Vraag & Antwoord

Beveiliging & privacy

Hoe kan ik zien wat er verbinding maakt met internet

Anoniem
Abraham54
12 antwoorden
 • Hoi,

  Een vraagje m.b.t. mijn internetverbinding.
  Mijn Xp pc is verbonden met een router via een draadloze usb stick. Daarop knippert een ledje in de snelheid van de internetaktiviteit.
  Dit ledje staat constant in een rap tempo te knipperen ook al heb ik geen browser open staan, of email o.i.d.
  Mijn verbinding is ook niet snel meer.
  Ik ben al een keer geblokkeerd door mijn isp omdat ik spam zou versturen waar ik me niet van bewust ben maar wellicht gebeurt dit automatisch.
  Malwarebytes kan niets vinden. Als virusscanner gebruik ik AVG. En als firewall Zonealarm

  Zijn er progjes waarmee je kunt kijken welke zaken er contact maken met internet?

  Vast bedankt
 • [quote:c08aacbbcf="tdv"]Als virusscanner gebruik ik AVG. En als firewall Zonealarm. Zijn er progjes waarmee je kunt kijken welke zaken er contact maken met internet? [/quote:c08aacbbcf] Had je al in Zonealarm gecheckt, welke applicatie toestemming hebben, om contact te maken met het internet? Verder zou je het netwerkverkeer kunnen analyseren via applicatie Wireshark.
 • Hallo tdv, indien jouw internetprovider jou meldt, dat je spam verstuurd, is dat geen goede zaak.

  Ga je analyseren waaruit het uitgaane verkeer bestaat, blijf je met het originele probleem zitten.

  Verbied je via je firewall bepaalde verbindingen, jouw Windows blijft besmet en de malware zal tnieuwe verbindingen opzetten.

  Dweilen met de kraan open dus.

  Daarom is het beter, dat je begint met een HijackThis-log te posten.

  [b:1c52e68537]
  • [b:1c52e68537]Installeer HijackThis op de aangegeven lokatie - mocht er onverhoopt een back-up gedaan moeten worden, dan kan dit alleen vanuit de juiste installatie lokatie.[/b:1c52e68537]
  • Klik vervolgens op de de knop [b:1c52e68537]Do a system scan and save a logfile[/b:1c52e68537]
  • Post aansluitend de inhoud van het logfile.
 • Met de freeware versie van Netlimiter 2 kan je alle uitgaande verbindingen zien. http://www.netlimiter.com/download.php
 • Goed standpunt Abraham!
  Laten we beginnen met Hijack log.
  Bij deze en vast bedankt!

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 14:51:59, on 6-3-2010
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\ASTSRV.EXE
  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  C:\WINDOWS\system32\cisvc.exe
  C:\Program Files\Java\jre6\bin\jqs.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
  C:\PROGRA~1\AVG\AVG8\avgnsx.exe
  C:\PROGRA~1\AVG\AVG8\avgemc.exe
  C:\Program Files\AVG\AVG8\avgcsrvx.exe
  C:\Program Files\AVG\AVG8\avgcsrvx.exe
  C:\WINDOWS\system32\cidaemon.exe
  C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
  C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\ctfmon.exe
  C:\WINDOWS\Dit.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\PROGRA~1\AVG\AVG8\avgtray.exe
  C:\Program Files\Java\jre6\bin\jusched.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\Program Files\Active Desktop Calendar\ADC.exe
  C:\Program Files\J River\Media Jukebox\Media Jukebox.exe
  C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
  C:\Program Files\AVG\AVG8\avgcsrvx.exe
  C:\Program Files\AVG\AVG8\avgui.exe
  C:\Program Files\AVG\AVG8\avgscanx.exe
  C:\Program Files\AVG\AVG8\avgcsrvx.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Documents and Settings\Toontje\Bureaublad\Ongebruikte bureaubladpictogrammen\HiJackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://communities.zeelandnet.nl/data/canada_travelers
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
  R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
  O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitcth.dll
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
  O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
  O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
  O4 - HKLM\..\Run: [Dit] Dit.exe
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\Active Desktop Calendar\ADC.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
  O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/201
  O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/204
  O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/203
  O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/202
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Save with Download Manager… - C:\Program Files\J River\Media Jukebox\DMDownload.htm
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
  O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://portal.emergis.nl/dana/download/wficat9150.cab?url=/dana/term/winlaunchterm.cgi?op=DownloadCitrixCab
  O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
  O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
  O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
  O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://www.shockwave.com/content/joboosgems/sis/AstoundLauncher.cab
  O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://portal.emergis.nl/dana-cached/setup/JuniperSetupSP1.cab
  O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
  O17 - HKLM\System\CCS\Services\Tcpip\..\{E731358B-31F0-4267-8B09-40FD5A4B40A5}: NameServer = 192.168.2.1
  O17 - HKLM\System\CS1\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
  O17 - HKLM\System\CS2\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
  O17 - HKLM\System\CS3\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
  O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
  O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
  O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
  O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
  O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


  End of file - 8880 bytes
 • Hallo Toon, [b:2264da3b0c]je hebt HijackThis op de verkeerde locatie ge-installeerd. Hijackthis kan nu geen back-ups maken![/b:2264da3b0c]

  [b:2264da3b0c]
 • Bij deze een neiuwe HijackThis log.
  Hoop dat ie zo beter is
  Ik zal me zeker eens verdiepen in Avast. Had tot nu toe AVG en was daar wel tevreden over.

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 21:44:34, on 6-3-2010
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\ctfmon.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\ASTSRV.EXE
  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
  C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
  C:\Program Files\Java\jre6\bin\jqs.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
  C:\PROGRA~1\AVG\AVG8\avgnsx.exe
  C:\PROGRA~1\AVG\AVG8\avgemc.exe
  C:\Program Files\AVG\AVG8\avgcsrvx.exe
  C:\Program Files\AVG\AVG8\avgcsrvx.exe
  C:\WINDOWS\Dit.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\PROGRA~1\AVG\AVG8\avgtray.exe
  C:\Program Files\Java\jre6\bin\jusched.exe
  C:\Program Files\Active Desktop Calendar\ADC.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
  C:\Program Files\Outlook Express\msimn.exe
  C:\Program Files\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://communities.zeelandnet.nl/data/canada_travelers
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
  R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
  O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitcth.dll
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
  O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
  O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
  O4 - HKLM\..\Run: [Dit] Dit.exe
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\Active Desktop Calendar\ADC.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
  O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/201
  O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/204
  O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/203
  O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/202
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Save with Download Manager… - C:\Program Files\J River\Media Jukebox\DMDownload.htm
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
  O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://portal.emergis.nl/dana/download/wficat9150.cab?url=/dana/term/winlaunchterm.cgi?op=DownloadCitrixCab
  O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
  O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
  O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
  O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://www.shockwave.com/content/joboosgems/sis/AstoundLauncher.cab
  O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://portal.emergis.nl/dana-cached/setup/JuniperSetupSP1.cab
  O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
  O17 - HKLM\System\CCS\Services\Tcpip\..\{E731358B-31F0-4267-8B09-40FD5A4B40A5}: NameServer = 192.168.2.1
  O17 - HKLM\System\CS1\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
  O17 - HKLM\System\CS2\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
  O17 - HKLM\System\CS3\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
  O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
  O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
  O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
  O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
  O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


  End of file - 8659 bytes
 • Hallo Toon, waarom heb je de antivirussituatie in jouw Windows nog niet gemoderniseerd!
  Die AVG versie van jouw wordt misschien nog ondersteund, maar loopt achter bij de andere gratis AV's!

  [b:925d9cc274]Download, installeer en blijf MBAM gebruiken[/b:925d9cc274] (KLIK)
  • Al meteen na de installatie wil [b:925d9cc274]MBAM[/b:925d9cc274] zijn database opwaarderen – toestaan dus.
  • Ook bij herhaald gebruik: eerst MBAM updaten via de tab [b:925d9cc274]Update[/b:925d9cc274]!

  • Start [b:925d9cc274]MBAM[/b:925d9cc274] en kies voor [b:925d9cc274]Snelle Scan[/b:925d9cc274]

  • [b:925d9cc274]N.B.: Vistagebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:925d9cc274]

  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Indien de scan voltooid is, klik dan op de knop [b:925d9cc274]OK[/b:925d9cc274]
  • Klik daarna op de knop [b:925d9cc274]Bekijk Resultaten[/b:925d9cc274] om de resultaten te zien.
  • Zorg ervoor, dat alles aangevinkt is.
  • Vervolgens klik je op: [b:925d9cc274]Verwijder geselecteerde[/b:925d9cc274] .
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

  • Het log wordt automatisch bewaard door [b:925d9cc274]MBAM[/b:925d9cc274] en dat kan je terugvinden door op de tab [b:925d9cc274]Logs[/b:925d9cc274] te klikken in [b:925d9cc274]MBAM[/b:925d9cc274] .

  • Indien [b:925d9cc274]MBAM[/b:925d9cc274] moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op [b:925d9cc274]OK[/b:925d9cc274] klikken!
  • Daarna zal [b:925d9cc274]MBAM[/b:925d9cc274] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.

  Indien er de rootkit (TDSS) aanwezig is, zal MBAM ook vragen te herstarten. Doe dit dan ook.
  MBAM zal dan na de herstart opnieuw scannen en de rootkit verwijderen.  [b:925d9cc274]Hierna post je de inhoud van de volgende logs:[/b:925d9cc274]
  • een nieuw Hijackthis-log
  • MBAM scanlog
  [b:925d9cc274]Tevens een Uninstall-lijst posten:[/b:925d9cc274]
  • start HijackThis,
  • klik op de knop [b:925d9cc274]Open the Misc Tools section[/b:925d9cc274],
  • klik op de knop [b:925d9cc274]Open Uninstall Manager[/b:925d9cc274]
  • Klik op de knop [b:925d9cc274]Save[/b:925d9cc274].
 • Mijn advies: volledig deïnstalleren en overstappen naar Avast 5!
  momenteel is het beste alternatief iwat gratis antivirus betreft; je al verbaast zijn over het nieuwe Avast-menu!

  AVG Remover: http://www.avg.com/nl-nl/download-tools

  Hoi,

  Ik ga het maar eens proberen met Avast. Moet AVG toch updaten. Ik weet echter niet welke versie remover ik moet hebben??
  Ik heb een medion md 8083 uit 2004.

  Dit is Malwarebytes logfile:
  Malwarebytes' Anti-Malware 1.44
  Database versie: 3828
  Windows 5.1.2600 Service Pack 3
  Internet Explorer 6.0.2900.5512

  7-3-2010 12:18:36
  mbam-log-2010-03-07 (12-18-36).txt

  Scan type: Snelle Scan
  Objecten gescand: 205935
  Verstreken tijd: 44 minute(s), 53 second(s)

  Geheugenprocessen geïnfecteerd: 0
  Geheugenmodulen geïnfecteerd: 0
  Registersleutels geïnfecteerd: 0
  Registerwaarden geïnfecteerd: 0
  Registerdata bestanden geïnfecteerd: 0
  Mappen geïnfecteerd: 0
  Bestanden geïnfecteerd: 0

  Geheugenprocessen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Geheugenmodulen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registersleutels geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registerwaarden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registerdata bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Mappen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  En dit is de HijackThis logfile:
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 12:25:48, on 7-3-2010
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\ASTSRV.EXE
  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  C:\WINDOWS\system32\cisvc.exe
  C:\Program Files\Java\jre6\bin\jqs.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
  C:\PROGRA~1\AVG\AVG8\avgnsx.exe
  C:\PROGRA~1\AVG\AVG8\avgemc.exe
  C:\Program Files\AVG\AVG8\avgcsrvx.exe
  C:\Program Files\AVG\AVG8\avgcsrvx.exe
  C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
  C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\ctfmon.exe
  C:\WINDOWS\Dit.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\PROGRA~1\AVG\AVG8\avgtray.exe
  C:\Program Files\Java\jre6\bin\jusched.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\Program Files\Active Desktop Calendar\ADC.exe
  C:\Program Files\AVG\AVG8\avgui.exe
  C:\Program Files\AVG\AVG8\avgscanx.exe
  C:\Program Files\AVG\AVG8\avgcsrvx.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
  C:\WINDOWS\system32\NOTEPAD.EXE
  C:\Program Files\Outlook Express\msimn.exe
  C:\Program Files\Java\jre6\bin\java.exe
  C:\WINDOWS\system32\cidaemon.exe
  C:\Documents and Settings\Toontje\Bureaublad\Ongebruikte bureaubladpictogrammen\HiJackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://communities.zeelandnet.nl/data/canada_travelers
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
  R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
  O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitcth.dll
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
  O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
  O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
  O4 - HKLM\..\Run: [Dit] Dit.exe
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\Active Desktop Calendar\ADC.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
  O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/201
  O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/204
  O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/203
  O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/202
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Save with Download Manager… - C:\Program Files\J River\Media Jukebox\DMDownload.htm
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
  O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://portal.emergis.nl/dana/download/…dCitrixCab
  O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
  O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
  O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
  O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://www.shockwave.com/content/joboosg…uncher.cab
  O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://portal.emergis.nl/dana-cached/se…tupSP1.cab
  O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Junip…Client.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
  O17 - HKLM\System\CCS\Services\Tcpip\..\{E731358B-31F0-4267-8B09-40FD5A4B40A5}: NameServer = 192.168.2.1
  O17 - HKLM\System\CS1\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
  O17 - HKLM\System\CS2\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
  O17 - HKLM\System\CS3\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
  O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
  O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
  O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
  O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
  O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


  End of file - 8902 bytes

  En dit is de uninstall list

  µTorrent
  7-Zip 4.65
  Aangifte inkomstenbelasting 2007
  Aangifte inkomstenbelasting 2008
  Active Desktop Calendar 5.6
  Adobe Flash Player 10 ActiveX
  Adobe Flash Player 10 Plugin
  Adobe Photoshop CS4
  Adobe Reader 8.1.4
  Adobe Shockwave Player
  Amazing Adventures The Caribbean Secret™
  Apple Software Update
  Ashampoo Burning Studio 9.10
  AVG 8.5
  Aztec Tribe
  Babylonia
  Belkin 54g USB Network Adapter
  Beveiligingsupdate for Windows XP (KB941569)
  Beveiligingsupdate voor Windows Media Player (KB952069)
  Beveiligingsupdate voor Windows Media Player (KB954155)
  Beveiligingsupdate voor Windows Media Player (KB968816)
  Beveiligingsupdate voor Windows Media Player (KB973540)
  Beveiligingsupdate voor Windows Media Player 11 (KB936782)
  Beveiligingsupdate voor Windows Media Player 11 (KB954154)
  Beveiligingsupdate voor Windows Media Player 9 (KB911565)
  Beveiligingsupdate voor Windows Media Player 9 (KB917734)
  Beveiligingsupdate voor Windows XP (KB923561)
  Beveiligingsupdate voor Windows XP (KB938464)
  Beveiligingsupdate voor Windows XP (KB946648)
  Beveiligingsupdate voor Windows XP (KB950762)
  Beveiligingsupdate voor Windows XP (KB950974)
  Beveiligingsupdate voor Windows XP (KB951066)
  Beveiligingsupdate voor Windows XP (KB951376-v2)
  Beveiligingsupdate voor Windows XP (KB951698)
  Beveiligingsupdate voor Windows XP (KB951748)
  Beveiligingsupdate voor Windows XP (KB952004)
  Beveiligingsupdate voor Windows XP (KB952954)
  Beveiligingsupdate voor Windows XP (KB954211)
  Beveiligingsupdate voor Windows XP (KB954600)
  Beveiligingsupdate voor Windows XP (KB955069)
  Beveiligingsupdate voor Windows XP (KB956391)
  Beveiligingsupdate voor Windows XP (KB956572)
  Beveiligingsupdate voor Windows XP (KB956744)
  Beveiligingsupdate voor Windows XP (KB956802)
  Beveiligingsupdate voor Windows XP (KB956803)
  Beveiligingsupdate voor Windows XP (KB956841)
  Beveiligingsupdate voor Windows XP (KB956844)
  Beveiligingsupdate voor Windows XP (KB957095)
  Beveiligingsupdate voor Windows XP (KB957097)
  Beveiligingsupdate voor Windows XP (KB958215)
  Beveiligingsupdate voor Windows XP (KB958644)
  Beveiligingsupdate voor Windows XP (KB958687)
  Beveiligingsupdate voor Windows XP (KB958869)
  Beveiligingsupdate voor Windows XP (KB959426)
  Beveiligingsupdate voor Windows XP (KB960225)
  Beveiligingsupdate voor Windows XP (KB960714)
  Beveiligingsupdate voor Windows XP (KB960803)
  Beveiligingsupdate voor Windows XP (KB960859)
  Beveiligingsupdate voor Windows XP (KB961371-v2)
  Beveiligingsupdate voor Windows XP (KB961501)
  Beveiligingsupdate voor Windows XP (KB968537)
  Beveiligingsupdate voor Windows XP (KB969059)
  Beveiligingsupdate voor Windows XP (KB969947)
  Beveiligingsupdate voor Windows XP (KB970238)
  Beveiligingsupdate voor Windows XP (KB970430)
  Beveiligingsupdate voor Windows XP (KB971468)
  Beveiligingsupdate voor Windows XP (KB971486)
  Beveiligingsupdate voor Windows XP (KB971557)
  Beveiligingsupdate voor Windows XP (KB971633)
  Beveiligingsupdate voor Windows XP (KB971657)
  Beveiligingsupdate voor Windows XP (KB971961)
  Beveiligingsupdate voor Windows XP (KB972270)
  Beveiligingsupdate voor Windows XP (KB973354)
  Beveiligingsupdate voor Windows XP (KB973507)
  Beveiligingsupdate voor Windows XP (KB973525)
  Beveiligingsupdate voor Windows XP (KB973869)
  Beveiligingsupdate voor Windows XP (KB973904)
  Beveiligingsupdate voor Windows XP (KB974112)
  Beveiligingsupdate voor Windows XP (KB974318)
  Beveiligingsupdate voor Windows XP (KB974392)
  Beveiligingsupdate voor Windows XP (KB974455)
  Beveiligingsupdate voor Windows XP (KB974571)
  Beveiligingsupdate voor Windows XP (KB975025)
  Beveiligingsupdate voor Windows XP (KB975467)
  Beveiligingsupdate voor Windows XP (KB975560)
  Beveiligingsupdate voor Windows XP (KB975713)
  Beveiligingsupdate voor Windows XP (KB976325)
  Beveiligingsupdate voor Windows XP (KB977165)
  Beveiligingsupdate voor Windows XP (KB977914)
  Beveiligingsupdate voor Windows XP (KB978037)
  Beveiligingsupdate voor Windows XP (KB978251)
  Beveiligingsupdate voor Windows XP (KB978262)
  Beveiligingsupdate voor Windows XP (KB978706)
  Big City Adventure™: New York City
  Big City Adventure™: Vancouver
  Born Into Darkness
  C-Media WDM Audio Driver
  Compatibility Pack for the 2007 Office system
  Cradle of Persia
  DigiLeen 1.1
  DVD Shrink 3.2
  DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
  Easy Taalcursus Italiaans
  Escape the Museum 2
  Fiona Finch and the Finest Flowers
  Firebird SQL Server - MAGIX Edition 2.0.0.1 (US)
  Fishdom: Spooky Splash™
  Gotcha: Celebrity Secrets™
  Heroes of Hellas 2: Olympia
  Hidato™ Adventures
  Hide and Secret 3: Pharaoh's Quest
  HijackThis 2.0.2
  Hollywood FX Pack 26 - Extra FX
  Hostile Makeover
  Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
  Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
  Hotfix for Windows Media Format 11 SDK (KB929399)
  Hotfix voor Windows Media Player 11 (KB939683)
  Hotfix voor Windows XP (KB952287)
  Hotfix voor Windows XP (KB961118)
  Hotfix voor Windows XP (KB970653-v3)
  Hotfix voor Windows XP (KB976098-v2)
  Hotfix voor Windows XP (KB979306)
  hp psc 2100 series
  HP-software voor foto- en beeldbewerking 2.0 - All-in-One
  HP-software voor foto- en beeldbewerking 2.0 - All-in-One stuurprogramma
  HP-software voor foto- en beeldbewerking 2.0 - HP psc 2100
  J2SE Runtime Environment 5.0 Update 6
  Java(TM) 6 Update 17
  Jojo's Fashion Show World Tour
  Juniper Networks Setup Client Activex Control
  Kindgebonden budget 2009
  K-Lite Mega Codec Pack 1.63
  Kuros™
  LimeWire PRO 4.16.2
  Little Shop - World Traveler
  MAGIX music cleaning lab 2003 deLuxe
  MailWasher Pro
  Malwarebytes' Anti-Malware
  Mary Kay Andrews: The Fixer Upper
  Media Jukebox 8.0
  Medion Flash XL 2.0
  MetaFrame Presentation Server Web Client for Win32
  Microsoft .NET Framework 1.1
  Microsoft .NET Framework 1.1
  Microsoft .NET Framework 1.1 Security Update (KB953297)
  Microsoft .NET Framework 2.0 Language Pack - NLD
  Microsoft .NET Framework 2.0 Service Pack 2
  Microsoft .NET Framework 3.0 Service Pack 2
  Microsoft .NET Framework 3.5 SP1
  Microsoft .NET Framework 3.5 SP1
  Microsoft Compression Client Pack 1.0 for Windows XP
  Microsoft Office Access Runtime (Dutch) 2007
  Microsoft Office Professional Editie 2003
  Microsoft User-Mode Driver Framework Feature Pack 1.0
  Microsoft Visual C++ 2005 Redistributable
  Million Dollar Quest
  Mozilla Firefox (3.0.18)
  MSXML 4.0 SP2 (KB936181)
  MSXML 4.0 SP2 (KB954430)
  MSXML 4.0 SP2 (KB973688)
  MSXML 6 Service Pack 2 (KB954459)
  Murder, She Wrote
  Music Library
  Mysterious Worlds: The Secret of Oak Island
  Mystery Masterpiece™: The Moonstone
  Nancy Drew®: Ransom of the Seven Ships
  Nero 8
  neroxml
  NewsLeecher v3.9 Beta 4
  NHI_IT_Cursist
  NVIDIA Drivers
  OpenAL
  Orbit
  Overhoor voor Windows 4.5.1
  Paddington
  PDF-XChange 2.5 Driver Install
  Pinnacle Hollywood FX for Studio

  PIXresizer 2.0.0
  PowerCinema 2.5
  QuickTime
  Sandlot Games Client Services
  Sandlot Games Client Services 1.2.2
  Shaman Odyssey: Tropic Adventure
  SmartSound Quicktracks Plugin
  Studio 9
  Switch
  The Village Mage: Spellbinder
  Torrent Harvester
  Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
  Update voor Windows XP (KB951978)
  Update voor Windows XP (KB955759)
  Update voor Windows XP (KB955839)
  Update voor Windows XP (KB967715)
  Update voor Windows XP (KB968389)
  Update voor Windows XP (KB971737)
  Update voor Windows XP (KB973687)
  Update voor Windows XP (KB973815)
  Update voor Windows XP (KB978207)
  VCRedistSetup
  VIA Rhine-Family Fast-Ethernet Adapter
  Virtual City
  VU Leerling
  W83L518D
  Wash N' Go 2.4.3.1 (remove only)
  Windows Imaging Component
  Windows Installer Clean Up
  Windows Media Format 11 runtime
  Windows Media Format 11 runtime
  Windows Media Player 11
  Windows Media Player 11
  Windows XP Service Pack 3
  WinRAR archiver
  Wizard Land
  Wolters-Noordhoff Netwerk/Wizzkit 2 havo vwo
  XP Codec Pack
  ZoneAlarm
 • Hallo Toon, je kan gewoon het meest aktuele removal tool van AVG gebruiken!


  MBAM heeft niks gevonden, dat verbaast me eigenlijk.

  [b:468920fc90]Laat Combofix jouw Windows scannen[/b:468920fc90] (klik).

  [b:468920fc90]Hoe Combofix goed te gebruiken[/b:468920fc90] (klik)

  [b:468920fc90]Aanvulling: om Combofix te kunnen gebruiken geldt het volgende:
 • Dit zou hem dan moeten zijn. Lijkt erop dat het een stuk beter gaat want de internetverbinding is een stuk sneller, m'n hdd staat niet constant meer te reutelen en de led van mijn draadloze usb stick knippert alleen nog af en toe.
  Oh ja, aan Avast nog niet toegekomen maar ga ik wel doen hoor!

  ComboFix 10-03-07.01 - Toontje 07-03-2010 16:52:44.2.2 - x86
  Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.1004 [GMT 1:00]
  Gestart vanuit: c:\documents and settings\Toontje\Bureaublad\ComboFix.exe
  gebruikte Opdracht switches :: c:\documents and settings\Toontje\Bureaublad\CFScript.txt
  AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
  FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

  WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

  FILE ::
  "c:\windows\system32\drivers\mxxcg.sys"
  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  c:\windows\system32\drivers\mxxcg.sys

  .
  ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  ——-\Legacy_CUSBOHCN
  ——-\Legacy_LMIRFSCLIENTNP
  ——-\Legacy_MXXCG
  ——-\Service_cusbohcn
  ——-\Service_LMIRfsClientNP
  ——-\Service_mxxcg


  (((((((((((((((((((( Bestanden Gemaakt van 2010-02-06 to 2010-03-06 ))))))))))))))))))))))))))))))
  .

  2010-03-07 08:34 . 2010-03-07 08:34 ——– d—–w- c:\documents and settings\Beatje\Application Data\1morebee
  2010-03-05 17:23 . 2010-03-05 17:23 ——– d—–w- c:\documents and settings\Beatje\logs
  2010-03-02 12:04 . 2010-03-02 12:39 ——– d—–w- c:\documents and settings\All Users.WINDOWS\Application Data\Islands
  2010-02-28 08:23 . 2009-06-16 17:28 46592 —-a-w- c:\windows\system32\drivers\fetnd5bv.sys
  2010-02-28 08:23 . 2006-11-02 06:21 319456 —-a-w- c:\windows\system32\difxapi.dll
  2010-02-28 08:23 . 2006-10-27 15:26 69632 —-a-w- c:\windows\system32\vuins32.dll
  2010-02-26 13:02 . 2010-03-06 21:44 ——– d–h–r- c:\documents and settings\Toontje\Onlangs geopend
  2010-02-25 08:14 . 2010-02-25 08:20 ——– d—–w- c:\windows\SxsCaPendDel
  2010-02-22 12:27 . 2010-03-01 20:46 ——– d—–w- c:\documents and settings\Toontje\Application Data\uTorrent
  2010-02-22 12:27 . 2010-02-22 12:27 ——– d—–w- c:\program files\uTorrent
  2010-02-21 10:26 . 2010-02-21 10:26 35363 —-a-w- c:\windows\system32\windrvNT.sys
  2010-02-21 10:26 . 2010-02-21 10:26 53248 —-a-w- c:\windows\system32\suppdll.dll
  2010-02-21 10:26 . 2010-02-26 13:02 ——– d—–w- c:\program files\Folder Lock
  2010-02-21 10:14 . 2010-02-21 10:14 ——– d—–w- c:\program files\Common Files\Everstrike Software
  2010-02-20 09:23 . 2010-02-20 09:23 ——– d—–w- c:\documents and settings\All Users.WINDOWS\Application Data\Kristanix Games
  2010-02-16 07:43 . 2010-02-16 07:43 ——– d—–w- c:\documents and settings\All Users.WINDOWS\Application Data\Rumbic Studio
  2010-02-12 20:09 . 2010-02-12 20:09 ——– d—–w- c:\documents and settings\Beatje\Application Data\Awem
  2010-02-12 19:55 . 2010-02-12 19:55 ——– d—–w- c:\documents and settings\Beatje\Application Data\TheFixerUpper
  2010-02-09 19:00 . 2010-02-09 19:25 ——– d—–w- c:\documents and settings\All Users.WINDOWS\Application Data\FarmFrenzy3_America
  2010-02-06 13:16 . 2010-02-24 09:27 ——– d—–w- c:\program files\MP3Gain

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2010-03-06 22:20 . 2005-08-22 15:23 ——– d—–w- c:\documents and settings\Toontje\Application Data\MailWasherPro
  2010-03-06 22:19 . 2007-05-09 12:32 13440 —-a-w- c:\windows\system32\drivers\USBCRFT.SYS
  2010-03-06 22:15 . 2010-03-06 22:17 1807872 —-a-w- c:\windows\Internet Logs\xDB57.tmp
  2010-03-06 19:54 . 2010-01-16 08:27 2218463 —-a-w- c:\windows\Internet Logs\tvDebug.Zip
  2010-03-06 15:20 . 2008-11-25 21:28 ——– d—–w- c:\documents and settings\Toontje\Application Data\LimeWire
  2010-03-06 12:02 . 2006-05-16 19:37 ——– d—–w- c:\documents and settings\Beatje\Application Data\MailWasherPro
  2010-03-06 11:27 . 2007-03-22 19:42 ——– d—a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
  2010-03-05 22:09 . 2010-03-06 06:41 133120 —-a-w- c:\windows\Internet Logs\xDB56.tmp
  2010-03-05 22:09 . 2008-05-14 18:56 ——– d—–w- c:\documents and settings\Toontje\Application Data\Orbit
  2010-03-03 21:39 . 2010-03-04 07:04 85504 —-a-w- c:\windows\Internet Logs\xDB54.tmp
  2010-03-03 21:39 . 2010-03-04 07:04 1798656 —-a-w- c:\windows\Internet Logs\xDB55.tmp
  2010-03-03 13:46 . 2005-10-14 16:44 ——– d—–w- c:\documents and settings\All Users.WINDOWS\Application Data\PlayFirst
  2010-03-03 13:46 . 2005-08-22 16:57 ——– d—–w- c:\documents and settings\Beatje\Application Data\PlayFirst
  2010-03-03 12:46 . 2004-05-10 16:25 ——– d—–w- c:\program files\Shockwave.com
  2010-03-02 12:57 . 2010-03-02 15:49 1792000 —-a-w- c:\windows\Internet Logs\xDB53.tmp
  2010-03-02 12:57 . 2010-03-02 15:49 47616 —-a-w- c:\windows\Internet Logs\xDB52.tmp
  2010-03-02 12:40 . 2008-08-20 14:18 ——– d—–w- c:\documents and settings\Beatje\Application Data\Alawar
  2010-03-01 21:33 . 2010-03-01 21:36 1787392 —-a-w- c:\windows\Internet Logs\xDB51.tmp
  2010-03-01 21:33 . 2010-03-01 21:36 152576 —-a-w- c:\windows\Internet Logs\xDB50.tmp
  2010-03-01 06:10 . 2010-03-01 14:02 71168 —-a-w- c:\windows\Internet Logs\xDB4E.tmp
  2010-03-01 06:10 . 2010-03-01 14:02 1786880 —-a-w- c:\windows\Internet Logs\xDB4F.tmp
  2010-02-28 08:52 . 2010-02-28 09:19 209408 —-a-w- c:\windows\Internet Logs\xDB4C.tmp
  2010-02-28 08:52 . 2010-02-28 09:19 1783808 —-a-w- c:\windows\Internet Logs\xDB4D.tmp
  2010-02-27 23:24 . 2010-02-27 23:28 1783296 —-a-w- c:\windows\Internet Logs\xDB4B.tmp
  2010-02-26 22:36 . 2010-02-27 08:42 217088 —-a-w- c:\windows\Internet Logs\xDB49.tmp
  2010-02-26 22:36 . 2010-02-27 08:42 1782272 —-a-w- c:\windows\Internet Logs\xDB4A.tmp
  2010-02-25 21:30 . 2010-02-26 08:02 1781760 —-a-w- c:\windows\Internet Logs\xDB48.tmp
  2010-02-25 20:21 . 2010-02-25 20:27 1781248 —-a-w- c:\windows\Internet Logs\xDB47.tmp
  2010-02-25 20:21 . 2010-02-25 20:27 336384 —-a-w- c:\windows\Internet Logs\xDB46.tmp
  2010-02-25 08:25 . 2009-01-06 20:51 ——– d—–w- c:\program files\Modem Booster
  2010-02-25 08:19 . 2010-02-25 08:21 494080 —-a-w- c:\windows\Internet Logs\xDB45.tmp
  2010-02-25 08:19 . 2009-12-26 11:17 ——– d—–w- c:\program files\DAEMON Tools Pro
  2010-02-24 21:58 . 2010-02-25 08:03 1773056 —-a-w- c:\windows\Internet Logs\xDB44.tmp
  2010-02-23 23:50 . 2010-02-24 08:18 125440 —-a-w- c:\windows\Internet Logs\xDB43.tmp
  2010-02-22 22:25 . 2010-02-23 08:34 504832 —-a-w- c:\windows\Internet Logs\xDB42.tmp
  2010-02-22 10:44 . 2010-02-22 10:48 55296 —-a-w- c:\windows\Internet Logs\xDB41.tmp
  2010-02-21 21:47 . 2010-02-22 08:49 1767936 —-a-w- c:\windows\Internet Logs\xDB40.tmp
  2010-02-21 21:47 . 2010-02-22 08:49 87040 —-a-w- c:\windows\Internet Logs\xDB3F.tmp
  2010-02-21 10:18 . 2010-02-21 10:19 68608 —-a-w- c:\windows\Internet Logs\xDB3D.tmp
  2010-02-21 10:18 . 2010-02-21 10:19 1767424 —-a-w- c:\windows\Internet Logs\xDB3E.tmp
  2010-02-20 21:50 . 2010-02-21 07:29 1765888 —-a-w- c:\windows\Internet Logs\xDB3C.tmp
  2010-02-20 21:50 . 2010-02-21 07:29 72192 —-a-w- c:\windows\Internet Logs\xDB3B.tmp
  2010-02-19 21:44 . 2010-02-20 08:10 1763840 —-a-w- c:\windows\Internet Logs\xDB3A.tmp
  2010-02-19 21:44 . 2010-02-20 08:10 86016 —-a-w- c:\windows\Internet Logs\xDB39.tmp
  2010-02-18 21:13 . 2010-02-19 05:54 1762816 —-a-w- c:\windows\Internet Logs\xDB38.tmp
  2010-02-18 21:12 . 2010-02-19 05:54 94208 —-a-w- c:\windows\Internet Logs\xDB37.tmp
  2010-02-17 21:19 . 2010-02-18 06:09 109568 —-a-w- c:\windows\Internet Logs\xDB36.tmp
  2010-02-17 12:34 . 2009-02-06 10:13 ——– d—–w- c:\documents and settings\Beatje\Application Data\World-LooM
  2010-02-16 21:28 . 2010-02-17 07:03 251904 —-a-w- c:\windows\Internet Logs\xDB34.tmp
  2010-02-16 21:28 . 2010-02-17 07:03 1757696 —-a-w- c:\windows\Internet Logs\xDB35.tmp
  2010-02-15 21:57 . 2010-02-16 07:07 1751552 —-a-w- c:\windows\Internet Logs\xDB33.tmp
  2010-02-14 21:26 . 2005-08-21 14:00 ——– d—–w- c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
  2010-02-14 10:22 . 2010-02-14 10:26 230912 —-a-w- c:\windows\Internet Logs\xDB31.tmp
  2010-02-14 10:22 . 2010-02-14 10:26 1748480 —-a-w- c:\windows\Internet Logs\xDB32.tmp
  2010-02-13 20:35 . 2010-02-14 07:23 1747968 —-a-w- c:\windows\Internet Logs\xDB30.tmp
  2010-02-13 09:41 . 2010-02-13 09:46 70144 —-a-w- c:\windows\Internet Logs\xDB2F.tmp
  2010-02-12 21:49 . 2010-02-13 08:13 448512 —-a-w- c:\windows\Internet Logs\xDB2D.tmp
  2010-02-12 21:49 . 2010-02-13 08:13 1745920 —-a-w- c:\windows\Internet Logs\xDB2E.tmp
  2010-02-11 21:35 . 2010-02-12 06:07 1740288 —-a-w- c:\windows\Internet Logs\xDB2C.tmp
  2010-02-10 21:45 . 2010-02-11 06:03 1739264 —-a-w- c:\windows\Internet Logs\xDB2B.tmp
  2010-02-10 21:45 . 2010-02-11 06:03 73728 —-a-w- c:\windows\Internet Logs\xDB2A.tmp
  2010-02-10 17:36 . 2009-03-12 14:45 ——– d—–w- c:\documents and settings\Beatje\Application Data\Boomzap
  2010-02-10 06:09 . 2010-02-10 13:04 19968 —-a-w- c:\windows\Internet Logs\xDB29.tmp
  2010-02-09 21:09 . 2010-02-10 06:07 559616 —-a-w- c:\windows\Internet Logs\xDB27.tmp
  2010-02-09 21:09 . 2010-02-10 06:07 1736192 —-a-w- c:\windows\Internet Logs\xDB28.tmp
  2010-02-09 17:44 . 2009-09-23 17:55 ——– d—–w- c:\documents and settings\Beatje\Application Data\Merscom
  2010-02-09 17:44 . 2009-06-29 11:41 ——– d—–w- c:\documents and settings\All Users.WINDOWS\Application Data\Merscom
  2010-02-09 12:16 . 2008-06-24 15:38 ——– d—–w- c:\documents and settings\Beatje\Application Data\MysteryStudio
  2010-02-09 07:40 . 2010-02-09 12:15 1726976 —-a-w- c:\windows\Internet Logs\xDB26.tmp
  2010-02-09 07:40 . 2010-02-09 12:15 341504 —-a-w- c:\windows\Internet Logs\xDB25.tmp
  2010-02-07 22:04 . 2010-02-08 14:21 1420800 —-a-w- c:\windows\Internet Logs\xDB24.tmp
  2010-02-06 21:26 . 2010-02-07 08:21 1719296 —-a-w- c:\windows\Internet Logs\xDB23.tmp
  2010-02-06 21:26 . 2010-02-07 08:21 589824 —-a-w- c:\windows\Internet Logs\xDB22.tmp
  2010-02-06 09:19 . 2010-02-06 09:23 194560 —-a-w- c:\windows\Internet Logs\xDB21.tmp
  2010-02-06 07:28 . 2009-12-28 22:49 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
  2010-02-05 21:16 . 2010-02-06 07:04 1715200 —-a-w- c:\windows\Internet Logs\xDB20.tmp
  2010-02-04 21:49 . 2010-02-05 06:01 84480 —-a-w- c:\windows\Internet Logs\xDB1E.tmp
  2010-02-04 21:49 . 2010-02-05 06:01 1712640 —-a-w- c:\windows\Internet Logs\xDB1F.tmp
  2010-02-03 22:04 . 2010-02-04 07:02 98816 —-a-w- c:\windows\Internet Logs\xDB1C.tmp
  2010-02-03 22:04 . 2010-02-04 07:02 1710080 —-a-w- c:\windows\Internet Logs\xDB1D.tmp
  2010-02-03 21:19 . 2010-02-03 21:19 ——– d—–w- c:\documents and settings\Toontje\Application Data\VitySoft
  2010-02-02 21:25 . 2010-02-03 06:08 620032 —-a-w- c:\windows\Internet Logs\xDB1A.tmp
  2010-02-02 21:25 . 2010-02-03 06:08 1705984 —-a-w- c:\windows\Internet Logs\xDB1B.tmp
  2010-01-31 22:01 . 2010-02-01 07:12 1698304 —-a-w- c:\windows\Internet Logs\xDB19.tmp
  2010-01-31 22:01 . 2010-02-01 07:12 2250240 —-a-w- c:\windows\Internet Logs\xDB18.tmp
  2010-01-31 13:27 . 2010-01-31 11:39 49 —-a-w- c:\windows\OH4WIN.REG
  2010-01-31 11:40 . 2010-01-31 11:39 ——– d—–w- c:\program files\Overhoor
  2010-01-30 21:59 . 2010-01-31 08:33 1694720 —-a-w- c:\windows\Internet Logs\xDB17.tmp
  2010-01-29 22:07 . 2010-01-30 08:37 1685504 —-a-w- c:\windows\Internet Logs\xDB16.tmp
  2010-01-29 22:06 . 2010-01-30 08:37 410112 —-a-w- c:\windows\Internet Logs\xDB15.tmp
  2010-01-29 08:45 . 2010-01-29 08:48 41984 —-a-w- c:\windows\Internet Logs\xDB13.tmp
  2010-01-29 08:45 . 2010-01-29 08:48 1682432 —-a-w- c:\windows\Internet Logs\xDB14.tmp
  2010-01-28 21:26 . 2010-01-29 06:02 1681408 —-a-w- c:\windows\Internet Logs\xDB12.tmp
  2010-01-28 21:26 . 2010-01-29 06:02 507904 —-a-w- c:\windows\Internet Logs\xDB11.tmp
  2010-01-28 16:15 . 2005-08-21 16:35 69048 -c–a-w- c:\documents and settings\Beatje\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
  2010-01-28 07:33 . 2010-01-28 13:11 29696 —-a-w- c:\windows\Internet Logs\xDB10.tmp
  2010-01-27 22:08 . 2010-01-28 07:00 173568 —-a-w- c:\windows\Internet Logs\xDBE.tmp
  2010-01-27 22:08 . 2010-01-28 07:00 1678848 —-a-w- c:\windows\Internet Logs\xDBF.tmp
  2010-01-27 13:27 . 2009-03-20 11:35 ——– d—–w- c:\documents and settings\Beatje\Application Data\EleFun Games
  2010-01-26 21:27 . 2010-01-27 07:03 1670656 —-a-w- c:\windows\Internet Logs\xDBD.tmp
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
  REGEDIT4

  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

  [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
  2009-11-25 12:01 1230080 —-a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

  [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

  [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Active Desktop Calendar"="c:\program files\Active Desktop Calendar\ADC.exe" [2005-08-16 2093056]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Dit"="Dit.exe" [2003-12-29 94208]
  "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
  "nwiz"="nwiz.exe" [2009-02-18 1657376]
  "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
  "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
  "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
  "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-29 149280]
  "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

  c:\documents and settings\Beatje\Menu Start\Programma's\Opstarten\
  MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2004-5-25 5066240]

  c:\documents and settings\Toontje\Menu Start\Programma's\Opstarten\
  MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2004-5-25 5066240]

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
  "DisableClock"= 0 (0x0)

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
  2009-09-03 11:57 11952 —-a-w- c:\windows\system32\avgrsstx.dll

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
  2008-10-15 00:04 39792 —-a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
  1998-11-30 16:04 497376 —-a-w- c:\windows\p_981116.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
  2008-04-14 17:03 1695232 ——w- c:\program files\Messenger\msmsgs.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
  2007-03-01 13:57 153136 —-a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
  2004-03-10 15:26 406016 —-a-w- c:\windows\system32\PSDrvCheck.exe

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
  "CTFMON.EXE"=c:\windows\system32\ctfmon.exe
  "scrsss.exe"=scrsss.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
  "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
  "scrsss.exe"=scrsss.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
  "DisableMonitoring"=dword:00000001

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"= 0 (0x0)

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "c:\\Program Files\\uTorrent\\utorrent.exe"=
  "c:\\Documents and Settings\\Toontje\\Application Data\\Juniper Networks\\Juniper Citrix Services Client\\dsCitrixProxy.exe"=
  "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
  "c:\\Program Files\\Orbit Downloader 2.1.5\\Orbitdownloader\\orbitdm.exe"=
  "c:\\Program Files\\Orbit Downloader 2.1.5\\Orbitdownloader\\orbitnet.exe"=
  "c:\\WINDOWS\\system32\\java.exe"=
  "c:\\Program Files\\Java\\jre1.5.0_06\\launch4j-tmp\\JDownloader.exe"=
  "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
  "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
  "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
  "c:\\Program Files\\DigiLeen\\Digileen.exe"=
  "c:\\Program Files\\LimeWire\\LimeWire.exe"=
  "c:\\Documents and Settings\\Toontje\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
  "c:\\Documents and Settings\\Toontje\\Application Data\\Juniper Networks\\Setup Client\\JuniperSetupClient.exe"=
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "%windir%\\system32\\sessmgr.exe"=

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "5800:TCP"= 5800:TCP:Vnc server
  "5900:TCP"= 5900:TCP:Vnc Viewer
  "5801:TCP"= 5801:TCP:Vnc viewer 2

  R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26-11-2006 19:43 691696]
  R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26-4-2009 21:18 335240]
  R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26-4-2009 21:18 108552]
  R1 myWIFIzone;myWIFIzone Driver;c:\windows\system32\drivers\myWIFIzone.sys [22-12-2005 21:45 19712]
  R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [26-4-2009 21:17 908056]
  R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26-4-2009 21:17 297752]
  R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [9-5-2007 13:32 13440]
  R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [24-8-2005 18:45 24704]
  R3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [9-5-2007 13:34 11672]
  R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [19-1-2007 22:05 19928]
  S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [24-9-2007 20:07 1527900]
  S3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [24-8-2005 21:23 380736]
  S3 vaxscsi;vaxscsi;c:\windows\system32\Drivers\vaxscsi.sys –> c:\windows\system32\Drivers\vaxscsi.sys [?]
  S3 VICHW00;VICHW00;\??\c:\windows\SYSTEM32\DRIVERS\VICHW00.SYS –> c:\windows\SYSTEM32\DRIVERS\VICHW00.SYS [?]
  .
  Inhoud van de 'Gedeelde Taken' map

  2010-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
  - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

  2005-11-25 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2100 series5E771253C1676EBED677BF361FDFC537825E15B8124556025.job
  - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
  .
  .
  ——- Bijkomende Scan ——-
  .
  uStart Page = hxxp://communities.zeelandnet.nl/data/canada_travelers
  uInternet Connection Wizard,ShellNext = iexplore
  IE: &Download by Orbit - c:\program files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/201
  IE: &Grab video by Orbit - c:\program files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/204
  IE: Do&wnload selected by Orbit - c:\program files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/203
  IE: Down&load all by Orbit - c:\program files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/202
  IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
  IE: Save with Download Manager… - c:\program files\J River\Media Jukebox\DMDownload.htm
  Trusted Zone: emergis.nl\portal
  TCP: {1D97C7AD-2923-4914-A86D-5C712DFD3F94} = 192.168.2.1
  TCP: {E731358B-31F0-4267-8B09-40FD5A4B40A5} = 192.168.2.1
  DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} - hxxp://www.shockwave.com/content/joboosgems/sis/AstoundLauncher.cab
  DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
  FF - ProfilePath - c:\documents and settings\Toontje\Application Data\Mozilla\Firefox\Profiles\i5xqazr0.default\
  FF - prefs.js: browser.startup.homepage - hxxp://www.zeelandnet.nl/
  FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
  FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
  FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
  FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
  FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
  FF - plugin: c:\program files\DigiLeen\plugin\NPDigiLeen.dll
  FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
  FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
  FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
  FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
  FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
  FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

  —- FIREFOX POLICIES —-
  FF - user.js: network.http.max-persistent-connections-per-server - 4
  FF - user.js: nglayout.initialpaint.delay - 600
  FF - user.js: content.notify.interval - 600000
  FF - user.js: content.max.tokenizing.time - 1800000
  FF - user.js: content.switch.threshold - 600000
  .

  **************************************************************************

  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2010-03-06 23:19
  Windows 5.1.2600 Service Pack 3 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden:

  **************************************************************************

  Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

  device: opened successfully
  user: MBR read successfully
  called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spgh.sys >>UNKNOWN [0x8A471938]<<
  kernel: MBR read successfully
  detected MBR rootkit hooks:
  \Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
  \Driver\ACPI -> ACPI.sys @ 0xf74a2cb8
  \Driver\atapi -> atapi.sys @ 0xba6a4b40
  IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
  ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
  \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
  ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
  user & kernel MBR OK

  **************************************************************************
  .
  ——————— VERGRENDELDE REGISTER SLEUTELS ———————

  [HKEY_USERS\S-1-5-21-1292428093-920026266-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
  @Allowed: (Read) (RestrictedCode)
  @Allowed: (Read) (RestrictedCode)
  .
  ——————— DLLs Geladen Onder Lopende Processen ———————

  - - - - - - - > 'explorer.exe'(3780)
  c:\program files\Active Desktop Calendar\MouseHook.dll
  c:\windows\system32\WPDShServiceObj.dll
  c:\windows\system32\PortableDeviceTypes.dll
  c:\windows\system32\PortableDeviceApi.dll
  .
  ———————— Andere Aktieve Processen ————————
  .
  c:\windows\System32\SCardSvr.exe
  c:\windows\system32\ASTSRV.EXE
  c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
  c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
  c:\program files\Java\jre6\bin\jqs.exe
  c:\windows\system32\nvsvc32.exe
  c:\progra~1\AVG\AVG8\avgrsx.exe
  c:\progra~1\AVG\AVG8\avgnsx.exe
  c:\program files\AVG\AVG8\avgcsrvx.exe
  c:\program files\AVG\AVG8\avgcsrvx.exe
  c:\windows\Dit.exe
  c:\windows\system32\RUNDLL32.EXE
  .
  **************************************************************************
  .
  Voltooingstijd: 2010-03-07 17:20:35 - machine werd herstart
  ComboFix-quarantined-files.txt 2010-03-07 17:20
  ComboFix2.txt 2010-02-24 19:46

  Pre-Run: 34.039.050.240 bytes beschikbaar
  Post-Run: 33.796.612.096 bytes beschikbaar

  - - End Of File - - 5F61BA5D42E5ACBFE1821E15933608FE
 • Hallo Toon,
  Combofix mag nu verwijderd worden:

  • ga daarvoor naar Start - Uitvoeren
  • kopieer en plak hierin het volgende: [b:f7cd3830e2]Combofix /Uninstall[/b:f7cd3830e2]
  • klik daarna op [b:f7cd3830e2]OK[/b:f7cd3830e2].
  • indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.

  Voorbeeld:

  [img:f7cd3830e2]http://home.kpn.nl/stefsmeenk/CFUninstall.PNG[/img:f7cd3830e2]

  Uitvoeren kan ook gestart worden door de toetsencombinatie [img:f7cd3830e2]http://home.kpn.nl/stefsmeenk/W+R.jpg[/img:f7cd3830e2]


  Of Combofix handmatig verwijderen:

  [b:f7cd3830e2]Verwijder dan:[/b:f7cd3830e2]
  • ComboFix.exe
  • C:\combofix.txt
  • C:\ComboFix-quarantined-files.txt
  • C:\ComboFix2.txt
  • C:\ComboFix3.txt
  • etc.etc.
  • de map c:\Qoobox (mits aanwezig)


  [b:f7cd3830e2]Download TFC (klick) naar je bureaublad.[/b:f7cd3830e2]
  N.B.: Gebruikers van Windows Vista en Windows 7 starten het tool middels rechtsklik en daarbij dan kiezend voor Als Administrator uitvoeren!
  • Klik/dubbelklik op [b:f7cd3830e2]TFC.exe[/b:f7cd3830e2] om het programma te starten.
  • Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen!
  • Vervolgens klik je op de knop [b:f7cd3830e2]Start[/b:f7cd3830e2] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is.
  • Indien TFC klaar is, dan komt de melding dat de computer opnieu opgestart wordt.
  • Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op.
  • Noot: TFC vertoont geen log!


  Download [b:f7cd3830e2]CKScanner by askey 127[/b:f7cd3830e2] en sla het op je bueaublad op.

  Vista en Win 7 gebruikers gebruiken dit tool via rechtsklik en kiezen voor Als Administrator uitvoeren.

  • Klik/dubbelklik op [b:f7cd3830e2]CKScanner by askey 127[/b:f7cd3830e2] om het tool te starten en klik op Search for Files.
  • Na een korte tijd, wanneer de zandloper verdwijnt, klik dan op Save List To File
  • Een berichtvenster zal bevestigen dat het dokument is opgelagen.
  • Klik/dubbelklik op de CKFiles.txt snelkoppeling op je bureaublad en kopiëer en plak de inhoud in je volgende post.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.