Vraag & Antwoord

Beveiliging & privacy

smart antivirus 2009

Anoniem
KAPE
14 antwoorden
 • ik heb een virus of iets dergelijks te pakken. Mijn achtergrond is veranderd in iets anders er zijn programma's van smart antivirus op mijn computer gezet. ook kan ik mijn D schijf niet meer vinden mijn C schijf nog wel. Ook krijg ik allerlei pop ups van programma's die dan weer iets te melden hebben.
  De compute wil ook af en toe uit zichzelf van Programma wisselen zoals met alt+tab gebeurt. Ook verdwijnt de taakbalk afentoe alles komt wel weer terug zoals als het was. En er zijn ook dingen verdwenen in het menu start.

  dit is een hijackthis log file vlak nadat het gebeurt is::

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 15:39: VIRUS ALERT!, on 6-9-2008
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16705)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\SYSTEM32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
  D:\programma's\quicktime\qttask.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  D:\programma's\DAEMON Tools Lite\daemon.exe
  C:\Documents and Settings\jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
  C:\WINDOWS\eHome\ehRecvr.exe
  C:\WINDOWS\eHome\ehSched.exe
  C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\dllhost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\cmd.exe
  C:\DOCUME~1\jeroen\LOCALS~1\Temp\sfsrv.exe
  C:\Documents and Settings\jeroen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
  C:\Documents and Settings\jeroen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  C:\WINDOWS\explorer.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
  O3 - Toolbar: gksraemq - {7C74C1B1-81FB-4105-B304-80A12EC6E73D} - C:\WINDOWS\gksraemq.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
  O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
  O4 - HKLM\..\Run: [QuickTime Task] "D:\programma's\quicktime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
  O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\programma's\DAEMON Tools Lite\daemon.exe" -autorun
  O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
  O4 - HKCU\..\Run: [Smart Antivirus-2009.exe] C:\Program Files\Smart Antivirus 2009\Smart Antivirus-2009.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\games\poker\PartyPoker\RunApp.exe (file missing)
  O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\games\poker\PartyPoker\RunApp.exe (file missing)
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\CLEANU~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\CLEANU~1\SPYBOT~1\SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
  O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O21 - SSODL: dgksvbpn - {5A587AAB-5C6B-4225-A4A2-AA01ED3B0A4C} - C:\WINDOWS\dgksvbpn.dll
  O21 - SSODL: xrdwbfgn - {CF37DDAD-A925-4B43-91FF-2B3CC425AB8D} - C:\WINDOWS\xrdwbfgn.dll
  O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
  O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
  O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
  O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm


  End of file - 7817 bytes

  ik hoop dat iemad er iets mee kan ik ben zelf al een antivirus scan aan het uitvoeren met esest nod32 en zal daarna nog spybot S&D er op los laten.

  BVD.
 • Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

  [b:128c4fbc5b]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
  O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
  O3 - Toolbar: gksraemq - {7C74C1B1-81FB-4105-B304-80A12EC6E73D} - C:\WINDOWS\gksraemq.dll
  O4 - HKCU\..\Run: [Smart Antivirus-2009.exe] C:\Program Files\Smart Antivirus 2009\Smart Antivirus-2009.exe
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
  O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\games\poker\PartyPoker\RunApp.exe (file missing)
  O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\games\poker\PartyPoker\RunApp.exe (file missing)
  O21 - SSODL: dgksvbpn - {5A587AAB-5C6B-4225-A4A2-AA01ED3B0A4C} - C:\WINDOWS\dgksvbpn.dll
  O21 - SSODL: xrdwbfgn - {CF37DDAD-A925-4B43-91FF-2B3CC425AB8D} - C:\WINDOWS\xrdwbfgn.dll
  O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm[/b:128c4fbc5b]

  Klik op 'Fix checked' om de items te verwijderen.

  Verwijder volgende mappen wet Windows Verkenner :
  D:\games\poker\[b:128c4fbc5b]PartyPoker[/b:128c4fbc5b]
  C:\Program Files\[b:128c4fbc5b]Smart Antivirus 2009[/b:128c4fbc5b]

  Download MBAM (Malwarebytes' Anti-Malware).
  http://www.besttechie.net/tools/mbam-setup.exe

  Dubbelklik op mbam-setup.exe om het programma te installeren.

  Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
  Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
  Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
  Het scannen kan een tijdje duren, dus wees geduldig.
  Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
  Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
  De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

  Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
  Daarna zal het vragen om de computer opnieuw op te starten… dus sta toe dat MBAM de computer opnieuw opstart.

  Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.
 • heyy bedankt het ziet er nu alweer een stuk beter uit. ik denk dat het allemaal weg is maar dat laat ik aan jouw oordeel over :wink:

  ik had Malwarebytes' al gedraaid voordat ik jouw hijackthis instructies verder had uitgevoerd. ik weet niet of dat verschil uit maakt. nadien heb ik hem nog een keer gedraaid en toen kon hij niks meer vinden met de snelle scan.

  Malwarebytes' Anti-Malware 1.26
  Database versie: 1120
  Windows 5.1.2600 Service Pack 3

  7-9-2008 0:21:28
  mbam-log-2008-09-07 (00-21-28).txt

  Scan type: Volledige Scan (C:\|D:\|)
  Objecten gescand: 135809
  Verstreken tijd: 42 minute(s), 2 second(s)

  Geheugenprocessen geïnfecteerd: 1
  Geheugenmodulen geïnfecteerd: 4
  Registersleutels geïnfecteerd: 20
  Registerwaarden geïnfecteerd: 8
  Registerdata bestanden geïnfecteerd: 18
  Mappen geïnfecteerd: 5
  Bestanden geïnfecteerd: 29

  Geheugenprocessen geïnfecteerd:
  C:\Program Files\Smart Antivirus 2009\Smart Antivirus-2009.exe (Rogue.SmartAntivirus) -> Unloaded process successfully.

  Geheugenmodulen geïnfecteerd:
  C:\WINDOWS\system32\jkkKaxVl.dll (Trojan.Vundo.H) -> Delete on reboot.
  C:\WINDOWS\system32\nmbgbhtw.dll (Trojan.Vundo.H) -> Delete on reboot.
  C:\WINDOWS\system32\jkkIawxy.dll (Trojan.Vundo) -> Delete on reboot.
  C:\WINDOWS\system32\gsqvhy.dll (Trojan.Vundo) -> Delete on reboot.

  Registersleutels geïnfecteerd:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f7e9d97-bee7-4f55-811d-19f15f2120ad} (Trojan.Vundo.H) -> Delete on reboot.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkiawxy (Trojan.Vundo.H) -> Delete on reboot.
  HKEY_CLASSES_ROOT\CLSID\{4f7e9d97-bee7-4f55-811d-19f15f2120ad} (Trojan.Vundo.H) -> Delete on reboot.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b5d763f6-1cf5-4d6e-94df-e8a21aca7e07} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\CLSID\{b5d763f6-1cf5-4d6e-94df-e8a21aca7e07} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f9fbb89d-dd75-439e-a599-6db2835d76e6} (Trojan.Vundo.H) -> Delete on reboot.
  HKEY_CLASSES_ROOT\CLSID\{f9fbb89d-dd75-439e-a599-6db2835d76e6} (Trojan.Vundo.H) -> Delete on reboot.
  HKEY_CURRENT_USER\SOFTWARE\smart antivirus 2009 (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\TypeLib\{05c2bf55-1328-4955-a0ed-d852771d2df5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\Interface\{c8715196-f187-4313-8776-a7b33edf3367} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\Interface\{d321008f-1dd6-4b31-b718-b2cb6f56ad1d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\gksraemq.bvxd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

  Registerwaarden geïnfecteerd:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b806cdd2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4f7e9d97-bee7-4f55-811d-19f15f2120ad} (Trojan.Vundo) -> Delete on reboot.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga4958 (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc5475 (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smart antivirus-2009.exe (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\dgksvbpn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\xrdwbfgn (Trojan.FakeAlert) -> Quarantined and deleted successfully.

  Registerdata bestanden geïnfecteerd:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jkkkaxvl -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkkkaxvl -> Delete on reboot.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://smart-antivirus2009-buy.com/buy.php?aff=1005) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76396-OEM-0011903-00909) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (H:mm:ss) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

  Mappen geïnfecteerd:
  C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\Program Files\Smart Antivirus 2009 (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
  C:\Program Files\Smart Antivirus 2009\Infected (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
  C:\Program Files\Smart Antivirus 2009\Suspicious (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.

  Bestanden geïnfecteerd:
  C:\WINDOWS\system32\jkkIawxy.dll (Trojan.Vundo.H) -> Delete on reboot.
  C:\WINDOWS\system32\gsqvhy.dll (Trojan.Vundo.H) -> Delete on reboot.
  C:\WINDOWS\system32\jkkKaxVl.dll (Trojan.Vundo.H) -> Delete on reboot.
  C:\WINDOWS\system32\lVxaKkkj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\lVxaKkkj.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\nmbgbhtw.dll (Trojan.Vundo.H) -> Delete on reboot.
  C:\WINDOWS\system32\wthbgbmn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
  C:\Documents and Settings\jeroen\Local Settings\Temporary Internet Files\Content.IE5\AENUDJZW\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Documents and Settings\jeroen\Local Settings\Temporary Internet Files\Content.IE5\OF2TSMES\cntr[1].gif (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Documents and Settings\jeroen\Local Settings\Temporary Internet Files\Content.IE5\OF2TSMES\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Documents and Settings\jeroen\Local Settings\Temporary Internet Files\Content.IE5\ZW5EGKRH\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{20C9F06F-93D0-44EB-9DBD-5CDF7DB851E3}\RP707\A0152670.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{20C9F06F-93D0-44EB-9DBD-5CDF7DB851E3}\RP707\A0152671.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{20C9F06F-93D0-44EB-9DBD-5CDF7DB851E3}\RP707\A0152672.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{20C9F06F-93D0-44EB-9DBD-5CDF7DB851E3}\RP707\A0152673.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\pkryfyie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\Program Files\Smart Antivirus 2009\Smart Antivirus-2009.exe (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
  C:\Program Files\Smart Antivirus 2009\vscan.tsi (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
  C:\Program Files\Smart Antivirus 2009\zlib.dll (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
  C:\WINDOWS\vanwxemgfwn.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\WINDOWS\sxmaokgf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\Documents and Settings\jeroen\Bureaublad\Smart Antivirus-2009.lnk (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
  C:\Documents and Settings\jeroen\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Antivirus-2009.lnk (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
  C:\Documents and Settings\jeroen\Application Data\TmpRecentIcons\Smart Antivirus-2009.lnk (Rogue.Link) -> Quarantined and deleted successfully.
  C:\Documents and Settings\jeroen\Bureaublad\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
  Malwarebytes' Anti-Malware 1.26
  Database versie: 1120
  Windows 5.1.2600 Service Pack 3

  7-9-2008 0:48:31
  mbam-log-2008-09-07 (00-48-31).txt

  Scan type: Snelle Scan
  Objecten gescand: 50572
  Verstreken tijd: 3 minute(s), 44 second(s)

  Geheugenprocessen geïnfecteerd: 0
  Geheugenmodulen geïnfecteerd: 0
  Registersleutels geïnfecteerd: 0
  Registerwaarden geïnfecteerd: 0
  Registerdata bestanden geïnfecteerd: 0
  Mappen geïnfecteerd: 0
  Bestanden geïnfecteerd: 0

  Geheugenprocessen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Geheugenmodulen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registersleutels geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registerwaarden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registerdata bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Mappen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 0:49:09, on 7-9-2008
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16705)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\SYSTEM32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\eHome\ehRecvr.exe
  C:\WINDOWS\eHome\ehSched.exe
  C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\dllhost.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
  D:\programma's\quicktime\qttask.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  D:\programma's\DAEMON Tools Lite\daemon.exe
  C:\Documents and Settings\jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
  C:\Documents and Settings\jeroen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Documents and Settings\jeroen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\CLEANU~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
  O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
  O4 - HKLM\..\Run: [QuickTime Task] "D:\programma's\quicktime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
  O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\programma's\DAEMON Tools Lite\daemon.exe" -autorun
  O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\CLEANU~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\CLEANU~1\SPYBOT~1\SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
  O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O20 - AppInit_DLLs: gsqvhy.dll
  O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
  O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
  O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
  O24 - Desktop Component 0: Privacy Protection - (no file)


  End of file - 6933 bytes
 • Dit mag je nog fixen met HJT :

  O20 - AppInit_DLLs: gsqvhy.dll

  en maak dan nog eens een nieuw logje met HJT en hang dit aan een volgende bericht.
 • ik ondervind ook geen problemen meer het enigste is dat ik icoontjes mis op mijn bureaublad.


  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 10:16:16, on 7-9-2008
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16705)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\SYSTEM32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
  D:\programma's\quicktime\qttask.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  D:\programma's\DAEMON Tools Lite\daemon.exe
  C:\Documents and Settings\jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
  C:\WINDOWS\eHome\ehRecvr.exe
  C:\WINDOWS\eHome\ehSched.exe
  C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\dllhost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Documents and Settings\jeroen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
  C:\Documents and Settings\jeroen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\CLEANU~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
  O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
  O4 - HKLM\..\Run: [QuickTime Task] "D:\programma's\quicktime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
  O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\programma's\DAEMON Tools Lite\daemon.exe" -autorun
  O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\CLEANU~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\CLEANU~1\SPYBOT~1\SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
  O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
  O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
  O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
  O24 - Desktop Component 0: Privacy Protection - (no file)


  End of file - 6869 bytes
 • Probeer dit nog eens te fixen met HJT :

  O24 - Desktop Component 0: Privacy Protection - (no file)

  en laat dan eens weten of dit iets veranderd heeft. Zijn het trouwens alleen de icoontjes die verdwenen zijn of ook de volledige snelkoppeling ?
 • nee de complete snelkoppeling is weg, de programma's staan nog wel gewoon op de computer.

  Deze laatste krijgt ie niet gefixed heb het 2 keer geprobeerd maar als ik een nieuwe scan doe voor het log file staat ie er weer tussen.

  O24 - Desktop Component 0: Privacy Protection - (no file)


  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 17:13:07, on 7-9-2008
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16705)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\SYSTEM32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  C:\Documents and Settings\jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
  C:\WINDOWS\eHome\ehRecvr.exe
  C:\WINDOWS\eHome\ehSched.exe
  C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\dllhost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Documents and Settings\jeroen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
  C:\Documents and Settings\jeroen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\CLEANU~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
  O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
  O4 - HKLM\..\Run: [QuickTime Task] "D:\programma's\quicktime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
  O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\programma's\DAEMON Tools Lite\daemon.exe" -autorun
  O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\jeroen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\CLEANU~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\CLEANU~1\SPYBOT~1\SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
  O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
  O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
  O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
  O24 - Desktop Component 0: Privacy Protection - (no file)


  End of file - 6787 bytes
 • moet er nog iets gebeuren met deze regel uit het hjt logfile?
  ik heb ook al geprobeerd om hem in veilige modus te verwijderen.

  O24 - Desktop Component 0: Privacy Protection - (no file)

  en heb je misschien nog tips voor betere beveiliging van mijn computer?

  Alvast super bedankt want de Problemen zijn in ieder geval verholpen!!
 • [quote:673ff87676="KahlanRhal"]moet er nog iets gebeuren met deze regel uit het hjt logfile?[/quote:673ff87676] Zou dat even zo laten (de twee mogelijke opties heb je ondertussen al - zonder succes - geprobeerd) … en de zaak gewoon even aankijken. En dan is het tijd voor de “grote schoonmaak” : een cleaning en het verwijderen van de besmette herstelpunten.

  Download CCleaner hier : http://www.majorgeeks.com/download4191.html

  Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

  Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

  Voor de beveiliging van je PC moet je vooral uitkijken naar 3 zaken : antivirus (maar die heb je al met je NOD32) die permanent een update heeft, antispyware (daar zou je bvb. voor AdAware of Spybot kunnen opteren) en een degelijke firewall (bvb. ZoneAlarm, Comodo, e.a. komen daarvoor in aanmerking). De meeste van deze programma's kan je zelfs gratis downloaden.
 • super bedankt voor alles!! ben weer helemaal blij dat mijn computertje het weer goed doet. ik heb nu zelf een griep virus te pakken (maar daar heb je denk ik geen handige tooltjes voor die ik even kan downloaden).

  Groetjes

  Jeroen
 • [quote:0d769b5de9="KahlanRhal"] ik heb nu zelf een griep virus te pakken (maar daar heb je denk ik geen handige tooltjes voor die ik even kan downloaden)[/quote:0d769b5de9] Dat Norton/Symantec daar nog niet aan gedacht heeft :D Hier alvast wat tips : http://www.gezondheid.be/index.cfm?fuseaction=art&art_id=134 :D
 • Ik had net hetzelfde virus, het liet me ook nie toe om CTRL - ALT - DEL te doen, en verborg dingen in mijn start menu.

  De Hijackthis werkt niet zo goed bij mij, ik had niet alle keys zoals hierboven vermeld. Malwarebytes deed al het andere werk, en nu is het probleem volgens mij helemaal opgelost. Morgen er nog eens met de Hyrens Boot CD over gaan.

  Thx !
 • Ben ook zo onhandig geweest om ergens op te klikken zodat ik Smart Antivirus gratis erbij kreeg. Wat irritant. Na lezen van bovenstaande antwoorden ben ik al een beetje aan het klussen gegaan.
  Heb bij hijackthis al wat dingen gefixed en daarna malwarebytes gedraait die een hoop heeft verwijderd. toen opnieuw opgestart. Nu staan hieronder van beide progjes de logs. Mijn vraag is dan ook, is alles nu weg, of moet ik nog wat extra dingen doen.
  Alvast bedankt!

  hijackthis log:
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 21:40:01, on 14-10-2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16705)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  C:\WINDOWS\system32\cisvc.exe
  C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
  C:\WINDOWS\eHome\ehRecvr.exe
  C:\WINDOWS\eHome\ehSched.exe
  C:\WINDOWS\system32\gearsec.exe
  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\inetsrv\inetinfo.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\tcpsvcs.exe
  C:\WINDOWS\System32\snmp.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\dllhost.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\rdpclip.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\ehome\ehtray.exe
  C:\WINDOWS\eHome\ehmsas.exe
  C:\WINDOWS\system32\RunDll32.exe
  C:\WINDOWS\system32\LVCOMSX.EXE
  C:\Program Files\Logitech\Video\LogiTray.exe
  C:\Program Files\Microsoft IntelliPoint\point32.exe
  C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
  C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
  C:\Program Files\QuickTime\QTTask.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
  C:\Program Files\Logitech\Video\FxSvr2.exe
  C:\PROGRA~1\MI3AA1~1\rapimgr.exe
  C:\Program Files\Windows Media Player\WMPNSCFG.exe
  C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
  C:\WINDOWS\system32\cidaemon.exe
  C:\WINDOWS\system32\cidaemon.exe
  C:\WINDOWS\system32\cidaemon.exe
  C:\WINDOWS\system32\logon.scr
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
  O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
  O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
  O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [Adobe Reader] C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
  O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
  O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
  O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [Error Safe Free] C:\Program Files\ErrorSafe Free\uers.exe /scan
  O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
  O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
  O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
  O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
  O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
  O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
  O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
  O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
  O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
  O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://86.85.46.80/home/SonySncRz30View.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131015943875
  O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
  O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
  O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{7FF5754A-FE18-4FC1-8117-A6CB78277E57}: NameServer = 192.168.1.1
  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
  O20 - AppInit_DLLs: eawlbz.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
  O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys


  End of file - 12710 bytes

  MALWAREBYTES LOG

  Malwarebytes' Anti-Malware 1.28
  Database versie: 1269
  Windows 5.1.2600 Service Pack 2

  14-10-2008 21:50:57
  mbam-log-2008-10-14 (21-50-57).txt

  Scan type: Snelle Scan
  Objecten gescand: 54792
  Verstreken tijd: 6 minute(s), 9 second(s)

  Geheugenprocessen geïnfecteerd: 0
  Geheugenmodulen geïnfecteerd: 0
  Registersleutels geïnfecteerd: 0
  Registerwaarden geïnfecteerd: 0
  Registerdata bestanden geïnfecteerd: 0
  Mappen geïnfecteerd: 0
  Bestanden geïnfecteerd: 0

  Geheugenprocessen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Geheugenmodulen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registersleutels geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registerwaarden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registerdata bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Mappen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)  graag hoor ik jullie reactie.

  gr. Michiel
 • Ben ook zo onhandig geweest om ergens op te klikken zodat ik Smart Antivirus gratis erbij kreeg. Wat irritant. Na lezen van bovenstaande antwoorden ben ik al een beetje aan het klussen gegaan.
  Heb bij hijackthis al wat dingen gefixed en daarna malwarebytes gedraait die een hoop heeft verwijderd. toen opnieuw opgestart. Nu staan hieronder van beide progjes de logs. Mijn vraag is dan ook, is alles nu weg, of moet ik nog wat extra dingen doen.
  Alvast bedankt!

  hijackthis log:
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 21:40:01, on 14-10-2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16705)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  C:\WINDOWS\system32\cisvc.exe
  C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
  C:\WINDOWS\eHome\ehRecvr.exe
  C:\WINDOWS\eHome\ehSched.exe
  C:\WINDOWS\system32\gearsec.exe
  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\inetsrv\inetinfo.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\tcpsvcs.exe
  C:\WINDOWS\System32\snmp.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\dllhost.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\rdpclip.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\ehome\ehtray.exe
  C:\WINDOWS\eHome\ehmsas.exe
  C:\WINDOWS\system32\RunDll32.exe
  C:\WINDOWS\system32\LVCOMSX.EXE
  C:\Program Files\Logitech\Video\LogiTray.exe
  C:\Program Files\Microsoft IntelliPoint\point32.exe
  C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
  C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
  C:\Program Files\QuickTime\QTTask.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
  C:\Program Files\Logitech\Video\FxSvr2.exe
  C:\PROGRA~1\MI3AA1~1\rapimgr.exe
  C:\Program Files\Windows Media Player\WMPNSCFG.exe
  C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
  C:\WINDOWS\system32\cidaemon.exe
  C:\WINDOWS\system32\cidaemon.exe
  C:\WINDOWS\system32\cidaemon.exe
  C:\WINDOWS\system32\logon.scr
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
  O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
  O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
  O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [Adobe Reader] C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
  O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
  O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
  O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [Error Safe Free] C:\Program Files\ErrorSafe Free\uers.exe /scan
  O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
  O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
  O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
  O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
  O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
  O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
  O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
  O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
  O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
  O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://86.85.46.80/home/SonySncRz30View.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131015943875
  O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
  O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
  O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{7FF5754A-FE18-4FC1-8117-A6CB78277E57}: NameServer = 192.168.1.1
  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
  O20 - AppInit_DLLs: eawlbz.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
  O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys


  End of file - 12710 bytes

  MALWAREBYTES LOG

  Malwarebytes' Anti-Malware 1.28
  Database versie: 1269
  Windows 5.1.2600 Service Pack 2

  14-10-2008 21:50:57
  mbam-log-2008-10-14 (21-50-57).txt

  Scan type: Snelle Scan
  Objecten gescand: 54792
  Verstreken tijd: 6 minute(s), 9 second(s)

  Geheugenprocessen geïnfecteerd: 0
  Geheugenmodulen geïnfecteerd: 0
  Registersleutels geïnfecteerd: 0
  Registerwaarden geïnfecteerd: 0
  Registerdata bestanden geïnfecteerd: 0
  Mappen geïnfecteerd: 0
  Bestanden geïnfecteerd: 0

  Geheugenprocessen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Geheugenmodulen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registersleutels geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registerwaarden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registerdata bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Mappen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)  graag hoor ik jullie reactie.

  gr. Michiel

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.