  R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.12move.nl:8080
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - Default URLSearchHook is missing
  F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
  O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
  O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\BEVEIL~1\ANTISP~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O2 - BHO: (no name) - {7C0D0F1A-AA1F-4F43-94EC-3F88651C8C7F}} - (no file)
  O2 - BHO: (no name) - {7C0D0F1A-AA1F-4F43-94EC-3F88651C8C7F} - (no file)
  O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
  O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
  O4 - HKLM\..\Run: [HI-SPEED USB DEVICE Coinstaller] PL15Co2K.exe
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
  O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
  O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [Arovax Shield] C:\Program Files\Arovax Shield\ArovaxShield.exe -tray
  O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
  O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
  O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O11 - Options group: [INTERNATIONAL] International*
  O14 - IERESET.INF: START_PAGE_URL=http://www.12move.nl
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
  O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162239558168
  O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
  O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
  O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
  O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
  O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
 • Hi

  Probeer eerst eens het gratis zeer behulpzame progje "Unlocker" te installeren.

  Unlocker:
  http://www.computertotaal.nl/web/show/id=815087/contentid=66600

  Ik laat het zelfs mee opstarten.
  Zodra je een programma verwijdert die meldt programma kan niet… komt het te hulp en zal de lopende progs uitschakelen.

  Kijk ook eens of ze ergens geactiveerd staan bij Services.

  Start>uitvoeren>services.msc klik daar rechts op het eventuele programma.
  >eigenschappen>en plaats uitgeschakeld
  Probeer daarna te verwijderen.

  Laat eens het gratis prog A-squared en/of Spybot draaien en verwijder desnoods in Safe Mode (opstarten F8 )

  [b:e253966f99][/b:e253966f99]
 • Van alles geprobeerd, onder Services zijn ze niet geactiveerd. Deze programma's waren al verwijderd, dus Unlocker functioneert op deze manier ook niet (wel geinstalleerd).

  Het probleem is dat de opstartsoftware ontbreekt volgens CCleaner. Als beveiliging en onderhoud van mijn computer (Windows XP Pro SP2) heb ik op dit moment de volgende progs: Ad-Aware SE, a-squared Security Center, ATF-Cleaner, Autoruns, AVG ARK, AVG ASW, CCleaner, COMODO Firewall Pro, Dr.Web-cureit, EasyCleaner, HijackThis, Hitman Pro (CWShredder, ewido_micro, Spybot S&D, Spyware Blaster), NOD32, Prevx1, Registry Mechanic, Windows Defender en WinPatrol.

  Ook in de veilige modus zijn ze met geen mogelijkheid te verwijderen (voor even wel, maar daarna zijn ze weer terug). Via Regedit de boel handmatig geprobeerd te verwijderen, maar helaas pindakaas. Wat blijft daar in het register trouwens een troep achter, ondanks de register cleaners.

  Heb je nog andere opties voor dit probleem?
 • zoeken met google: remove on reboot
 • Nog steeds geen resultaat. Voor alle duidelijkheid: deze programma's zijn van mijn computer verwijderd en staan er ook niet meer op, alleen zij blijven als auto startup program terugkomen.

  Een klein gedeelte uit een HJT-log:

  [b:0047e67cc8]Autorun entries from Registry:[/b:0047e67cc8]

  [b:0047e67cc8]HKLM\Software\Microsoft\Windows\CurrentVersion\Run[/b:0047e67cc8]

  WinPatrol = C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
  Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  nod32kui = "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
  NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
 • Hi

  Wat een reeks beveiligingsprogrammas dat je daar hebt.
  Zo veel.
  Het ziet ernaar uit dat je volgens mij toch beter een herinstallatie doet.
  Of misschien eerst een system restore.

  [quote:80b74c0f70]
  Wat blijft daar in het register trouwens een troep achter, ondanks de register cleaners. [/quote:80b74c0f70]

  Na vele progjes te hebben getest lijkt mij "Regseeker" (reeds geruime tijd)
  Heel betrouwnaar zonder ooit maar één fout te hebben geregistreerd.

  http://www.hoverdesk.net/freeware.htm

  ————————————————————————-
 • Doggy,


  Schakel eerst Ad-Watch uit, anders worden alle register veranderingen weer terug gedraaid.

  Start Hijackthis op en kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:69868285d3]
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R3 - Default URLSearchHook is missing
  O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
  O2 - BHO: (no name) - {7C0D0F1A-AA1F-4F43-94EC-3F88651C8C7F}} - (no file)
  O2 - BHO: (no name) - {7C0D0F1A-AA1F-4F43-94EC-3F88651C8C7F} - (no file)
  [/b:69868285d3]
  Sluit alle vensters behalve Hijackthis
  Klik op 'Fix checked' om de items te verwijderen.

  start opnieuw op en plaats een nieuw HJT logje aub.
 • Hallo Juisterr,

  Ik heb jouw advies uitgevoerd, hieronder nieuw geplaatst een HJT-log.

  Vraag: herstelt Ad-Watch inderdaad alle registerwijzigingen of slechts een aantal. Mijn computer wordt nl. na 1 keer schoonmaken van het register door 3 of 4 verschillende programma's een stukken sneller zonder problemen (behalve dan die zogenaamde opstartprogramma's).

  HJT-log:

  Logfile of HijackThis v1.99.1
  Scan saved at 20:53:17, on 28-5-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16441)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  C:\Program Files\Comodo\Firewall\cmdagent.exe
  C:\Program Files\Eset\nod32krn.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\Program Files\Prevx1\PXAgent.exe
  C:\Program Files\SiteAdvisor\6066\SAService.exe
  C:\WINDOWS\system32\SearchIndexer.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Program Files\Eset\nod32kui.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Beveiliging\Diverse beveiligingen\HijackThis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
  R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.12move.nl:8080
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
  O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\BEVEIL~1\ANTISP~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
  O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O11 - Options group: [INTERNATIONAL] International*
  O14 - IERESET.INF: START_PAGE_URL=http://www.12move.nl
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
  O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162239558168
  O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
  O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
  O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
  O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
  O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

  Antigua bedankt voor jouw advies, maar jouw advies lijkt mij (voorlopig niet) voldoende, eerder een laatste redmiddel. In ieder geval bedankt.
 • Hallo Juisterr,

  Ik heb jouw advies uitgevoerd, hieronder nieuw geplaatst een HJT-log.
 • [quote:e279fbac11="Doggy94"]Hallo Juisterr,

  Ik heb jouw advies uitgevoerd, hieronder nieuw geplaatst een HJT-log (tussentijds verwijderd, zie volgende regel).
 • Start Hijackthis op en kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:b5c246b2dc]
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  [/b:b5c246b2dc]
  Klik op 'Fix checked' om de items te verwijderen.


  1. Download ATF cleaner (gemaakt door Atribune)
  Dubbelklik op ATF cleaner om het programma te starten.
  Op het tabblad "Main", plaats je een vinkje bij [b:b5c246b2dc]Select All[/b:b5c246b2dc].
  Klik op de knop [b:b5c246b2dc]Empty Selected[/b:b5c246b2dc].

  Het volgende doen als je ook FireFox als browser hebt:
  Klik op tabblad "Firefox", plaats een vinkje bij [b:b5c246b2dc]Select All[/b:b5c246b2dc].
  Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
  (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
  Klik op de knop [b:b5c246b2dc]Empty Selected[/b:b5c246b2dc].

  Het volgende doen als je ook Opera als browser hebt:
  Klik op tabblad "Opera", plaats een vinkje bij [b:b5c246b2dc]Select All[/b:b5c246b2dc].
  Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
  Klik op de knop [b:b5c246b2dc]Empty Selected[/b:b5c246b2dc].
  Ga naar het tabblad "Main" en klik op de knop [b:b5c246b2dc]Exit[/b:b5c246b2dc] om het programma af te sluiten.

  2. Download [b:b5c246b2dc]Dr.Web CureIt[/b:b5c246b2dc] naar je bureaublad:
  ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  3. Start de computer in veilige modus.

  4. Dubbelklik [b:b5c246b2dc]drweb-cureit.exe[/b:b5c246b2dc] en sta het toe om de express scan te starten.
  Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
  Eenmaal de korte scan is beeïndigd, Klik [b:b5c246b2dc]Options[/b:b5c246b2dc] > Change Settings
  Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
  Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
  Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
  Klik daarna de [b:b5c246b2dc]groene pijl[/b:b5c246b2dc] rechts om de scan te starten.
  Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
  Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:b5c246b2dc]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:b5c246b2dc]
  Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:b5c246b2dc]Move incurable[/b:b5c246b2dc] zoals je zal zien in volgende afbeelding:
  [img:b5c246b2dc]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:b5c246b2dc]
  Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
  Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:b5c246b2dc]file[/b:b5c246b2dc] en kies [b:b5c246b2dc]save report list[/b:b5c246b2dc]. Bewaar de log op je bureaublad.
  Sluit daarna Dr.Web Cureit.

  5. [b:b5c246b2dc]Herstart[/b:b5c246b2dc] je computer in normale modus!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
  Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post tesamen met een logje van Hijackthis
 • Alles uitgevoerd, zoals gevraagd. Dr.Web CureIt heeft niks kunnen vinden, ik kon dus geen log kopieren.

  Bijgevoegd: HJT-log en het resultaat van een AVG-ASW scan

  Logfile of HijackThis v1.99.1
  Scan saved at 21:28:00, on 29-5-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16441)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  C:\Program Files\Comodo\Firewall\cmdagent.exe
  C:\Program Files\Eset\nod32krn.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\Program Files\Prevx1\PXAgent.exe
  C:\Program Files\SiteAdvisor\6066\SAService.exe
  C:\WINDOWS\system32\SearchIndexer.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Program Files\Eset\nod32kui.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
  C:\Program Files\Windows Live Mail desktop\wlmail.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
  C:\Program Files\Beveiliging\Diverse beveiligingen\HijackThis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
  R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.12move.nl:8080
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
  O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\BEVEIL~1\ANTISP~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
  O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O11 - Options group: [INTERNATIONAL] International*
  O14 - IERESET.INF: START_PAGE_URL=http://www.12move.nl
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
  O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162239558168
  O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
  O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
  O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
  O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
  O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

  AVG-ASW:

  Origin:

  HKLM\SYSTEM\ControlSet003\Control\Video\{0A4C146C-EC17-42F2-85A7-23C2E8EA6BA6}\0000\\_nhl2005.exeD3DOGL_67207556

  Infected with:

  Adware.Screensavers
 • je logje ziet er schoon uit, nog problemen?
 • [quote:863be1e8ba="juisterr"]je logje ziet er schoon uit, nog problemen?[/quote:863be1e8ba]

  Alleen AVG-ASW vindt nog de volgende infectie: Adware.Screensavers

  Deze staat in:

  HKLM\SYSTEM\ControlSet003\Control\Video\{0A4C146C-EC17-42F2-85A7-23C2E8EA6BA6}\0000\\_nhl2005.exe:D3DOGL_67207556

  Delete, Delete on reboot en in Quarantine zetten lukt allemaal, maar na een herstart is die weer terug.

  Voor de zekerheid een nieuwe HJT-log:
  Logfile of HijackThis v1.99.1
  Scan saved at 16:54:04, on 30-5-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16441)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  C:\Program Files\Comodo\Firewall\cmdagent.exe
  C:\Program Files\Eset\nod32krn.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\Program Files\Prevx1\PXAgent.exe
  C:\Program Files\SiteAdvisor\6066\SAService.exe
  C:\WINDOWS\system32\SearchIndexer.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Program Files\Eset\nod32kui.exe
  C:\Program Files\Windows Live Mail desktop\wlmail.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
  C:\Program Files\Beveiliging\Diverse beveiligingen\HijackThis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
  R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.12move.nl:8080
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
  O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\BEVEIL~1\ANTISP~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
  O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O11 - Options group: [INTERNATIONAL] International*
  O14 - IERESET.INF: START_PAGE_URL=http://www.12move.nl
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
  O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162239558168
  O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
  O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
  O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
  O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
  O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
 • http://www.eldevice.net/upload/RPT_0001.HTM


  komt hier vandaan.


  Download [b:c82db3e58a]Combofix[/b:c82db3e58a] naar je Bureaublad.
  Dubbelklik [b:c82db3e58a]Combofix.exe[/b:c82db3e58a]
  Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
  Tijdens het runnen van de fix, [b:c82db3e58a]NIET[/b:c82db3e58a] in het venster klikken, want dit zal je pc doen vasthangen.

  Wanneer de fix voltooid is en na herstart, zal de log [b:c82db3e58a]combofix.txt[/b:c82db3e58a] openen.
  Plaats dit log in je volgende post samen met een nieuw HijackThis log.

  NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
 • "Mark" - 2007-05-30 22:53:14 Service Pack 2
  ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Mark\Bureaublad\Beveiliging Onderhoud\"


  ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-30 ))))))))))))))))))))))))))))))))))


  2007-05-30 22:42 <DIR> dr-h—– C:\Documents and Settings\Mark\Onlangs geopend
  2007-05-30 22:42 <DIR> dr-h—– C:\DOCUME~1\Mark\Onlangs geopend
  2007-05-30 00:04 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
  2007-05-29 01:24 49,152 –a—— C:\WINDOWS\nircmd.exe
  2007-05-29 01:08 <DIR> d——– C:\SiteAdvisor
  2007-05-29 01:08 <DIR> d——– C:\McAfee
  2007-05-27 12:18 <DIR> d——– C:\Program Files\Remove on Reboot
  2007-05-26 21:57 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Arovax
  2007-05-25 08:26 <DIR> d——– C:\Program Files\ZSoft
  2007-05-23 14:27 <DIR> d——– C:\DOCUME~1\Mark\APPLIC~1\Comodo
  2007-05-23 14:27 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
  2007-05-23 14:19 <DIR> d——– C:\Program Files\Comodo
  2007-05-23 01:23 <DIR> d——– C:\DOCUME~1\Mark\APPLIC~1\GlarySoft
  2007-05-22 00:32 <DIR> d——– C:\DOCUME~1\Mark\APPLIC~1\Prevx
  2007-05-22 00:32 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
  2007-05-22 00:30 77,312 –a—— C:\WINDOWS\ua2.dll
  2007-05-20 17:06 93,792 –a—— C:\WINDOWS\system32\prfc0413.dat
  2007-05-20 17:06 497,420 –a—— C:\WINDOWS\system32\prfh0413.dat
  2007-05-19 22:19 <DIR> d——– C:\DOCUME~1\Mark\APPLIC~1\Regrun
  2007-05-19 21:58 29,612 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
  2007-05-19 21:58 <DIR> d——– C:\WINDOWS\system32\RVAXO
  2007-05-19 17:38 <DIR> d——– C:\DOCUME~1\Mark\APPLIC~1\Uniblue
  2007-05-18 21:08 <DIR> dr——- C:\DOCUME~1\LOCALS~1\Mijn documenten
  2007-05-17 09:53 <DIR> d——– C:\Program Files\a-squared Anti-Malware
  2007-05-17 09:05 <DIR> dr——- C:\DOCUME~1\LOCALS~1\Favorieten
  2007-05-16 21:16 <DIR> d——– C:\Documents and Settings\Mark\DoctorWeb
  2007-05-16 21:16 <DIR> d——– C:\DOCUME~1\Mark\DoctorWeb
  2007-05-11 14:34 <DIR> d——– C:\Program Files\Mgtweak
  2007-05-11 14:31 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\1Click DVD Copy Pro
  2007-05-11 14:30 87,608 –a—— C:\DOCUME~1\Mark\APPLIC~1\inst.exe
  2007-05-11 14:30 47,360 –a—— C:\WINDOWS\system32\drivers\pcouffin.sys
  2007-05-11 14:30 47,360 –a—— C:\DOCUME~1\Mark\APPLIC~1\pcouffin.sys
  2007-05-11 14:30 <DIR> d——– C:\Program Files\LG Software Innovations
  2007-05-11 14:30 <DIR> d——– C:\DOCUME~1\Mark\APPLIC~1\Vso
  2007-04-25 20:57 <DIR> d——– C:\Program Files\BinarySense
  2007-04-25 20:57 <DIR> d——– C:\DOCUME~1\Mark\APPLIC~1\BinarySense
  2007-04-24 00:58 <DIR> d——– C:\Program Files\BySoft FreeRAM
  2007-04-24 00:30 <DIR> d——– C:\Program Files\Realtek AC97
  2007-04-19 10:25 <DIR> d——– C:\DOCUME~1\Claudia\APPLIC~1\SiteAdvisor
  2007-04-17 11:09 <DIR> d——– C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
  2007-04-17 11:08 <DIR> d——– C:\Program Files\SiteAdvisor
  2007-04-17 11:08 <DIR> d——– C:\DOCUME~1\Mark\APPLIC~1\SiteAdvisor
  2007-04-17 11:08 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
  2007-04-17 00:09 3,968 –a—— C:\WINDOWS\system32\drivers\AvgArCln.sys
  2007-04-09 23:13 <DIR> d——– C:\DOCUME~1\Mark\APPLIC~1\DVD Flick
  2007-04-01 21:08 512,096 –a—— C:\WINDOWS\system32\drivers\amon.sys
  2007-04-01 21:08 298,104 –a—— C:\WINDOWS\system32\imon.dll
  2007-04-01 21:08 15,424 –a—— C:\WINDOWS\system32\drivers\nod32drv.sys
  2007-04-01 01:26 <DIR> dr-h—– C:\DOCUME~1\LOCALS~1\Onlangs geopend
  2007-04-01 00:06 <DIR> d——– C:\Program Files\Microsoft Bootvis
  2007-04-01 00:01 <DIR> d——– C:\Program Files\ClearType Tuner


  (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

  2007-05-30 17:13:28 ——– d—–w C:\Program Files\Hitman Pro
  2007-05-30 16:49:26 ——– d—–w C:\Program Files\SpywareBlaster
  2007-05-26 23:18:15 ——– d—–w C:\Program Files\QuickTime
  2007-05-26 19:23:33 ——– d—–w C:\Program Files\DAP
  2007-05-23 11:37:28 4,212 —h–w C:\WINDOWS\system32\zllictbl.dat
  2007-05-23 00:18:55 ——– d—–w C:\Program Files\Driver Magician
  2007-05-23 00:18:29 ——– d—–w C:\Program Files\Eraser
  2007-05-23 00:17:16 ——– d—–w C:\Program Files\WhatsRunning
  2007-05-22 00:07:34 ——– d–h–w C:\Program Files\InstallShield Installation Information
  2007-05-15 19:17:41 ——– d—–w C:\Program Files\Documents and Settings
  2007-05-11 11:41:34 ——– d—–w C:\Program Files\Rainlendar
  2007-05-08 21:23:25 ——– d—–w C:\Program Files\GrabIt
  2007-04-18 19:23:46 ——– d—–w C:\Program Files\LimeWire
  2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
  2007-04-10 17:42:57 ——– d—–w C:\Program Files\Ubisoft
  2007-04-10 17:41:38 ——– d—–w C:\DOCUME~1\Mark\APPLIC~1\Gearbox Software
  2007-04-09 23:37:57 ——– d—–w C:\DOCUME~1\Mark\APPLIC~1\AdobeUM
  2007-03-31 22:34:14 93,792 —-a-w C:\WINDOWS\system32\perfc013.dat
  2007-03-31 22:34:14 497,420 —-a-w C:\WINDOWS\system32\perfh013.dat
  2007-03-31 21:47:33 ——– d—–w C:\Program Files\Windows Installer Clean Up
  2007-03-31 21:46:53 ——– d—–w C:\Program Files\MSECACHE
  2007-03-31 21:40:17 ——– d—–w C:\DOCUME~1\Mark\APPLIC~1\Windows Desktop Search
  2007-03-31 21:39:02 ——– d—–w C:\Program Files\Windows Desktop Search
  2007-03-31 15:21:09 ——– d—–w C:\DOCUME~1\Mark\APPLIC~1\DVD Shrink 3.0
  2007-03-20 13:17:25 0 —-a-w C:\WINDOWS\system32\SBRC.dat
  2007-03-20 13:17:25 0 —-a-w C:\WINDOWS\system32\SBFC.dat
  2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
  2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
  2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
  2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
  2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys


  (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


  *Note* empty entries & legit default entries are not shown

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
  {089FD14D-132B-48FC-8861-0048AE113215}=C:\Program Files\SiteAdvisor\6066\SiteAdv.dll [2007-03-30 17:41]
  {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\BEVEIL~1\ANTISP~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
  {55EA1964-F5E4-4D6A-B9B2-125B37655FCB}=C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll [2006-01-10 12:09]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
  "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-05-14 06:25]
  "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 14:20]
  "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 18:29]
  "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 19:33]
  "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-05-25 20:24]

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
  "ClearRecentDocsOnExit"=1 (0x1)

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13]
  "{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39]


  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
  AutoRun\command- E:\autorun.exe

  *Newly Created Service* -PROCEXP90

  Contents of the 'Scheduled Tasks' folder
  2007-05-30 20:46:55 C:\WINDOWS\tasks\MP Scheduled Scan.job

  ********************************************************************

  catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-05-30 22:56:53
  Windows 5.1.2600 Service Pack 2 NTFS

  scanning hidden processes …

  scanning hidden autostart entries …

  scanning hidden files …

  scan completed successfully
  hidden files: 0


  ********************************************************************

  Completion time: 2007-05-30 22:57:45
  C:\ComboFix-quarantined-files.txt … 2007-05-30 22:57
  C:\ComboFix2.txt … 2007-05-29 01:24

  — E O F —


  Logfile of HijackThis v1.99.1
  Scan saved at 23:08:08, on 30-5-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16441)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  C:\Program Files\Comodo\Firewall\cmdagent.exe
  C:\Program Files\Eset\nod32krn.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\Program Files\Prevx1\PXAgent.exe
  C:\Program Files\SiteAdvisor\6066\SAService.exe
  C:\WINDOWS\system32\SearchIndexer.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Program Files\Eset\nod32kui.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
  C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
  C:\Program Files\Comodo\Firewall\CPF.exe
  C:\Program Files\Beveiliging\Diverse beveiligingen\HijackThis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
  R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.12move.nl:8080
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
  O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\BEVEIL~1\ANTISP~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
  O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
  O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
  O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O11 - Options group: [INTERNATIONAL] International*
  O14 - IERESET.INF: START_PAGE_URL=http://www.12move.nl
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
  O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162239558168
  O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
  O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
  O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
  O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
  O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
 • Ik zie toch geen directe bedreigingen dacht ik, hoe gaat het nu ?
 • [quote:36ef066c80="juisterr"]Ik zie toch geen directe bedreigingen dacht ik, hoe gaat het nu ?[/quote:36ef066c80]

  Geen problemen meer. Als ik het goed begrijp, is Adware.Screensavers geen directe bedreiging. Mijn hartelijke dank voor de gedane moeite.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.