Vraag & Antwoord

Beveiliging & privacy

Hoe kan ik zien wat er verbinding maakt met internet

Anoniem
Abraham54
12 antwoorden
  • Hoi,

    Een vraagje m.b.t. mijn internetverbinding.
    Mijn Xp pc is verbonden met een router via een draadloze usb stick. Daarop knippert een ledje in de snelheid van de internetaktiviteit.
    Dit ledje staat constant in een rap tempo te knipperen ook al heb ik geen browser open staan, of email o.i.d.
    Mijn verbinding is ook niet snel meer.
    Ik ben al een keer geblokkeerd door mijn isp omdat ik spam zou versturen waar ik me niet van bewust ben maar wellicht gebeurt dit automatisch.
    Malwarebytes kan niets vinden. Als virusscanner gebruik ik AVG. En als firewall Zonealarm

    Zijn er progjes waarmee je kunt kijken welke zaken er contact maken met internet?

    Vast bedankt
  • [quote:c08aacbbcf="tdv"]Als virusscanner gebruik ik AVG. En als firewall Zonealarm. Zijn er progjes waarmee je kunt kijken welke zaken er contact maken met internet? [/quote:c08aacbbcf] Had je al in Zonealarm gecheckt, welke applicatie toestemming hebben, om contact te maken met het internet? Verder zou je het netwerkverkeer kunnen analyseren via applicatie Wireshark.
  • Hallo tdv, indien jouw internetprovider jou meldt, dat je spam verstuurd, is dat geen goede zaak.

    Ga je analyseren waaruit het uitgaane verkeer bestaat, blijf je met het originele probleem zitten.

    Verbied je via je firewall bepaalde verbindingen, jouw Windows blijft besmet en de malware zal tnieuwe verbindingen opzetten.

    Dweilen met de kraan open dus.

    Daarom is het beter, dat je begint met een HijackThis-log te posten.

    [b:1c52e68537]
    • [b:1c52e68537]Installeer HijackThis op de aangegeven lokatie - mocht er onverhoopt een back-up gedaan moeten worden, dan kan dit alleen vanuit de juiste installatie lokatie.[/b:1c52e68537]
    • Klik vervolgens op de de knop [b:1c52e68537]Do a system scan and save a logfile[/b:1c52e68537]
    • Post aansluitend de inhoud van het logfile.
  • Met de freeware versie van Netlimiter 2 kan je alle uitgaande verbindingen zien. http://www.netlimiter.com/download.php
  • Goed standpunt Abraham!
    Laten we beginnen met Hijack log.
    Bij deze en vast bedankt!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:51:59, on 6-3-2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ASTSRV.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Active Desktop Calendar\ADC.exe
    C:\Program Files\J River\Media Jukebox\Media Jukebox.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Program Files\AVG\AVG8\avgscanx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Toontje\Bureaublad\Ongebruikte bureaubladpictogrammen\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://communities.zeelandnet.nl/data/canada_travelers
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitcth.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\Active Desktop Calendar\ADC.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save with Download Manager… - C:\Program Files\J River\Media Jukebox\DMDownload.htm
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://portal.emergis.nl/dana/download/wficat9150.cab?url=/dana/term/winlaunchterm.cgi?op=DownloadCitrixCab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://www.shockwave.com/content/joboosgems/sis/AstoundLauncher.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://portal.emergis.nl/dana-cached/setup/JuniperSetupSP1.cab
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E731358B-31F0-4267-8B09-40FD5A4B40A5}: NameServer = 192.168.2.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
    O17 - HKLM\System\CS3\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    End of file - 8880 bytes
  • Hallo Toon, [b:2264da3b0c]je hebt HijackThis op de verkeerde locatie ge-installeerd. Hijackthis kan nu geen back-ups maken![/b:2264da3b0c]

    [b:2264da3b0c]
  • Bij deze een neiuwe HijackThis log.
    Hoop dat ie zo beter is
    Ik zal me zeker eens verdiepen in Avast. Had tot nu toe AVG en was daar wel tevreden over.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:44:34, on 6-3-2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ASTSRV.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Active Desktop Calendar\ADC.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://communities.zeelandnet.nl/data/canada_travelers
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitcth.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\Active Desktop Calendar\ADC.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save with Download Manager… - C:\Program Files\J River\Media Jukebox\DMDownload.htm
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://portal.emergis.nl/dana/download/wficat9150.cab?url=/dana/term/winlaunchterm.cgi?op=DownloadCitrixCab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://www.shockwave.com/content/joboosgems/sis/AstoundLauncher.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://portal.emergis.nl/dana-cached/setup/JuniperSetupSP1.cab
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E731358B-31F0-4267-8B09-40FD5A4B40A5}: NameServer = 192.168.2.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
    O17 - HKLM\System\CS3\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    End of file - 8659 bytes
  • Hallo Toon, waarom heb je de antivirussituatie in jouw Windows nog niet gemoderniseerd!
    Die AVG versie van jouw wordt misschien nog ondersteund, maar loopt achter bij de andere gratis AV's!

    [b:925d9cc274]Download, installeer en blijf MBAM gebruiken[/b:925d9cc274] (KLIK)
    • Al meteen na de installatie wil [b:925d9cc274]MBAM[/b:925d9cc274] zijn database opwaarderen – toestaan dus.
    • Ook bij herhaald gebruik: eerst MBAM updaten via de tab [b:925d9cc274]Update[/b:925d9cc274]!

    • Start [b:925d9cc274]MBAM[/b:925d9cc274] en kies voor [b:925d9cc274]Snelle Scan[/b:925d9cc274]

    • [b:925d9cc274]N.B.: Vistagebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:925d9cc274]

    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Indien de scan voltooid is, klik dan op de knop [b:925d9cc274]OK[/b:925d9cc274]
    • Klik daarna op de knop [b:925d9cc274]Bekijk Resultaten[/b:925d9cc274] om de resultaten te zien.
    • Zorg ervoor, dat alles aangevinkt is.
    • Vervolgens klik je op: [b:925d9cc274]Verwijder geselecteerde[/b:925d9cc274] .
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    • Het log wordt automatisch bewaard door [b:925d9cc274]MBAM[/b:925d9cc274] en dat kan je terugvinden door op de tab [b:925d9cc274]Logs[/b:925d9cc274] te klikken in [b:925d9cc274]MBAM[/b:925d9cc274] .

    • Indien [b:925d9cc274]MBAM[/b:925d9cc274] moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op [b:925d9cc274]OK[/b:925d9cc274] klikken!
    • Daarna zal [b:925d9cc274]MBAM[/b:925d9cc274] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.

    Indien er de rootkit (TDSS) aanwezig is, zal MBAM ook vragen te herstarten. Doe dit dan ook.
    MBAM zal dan na de herstart opnieuw scannen en de rootkit verwijderen.



    [b:925d9cc274]Hierna post je de inhoud van de volgende logs:[/b:925d9cc274]
    • een nieuw Hijackthis-log
    • MBAM scanlog
    [b:925d9cc274]Tevens een Uninstall-lijst posten:[/b:925d9cc274]
    • start HijackThis,
    • klik op de knop [b:925d9cc274]Open the Misc Tools section[/b:925d9cc274],
    • klik op de knop [b:925d9cc274]Open Uninstall Manager[/b:925d9cc274]
    • Klik op de knop [b:925d9cc274]Save[/b:925d9cc274].
  • Mijn advies: volledig deïnstalleren en overstappen naar Avast 5!
    momenteel is het beste alternatief iwat gratis antivirus betreft; je al verbaast zijn over het nieuwe Avast-menu!

    AVG Remover: http://www.avg.com/nl-nl/download-tools

    Hoi,

    Ik ga het maar eens proberen met Avast. Moet AVG toch updaten. Ik weet echter niet welke versie remover ik moet hebben??
    Ik heb een medion md 8083 uit 2004.

    Dit is Malwarebytes logfile:
    Malwarebytes' Anti-Malware 1.44
    Database versie: 3828
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    7-3-2010 12:18:36
    mbam-log-2010-03-07 (12-18-36).txt

    Scan type: Snelle Scan
    Objecten gescand: 205935
    Verstreken tijd: 44 minute(s), 53 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    En dit is de HijackThis logfile:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:25:48, on 7-3-2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ASTSRV.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Active Desktop Calendar\ADC.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Program Files\AVG\AVG8\avgscanx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Toontje\Bureaublad\Ongebruikte bureaubladpictogrammen\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://communities.zeelandnet.nl/data/canada_travelers
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitcth.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\Active Desktop Calendar\ADC.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save with Download Manager… - C:\Program Files\J River\Media Jukebox\DMDownload.htm
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://portal.emergis.nl/dana/download/…dCitrixCab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://www.shockwave.com/content/joboosg…uncher.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://portal.emergis.nl/dana-cached/se…tupSP1.cab
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Junip…Client.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E731358B-31F0-4267-8B09-40FD5A4B40A5}: NameServer = 192.168.2.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
    O17 - HKLM\System\CS3\Services\Tcpip\..\{1D97C7AD-2923-4914-A86D-5C712DFD3F94}: NameServer = 192.168.2.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


    End of file - 8902 bytes

    En dit is de uninstall list

    µTorrent
    7-Zip 4.65
    Aangifte inkomstenbelasting 2007
    Aangifte inkomstenbelasting 2008
    Active Desktop Calendar 5.6
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop CS4
    Adobe Reader 8.1.4
    Adobe Shockwave Player
    Amazing Adventures The Caribbean Secret™
    Apple Software Update
    Ashampoo Burning Studio 9.10
    AVG 8.5
    Aztec Tribe
    Babylonia
    Belkin 54g USB Network Adapter
    Beveiligingsupdate for Windows XP (KB941569)
    Beveiligingsupdate voor Windows Media Player (KB952069)
    Beveiligingsupdate voor Windows Media Player (KB954155)
    Beveiligingsupdate voor Windows Media Player (KB968816)
    Beveiligingsupdate voor Windows Media Player (KB973540)
    Beveiligingsupdate voor Windows Media Player 11 (KB936782)
    Beveiligingsupdate voor Windows Media Player 11 (KB954154)
    Beveiligingsupdate voor Windows Media Player 9 (KB911565)
    Beveiligingsupdate voor Windows Media Player 9 (KB917734)
    Beveiligingsupdate voor Windows XP (KB923561)
    Beveiligingsupdate voor Windows XP (KB938464)
    Beveiligingsupdate voor Windows XP (KB946648)
    Beveiligingsupdate voor Windows XP (KB950762)
    Beveiligingsupdate voor Windows XP (KB950974)
    Beveiligingsupdate voor Windows XP (KB951066)
    Beveiligingsupdate voor Windows XP (KB951376-v2)
    Beveiligingsupdate voor Windows XP (KB951698)
    Beveiligingsupdate voor Windows XP (KB951748)
    Beveiligingsupdate voor Windows XP (KB952004)
    Beveiligingsupdate voor Windows XP (KB952954)
    Beveiligingsupdate voor Windows XP (KB954211)
    Beveiligingsupdate voor Windows XP (KB954600)
    Beveiligingsupdate voor Windows XP (KB955069)
    Beveiligingsupdate voor Windows XP (KB956391)
    Beveiligingsupdate voor Windows XP (KB956572)
    Beveiligingsupdate voor Windows XP (KB956744)
    Beveiligingsupdate voor Windows XP (KB956802)
    Beveiligingsupdate voor Windows XP (KB956803)
    Beveiligingsupdate voor Windows XP (KB956841)
    Beveiligingsupdate voor Windows XP (KB956844)
    Beveiligingsupdate voor Windows XP (KB957095)
    Beveiligingsupdate voor Windows XP (KB957097)
    Beveiligingsupdate voor Windows XP (KB958215)
    Beveiligingsupdate voor Windows XP (KB958644)
    Beveiligingsupdate voor Windows XP (KB958687)
    Beveiligingsupdate voor Windows XP (KB958869)
    Beveiligingsupdate voor Windows XP (KB959426)
    Beveiligingsupdate voor Windows XP (KB960225)
    Beveiligingsupdate voor Windows XP (KB960714)
    Beveiligingsupdate voor Windows XP (KB960803)
    Beveiligingsupdate voor Windows XP (KB960859)
    Beveiligingsupdate voor Windows XP (KB961371-v2)
    Beveiligingsupdate voor Windows XP (KB961501)
    Beveiligingsupdate voor Windows XP (KB968537)
    Beveiligingsupdate voor Windows XP (KB969059)
    Beveiligingsupdate voor Windows XP (KB969947)
    Beveiligingsupdate voor Windows XP (KB970238)
    Beveiligingsupdate voor Windows XP (KB970430)
    Beveiligingsupdate voor Windows XP (KB971468)
    Beveiligingsupdate voor Windows XP (KB971486)
    Beveiligingsupdate voor Windows XP (KB971557)
    Beveiligingsupdate voor Windows XP (KB971633)
    Beveiligingsupdate voor Windows XP (KB971657)
    Beveiligingsupdate voor Windows XP (KB971961)
    Beveiligingsupdate voor Windows XP (KB972270)
    Beveiligingsupdate voor Windows XP (KB973354)
    Beveiligingsupdate voor Windows XP (KB973507)
    Beveiligingsupdate voor Windows XP (KB973525)
    Beveiligingsupdate voor Windows XP (KB973869)
    Beveiligingsupdate voor Windows XP (KB973904)
    Beveiligingsupdate voor Windows XP (KB974112)
    Beveiligingsupdate voor Windows XP (KB974318)
    Beveiligingsupdate voor Windows XP (KB974392)
    Beveiligingsupdate voor Windows XP (KB974455)
    Beveiligingsupdate voor Windows XP (KB974571)
    Beveiligingsupdate voor Windows XP (KB975025)
    Beveiligingsupdate voor Windows XP (KB975467)
    Beveiligingsupdate voor Windows XP (KB975560)
    Beveiligingsupdate voor Windows XP (KB975713)
    Beveiligingsupdate voor Windows XP (KB976325)
    Beveiligingsupdate voor Windows XP (KB977165)
    Beveiligingsupdate voor Windows XP (KB977914)
    Beveiligingsupdate voor Windows XP (KB978037)
    Beveiligingsupdate voor Windows XP (KB978251)
    Beveiligingsupdate voor Windows XP (KB978262)
    Beveiligingsupdate voor Windows XP (KB978706)
    Big City Adventure™: New York City
    Big City Adventure™: Vancouver
    Born Into Darkness
    C-Media WDM Audio Driver
    Compatibility Pack for the 2007 Office system
    Cradle of Persia
    DigiLeen 1.1
    DVD Shrink 3.2
    DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
    Easy Taalcursus Italiaans
    Escape the Museum 2
    Fiona Finch and the Finest Flowers
    Firebird SQL Server - MAGIX Edition 2.0.0.1 (US)
    Fishdom: Spooky Splash™
    Gotcha: Celebrity Secrets™
    Heroes of Hellas 2: Olympia
    Hidato™ Adventures
    Hide and Secret 3: Pharaoh's Quest
    HijackThis 2.0.2
    Hollywood FX Pack 26 - Extra FX
    Hostile Makeover
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix voor Windows Media Player 11 (KB939683)
    Hotfix voor Windows XP (KB952287)
    Hotfix voor Windows XP (KB961118)
    Hotfix voor Windows XP (KB970653-v3)
    Hotfix voor Windows XP (KB976098-v2)
    Hotfix voor Windows XP (KB979306)
    hp psc 2100 series
    HP-software voor foto- en beeldbewerking 2.0 - All-in-One
    HP-software voor foto- en beeldbewerking 2.0 - All-in-One stuurprogramma
    HP-software voor foto- en beeldbewerking 2.0 - HP psc 2100
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 17
    Jojo's Fashion Show World Tour
    Juniper Networks Setup Client Activex Control
    Kindgebonden budget 2009
    K-Lite Mega Codec Pack 1.63
    Kuros™
    LimeWire PRO 4.16.2
    Little Shop - World Traveler
    MAGIX music cleaning lab 2003 deLuxe
    MailWasher Pro
    Malwarebytes' Anti-Malware
    Mary Kay Andrews: The Fixer Upper
    Media Jukebox 8.0
    Medion Flash XL 2.0
    MetaFrame Presentation Server Web Client for Win32
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Language Pack - NLD
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Access Runtime (Dutch) 2007
    Microsoft Office Professional Editie 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Million Dollar Quest
    Mozilla Firefox (3.0.18)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    Murder, She Wrote
    Music Library
    Mysterious Worlds: The Secret of Oak Island
    Mystery Masterpiece™: The Moonstone
    Nancy Drew®: Ransom of the Seven Ships
    Nero 8
    neroxml
    NewsLeecher v3.9 Beta 4
    NHI_IT_Cursist
    NVIDIA Drivers
    OpenAL
    Orbit
    Overhoor voor Windows 4.5.1
    Paddington
    PDF-XChange 2.5 Driver Install
    Pinnacle Hollywood FX for Studio

    PIXresizer 2.0.0
    PowerCinema 2.5
    QuickTime
    Sandlot Games Client Services
    Sandlot Games Client Services 1.2.2
    Shaman Odyssey: Tropic Adventure
    SmartSound Quicktracks Plugin
    Studio 9
    Switch
    The Village Mage: Spellbinder
    Torrent Harvester
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update voor Windows XP (KB951978)
    Update voor Windows XP (KB955759)
    Update voor Windows XP (KB955839)
    Update voor Windows XP (KB967715)
    Update voor Windows XP (KB968389)
    Update voor Windows XP (KB971737)
    Update voor Windows XP (KB973687)
    Update voor Windows XP (KB973815)
    Update voor Windows XP (KB978207)
    VCRedistSetup
    VIA Rhine-Family Fast-Ethernet Adapter
    Virtual City
    VU Leerling
    W83L518D
    Wash N' Go 2.4.3.1 (remove only)
    Windows Imaging Component
    Windows Installer Clean Up
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    Wizard Land
    Wolters-Noordhoff Netwerk/Wizzkit 2 havo vwo
    XP Codec Pack
    ZoneAlarm
  • Hallo Toon, je kan gewoon het meest aktuele removal tool van AVG gebruiken!


    MBAM heeft niks gevonden, dat verbaast me eigenlijk.

    [b:468920fc90]Laat Combofix jouw Windows scannen[/b:468920fc90] (klik).

    [b:468920fc90]Hoe Combofix goed te gebruiken[/b:468920fc90] (klik)

    [b:468920fc90]Aanvulling: om Combofix te kunnen gebruiken geldt het volgende:
  • Dit zou hem dan moeten zijn. Lijkt erop dat het een stuk beter gaat want de internetverbinding is een stuk sneller, m'n hdd staat niet constant meer te reutelen en de led van mijn draadloze usb stick knippert alleen nog af en toe.
    Oh ja, aan Avast nog niet toegekomen maar ga ik wel doen hoor!

    ComboFix 10-03-07.01 - Toontje 07-03-2010 16:52:44.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.1004 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Toontje\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Toontje\Bureaublad\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

    FILE ::
    "c:\windows\system32\drivers\mxxcg.sys"
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\mxxcg.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Legacy_CUSBOHCN
    ——-\Legacy_LMIRFSCLIENTNP
    ——-\Legacy_MXXCG
    ——-\Service_cusbohcn
    ——-\Service_LMIRfsClientNP
    ——-\Service_mxxcg


    (((((((((((((((((((( Bestanden Gemaakt van 2010-02-06 to 2010-03-06 ))))))))))))))))))))))))))))))
    .

    2010-03-07 08:34 . 2010-03-07 08:34 ——– d—–w- c:\documents and settings\Beatje\Application Data\1morebee
    2010-03-05 17:23 . 2010-03-05 17:23 ——– d—–w- c:\documents and settings\Beatje\logs
    2010-03-02 12:04 . 2010-03-02 12:39 ——– d—–w- c:\documents and settings\All Users.WINDOWS\Application Data\Islands
    2010-02-28 08:23 . 2009-06-16 17:28 46592 —-a-w- c:\windows\system32\drivers\fetnd5bv.sys
    2010-02-28 08:23 . 2006-11-02 06:21 319456 —-a-w- c:\windows\system32\difxapi.dll
    2010-02-28 08:23 . 2006-10-27 15:26 69632 —-a-w- c:\windows\system32\vuins32.dll
    2010-02-26 13:02 . 2010-03-06 21:44 ——– d–h–r- c:\documents and settings\Toontje\Onlangs geopend
    2010-02-25 08:14 . 2010-02-25 08:20 ——– d—–w- c:\windows\SxsCaPendDel
    2010-02-22 12:27 . 2010-03-01 20:46 ——– d—–w- c:\documents and settings\Toontje\Application Data\uTorrent
    2010-02-22 12:27 . 2010-02-22 12:27 ——– d—–w- c:\program files\uTorrent
    2010-02-21 10:26 . 2010-02-21 10:26 35363 —-a-w- c:\windows\system32\windrvNT.sys
    2010-02-21 10:26 . 2010-02-21 10:26 53248 —-a-w- c:\windows\system32\suppdll.dll
    2010-02-21 10:26 . 2010-02-26 13:02 ——– d—–w- c:\program files\Folder Lock
    2010-02-21 10:14 . 2010-02-21 10:14 ——– d—–w- c:\program files\Common Files\Everstrike Software
    2010-02-20 09:23 . 2010-02-20 09:23 ——– d—–w- c:\documents and settings\All Users.WINDOWS\Application Data\Kristanix Games
    2010-02-16 07:43 . 2010-02-16 07:43 ——– d—–w- c:\documents and settings\All Users.WINDOWS\Application Data\Rumbic Studio
    2010-02-12 20:09 . 2010-02-12 20:09 ——– d—–w- c:\documents and settings\Beatje\Application Data\Awem
    2010-02-12 19:55 . 2010-02-12 19:55 ——– d—–w- c:\documents and settings\Beatje\Application Data\TheFixerUpper
    2010-02-09 19:00 . 2010-02-09 19:25 ——– d—–w- c:\documents and settings\All Users.WINDOWS\Application Data\FarmFrenzy3_America
    2010-02-06 13:16 . 2010-02-24 09:27 ——– d—–w- c:\program files\MP3Gain

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-06 22:20 . 2005-08-22 15:23 ——– d—–w- c:\documents and settings\Toontje\Application Data\MailWasherPro
    2010-03-06 22:19 . 2007-05-09 12:32 13440 —-a-w- c:\windows\system32\drivers\USBCRFT.SYS
    2010-03-06 22:15 . 2010-03-06 22:17 1807872 —-a-w- c:\windows\Internet Logs\xDB57.tmp
    2010-03-06 19:54 . 2010-01-16 08:27 2218463 —-a-w- c:\windows\Internet Logs\tvDebug.Zip
    2010-03-06 15:20 . 2008-11-25 21:28 ——– d—–w- c:\documents and settings\Toontje\Application Data\LimeWire
    2010-03-06 12:02 . 2006-05-16 19:37 ——– d—–w- c:\documents and settings\Beatje\Application Data\MailWasherPro
    2010-03-06 11:27 . 2007-03-22 19:42 ——– d—a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
    2010-03-05 22:09 . 2010-03-06 06:41 133120 —-a-w- c:\windows\Internet Logs\xDB56.tmp
    2010-03-05 22:09 . 2008-05-14 18:56 ——– d—–w- c:\documents and settings\Toontje\Application Data\Orbit
    2010-03-03 21:39 . 2010-03-04 07:04 85504 —-a-w- c:\windows\Internet Logs\xDB54.tmp
    2010-03-03 21:39 . 2010-03-04 07:04 1798656 —-a-w- c:\windows\Internet Logs\xDB55.tmp
    2010-03-03 13:46 . 2005-10-14 16:44 ——– d—–w- c:\documents and settings\All Users.WINDOWS\Application Data\PlayFirst
    2010-03-03 13:46 . 2005-08-22 16:57 ——– d—–w- c:\documents and settings\Beatje\Application Data\PlayFirst
    2010-03-03 12:46 . 2004-05-10 16:25 ——– d—–w- c:\program files\Shockwave.com
    2010-03-02 12:57 . 2010-03-02 15:49 1792000 —-a-w- c:\windows\Internet Logs\xDB53.tmp
    2010-03-02 12:57 . 2010-03-02 15:49 47616 —-a-w- c:\windows\Internet Logs\xDB52.tmp
    2010-03-02 12:40 . 2008-08-20 14:18 ——– d—–w- c:\documents and settings\Beatje\Application Data\Alawar
    2010-03-01 21:33 . 2010-03-01 21:36 1787392 —-a-w- c:\windows\Internet Logs\xDB51.tmp
    2010-03-01 21:33 . 2010-03-01 21:36 152576 —-a-w- c:\windows\Internet Logs\xDB50.tmp
    2010-03-01 06:10 . 2010-03-01 14:02 71168 —-a-w- c:\windows\Internet Logs\xDB4E.tmp
    2010-03-01 06:10 . 2010-03-01 14:02 1786880 —-a-w- c:\windows\Internet Logs\xDB4F.tmp
    2010-02-28 08:52 . 2010-02-28 09:19 209408 —-a-w- c:\windows\Internet Logs\xDB4C.tmp
    2010-02-28 08:52 . 2010-02-28 09:19 1783808 —-a-w- c:\windows\Internet Logs\xDB4D.tmp
    2010-02-27 23:24 . 2010-02-27 23:28 1783296 —-a-w- c:\windows\Internet Logs\xDB4B.tmp
    2010-02-26 22:36 . 2010-02-27 08:42 217088 —-a-w- c:\windows\Internet Logs\xDB49.tmp
    2010-02-26 22:36 . 2010-02-27 08:42 1782272 —-a-w- c:\windows\Internet Logs\xDB4A.tmp
    2010-02-25 21:30 . 2010-02-26 08:02 1781760 —-a-w- c:\windows\Internet Logs\xDB48.tmp
    2010-02-25 20:21 . 2010-02-25 20:27 1781248 —-a-w- c:\windows\Internet Logs\xDB47.tmp
    2010-02-25 20:21 . 2010-02-25 20:27 336384 —-a-w- c:\windows\Internet Logs\xDB46.tmp
    2010-02-25 08:25 . 2009-01-06 20:51 ——– d—–w- c:\program files\Modem Booster
    2010-02-25 08:19 . 2010-02-25 08:21 494080 —-a-w- c:\windows\Internet Logs\xDB45.tmp
    2010-02-25 08:19 . 2009-12-26 11:17 ——– d—–w- c:\program files\DAEMON Tools Pro
    2010-02-24 21:58 . 2010-02-25 08:03 1773056 —-a-w- c:\windows\Internet Logs\xDB44.tmp
    2010-02-23 23:50 . 2010-02-24 08:18 125440 —-a-w- c:\windows\Internet Logs\xDB43.tmp
    2010-02-22 22:25 . 2010-02-23 08:34 504832 —-a-w- c:\windows\Internet Logs\xDB42.tmp
    2010-02-22 10:44 . 2010-02-22 10:48 55296 —-a-w- c:\windows\Internet Logs\xDB41.tmp
    2010-02-21 21:47 . 2010-02-22 08:49 1767936 —-a-w- c:\windows\Internet Logs\xDB40.tmp
    2010-02-21 21:47 . 2010-02-22 08:49 87040 —-a-w- c:\windows\Internet Logs\xDB3F.tmp
    2010-02-21 10:18 . 2010-02-21 10:19 68608 —-a-w- c:\windows\Internet Logs\xDB3D.tmp
    2010-02-21 10:18 . 2010-02-21 10:19 1767424 —-a-w- c:\windows\Internet Logs\xDB3E.tmp
    2010-02-20 21:50 . 2010-02-21 07:29 1765888 —-a-w- c:\windows\Internet Logs\xDB3C.tmp
    2010-02-20 21:50 . 2010-02-21 07:29 72192 —-a-w- c:\windows\Internet Logs\xDB3B.tmp
    2010-02-19 21:44 . 2010-02-20 08:10 1763840 —-a-w- c:\windows\Internet Logs\xDB3A.tmp
    2010-02-19 21:44 . 2010-02-20 08:10 86016 —-a-w- c:\windows\Internet Logs\xDB39.tmp
    2010-02-18 21:13 . 2010-02-19 05:54 1762816 —-a-w- c:\windows\Internet Logs\xDB38.tmp
    2010-02-18 21:12 . 2010-02-19 05:54 94208 —-a-w- c:\windows\Internet Logs\xDB37.tmp
    2010-02-17 21:19 . 2010-02-18 06:09 109568 —-a-w- c:\windows\Internet Logs\xDB36.tmp
    2010-02-17 12:34 . 2009-02-06 10:13 ——– d—–w- c:\documents and settings\Beatje\Application Data\World-LooM
    2010-02-16 21:28 . 2010-02-17 07:03 251904 —-a-w- c:\windows\Internet Logs\xDB34.tmp
    2010-02-16 21:28 . 2010-02-17 07:03 1757696 —-a-w- c:\windows\Internet Logs\xDB35.tmp
    2010-02-15 21:57 . 2010-02-16 07:07 1751552 —-a-w- c:\windows\Internet Logs\xDB33.tmp
    2010-02-14 21:26 . 2005-08-21 14:00 ——– d—–w- c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
    2010-02-14 10:22 . 2010-02-14 10:26 230912 —-a-w- c:\windows\Internet Logs\xDB31.tmp
    2010-02-14 10:22 . 2010-02-14 10:26 1748480 —-a-w- c:\windows\Internet Logs\xDB32.tmp
    2010-02-13 20:35 . 2010-02-14 07:23 1747968 —-a-w- c:\windows\Internet Logs\xDB30.tmp
    2010-02-13 09:41 . 2010-02-13 09:46 70144 —-a-w- c:\windows\Internet Logs\xDB2F.tmp
    2010-02-12 21:49 . 2010-02-13 08:13 448512 —-a-w- c:\windows\Internet Logs\xDB2D.tmp
    2010-02-12 21:49 . 2010-02-13 08:13 1745920 —-a-w- c:\windows\Internet Logs\xDB2E.tmp
    2010-02-11 21:35 . 2010-02-12 06:07 1740288 —-a-w- c:\windows\Internet Logs\xDB2C.tmp
    2010-02-10 21:45 . 2010-02-11 06:03 1739264 —-a-w- c:\windows\Internet Logs\xDB2B.tmp
    2010-02-10 21:45 . 2010-02-11 06:03 73728 —-a-w- c:\windows\Internet Logs\xDB2A.tmp
    2010-02-10 17:36 . 2009-03-12 14:45 ——– d—–w- c:\documents and settings\Beatje\Application Data\Boomzap
    2010-02-10 06:09 . 2010-02-10 13:04 19968 —-a-w- c:\windows\Internet Logs\xDB29.tmp
    2010-02-09 21:09 . 2010-02-10 06:07 559616 —-a-w- c:\windows\Internet Logs\xDB27.tmp
    2010-02-09 21:09 . 2010-02-10 06:07 1736192 —-a-w- c:\windows\Internet Logs\xDB28.tmp
    2010-02-09 17:44 . 2009-09-23 17:55 ——– d—–w- c:\documents and settings\Beatje\Application Data\Merscom
    2010-02-09 17:44 . 2009-06-29 11:41 ——– d—–w- c:\documents and settings\All Users.WINDOWS\Application Data\Merscom
    2010-02-09 12:16 . 2008-06-24 15:38 ——– d—–w- c:\documents and settings\Beatje\Application Data\MysteryStudio
    2010-02-09 07:40 . 2010-02-09 12:15 1726976 —-a-w- c:\windows\Internet Logs\xDB26.tmp
    2010-02-09 07:40 . 2010-02-09 12:15 341504 —-a-w- c:\windows\Internet Logs\xDB25.tmp
    2010-02-07 22:04 . 2010-02-08 14:21 1420800 —-a-w- c:\windows\Internet Logs\xDB24.tmp
    2010-02-06 21:26 . 2010-02-07 08:21 1719296 —-a-w- c:\windows\Internet Logs\xDB23.tmp
    2010-02-06 21:26 . 2010-02-07 08:21 589824 —-a-w- c:\windows\Internet Logs\xDB22.tmp
    2010-02-06 09:19 . 2010-02-06 09:23 194560 —-a-w- c:\windows\Internet Logs\xDB21.tmp
    2010-02-06 07:28 . 2009-12-28 22:49 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-05 21:16 . 2010-02-06 07:04 1715200 —-a-w- c:\windows\Internet Logs\xDB20.tmp
    2010-02-04 21:49 . 2010-02-05 06:01 84480 —-a-w- c:\windows\Internet Logs\xDB1E.tmp
    2010-02-04 21:49 . 2010-02-05 06:01 1712640 —-a-w- c:\windows\Internet Logs\xDB1F.tmp
    2010-02-03 22:04 . 2010-02-04 07:02 98816 —-a-w- c:\windows\Internet Logs\xDB1C.tmp
    2010-02-03 22:04 . 2010-02-04 07:02 1710080 —-a-w- c:\windows\Internet Logs\xDB1D.tmp
    2010-02-03 21:19 . 2010-02-03 21:19 ——– d—–w- c:\documents and settings\Toontje\Application Data\VitySoft
    2010-02-02 21:25 . 2010-02-03 06:08 620032 —-a-w- c:\windows\Internet Logs\xDB1A.tmp
    2010-02-02 21:25 . 2010-02-03 06:08 1705984 —-a-w- c:\windows\Internet Logs\xDB1B.tmp
    2010-01-31 22:01 . 2010-02-01 07:12 1698304 —-a-w- c:\windows\Internet Logs\xDB19.tmp
    2010-01-31 22:01 . 2010-02-01 07:12 2250240 —-a-w- c:\windows\Internet Logs\xDB18.tmp
    2010-01-31 13:27 . 2010-01-31 11:39 49 —-a-w- c:\windows\OH4WIN.REG
    2010-01-31 11:40 . 2010-01-31 11:39 ——– d—–w- c:\program files\Overhoor
    2010-01-30 21:59 . 2010-01-31 08:33 1694720 —-a-w- c:\windows\Internet Logs\xDB17.tmp
    2010-01-29 22:07 . 2010-01-30 08:37 1685504 —-a-w- c:\windows\Internet Logs\xDB16.tmp
    2010-01-29 22:06 . 2010-01-30 08:37 410112 —-a-w- c:\windows\Internet Logs\xDB15.tmp
    2010-01-29 08:45 . 2010-01-29 08:48 41984 —-a-w- c:\windows\Internet Logs\xDB13.tmp
    2010-01-29 08:45 . 2010-01-29 08:48 1682432 —-a-w- c:\windows\Internet Logs\xDB14.tmp
    2010-01-28 21:26 . 2010-01-29 06:02 1681408 —-a-w- c:\windows\Internet Logs\xDB12.tmp
    2010-01-28 21:26 . 2010-01-29 06:02 507904 —-a-w- c:\windows\Internet Logs\xDB11.tmp
    2010-01-28 16:15 . 2005-08-21 16:35 69048 -c–a-w- c:\documents and settings\Beatje\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-01-28 07:33 . 2010-01-28 13:11 29696 —-a-w- c:\windows\Internet Logs\xDB10.tmp
    2010-01-27 22:08 . 2010-01-28 07:00 173568 —-a-w- c:\windows\Internet Logs\xDBE.tmp
    2010-01-27 22:08 . 2010-01-28 07:00 1678848 —-a-w- c:\windows\Internet Logs\xDBF.tmp
    2010-01-27 13:27 . 2009-03-20 11:35 ——– d—–w- c:\documents and settings\Beatje\Application Data\EleFun Games
    2010-01-26 21:27 . 2010-01-27 07:03 1670656 —-a-w- c:\windows\Internet Logs\xDBD.tmp
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-11-25 12:01 1230080 —-a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Active Desktop Calendar"="c:\program files\Active Desktop Calendar\ADC.exe" [2005-08-16 2093056]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Dit"="Dit.exe" [2003-12-29 94208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
    "nwiz"="nwiz.exe" [2009-02-18 1657376]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-29 149280]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Beatje\Menu Start\Programma's\Opstarten\
    MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2004-5-25 5066240]

    c:\documents and settings\Toontje\Menu Start\Programma's\Opstarten\
    MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2004-5-25 5066240]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableClock"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-09-03 11:57 11952 —-a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-15 00:04 39792 —-a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
    1998-11-30 16:04 497376 —-a-w- c:\windows\p_981116.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 17:03 1695232 ——w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 13:57 153136 —-a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    2004-03-10 15:26 406016 —-a-w- c:\windows\system32\PSDrvCheck.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "CTFMON.EXE"=c:\windows\system32\ctfmon.exe
    "scrsss.exe"=scrsss.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
    "scrsss.exe"=scrsss.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\uTorrent\\utorrent.exe"=
    "c:\\Documents and Settings\\Toontje\\Application Data\\Juniper Networks\\Juniper Citrix Services Client\\dsCitrixProxy.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Orbit Downloader 2.1.5\\Orbitdownloader\\orbitdm.exe"=
    "c:\\Program Files\\Orbit Downloader 2.1.5\\Orbitdownloader\\orbitnet.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "c:\\Program Files\\Java\\jre1.5.0_06\\launch4j-tmp\\JDownloader.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\DigiLeen\\Digileen.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Documents and Settings\\Toontje\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
    "c:\\Documents and Settings\\Toontje\\Application Data\\Juniper Networks\\Setup Client\\JuniperSetupClient.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5800:TCP"= 5800:TCP:Vnc server
    "5900:TCP"= 5900:TCP:Vnc Viewer
    "5801:TCP"= 5801:TCP:Vnc viewer 2

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26-11-2006 19:43 691696]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26-4-2009 21:18 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26-4-2009 21:18 108552]
    R1 myWIFIzone;myWIFIzone Driver;c:\windows\system32\drivers\myWIFIzone.sys [22-12-2005 21:45 19712]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [26-4-2009 21:17 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26-4-2009 21:17 297752]
    R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [9-5-2007 13:32 13440]
    R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [24-8-2005 18:45 24704]
    R3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [9-5-2007 13:34 11672]
    R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [19-1-2007 22:05 19928]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [24-9-2007 20:07 1527900]
    S3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [24-8-2005 21:23 380736]
    S3 vaxscsi;vaxscsi;c:\windows\system32\Drivers\vaxscsi.sys –> c:\windows\system32\Drivers\vaxscsi.sys [?]
    S3 VICHW00;VICHW00;\??\c:\windows\SYSTEM32\DRIVERS\VICHW00.SYS –> c:\windows\SYSTEM32\DRIVERS\VICHW00.SYS [?]
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2005-11-25 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2100 series5E771253C1676EBED677BF361FDFC537825E15B8124556025.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://communities.zeelandnet.nl/data/canada_travelers
    uInternet Connection Wizard,ShellNext = iexplore
    IE: &Download by Orbit - c:\program files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbit Downloader 2.1.5\Orbitdownloader\orbitmxt.dll/202
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Save with Download Manager… - c:\program files\J River\Media Jukebox\DMDownload.htm
    Trusted Zone: emergis.nl\portal
    TCP: {1D97C7AD-2923-4914-A86D-5C712DFD3F94} = 192.168.2.1
    TCP: {E731358B-31F0-4267-8B09-40FD5A4B40A5} = 192.168.2.1
    DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} - hxxp://www.shockwave.com/content/joboosgems/sis/AstoundLauncher.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    FF - ProfilePath - c:\documents and settings\Toontje\Application Data\Mozilla\Firefox\Profiles\i5xqazr0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.zeelandnet.nl/
    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - plugin: c:\program files\DigiLeen\plugin\NPDigiLeen.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    —- FIREFOX POLICIES —-
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-06 23:19
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden:

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spgh.sys >>UNKNOWN [0x8A471938]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
    \Driver\ACPI -> ACPI.sys @ 0xf74a2cb8
    \Driver\atapi -> atapi.sys @ 0xba6a4b40
    IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
    ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
    ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
    user & kernel MBR OK

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_USERS\S-1-5-21-1292428093-920026266-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'explorer.exe'(3780)
    c:\program files\Active Desktop Calendar\MouseHook.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\System32\SCardSvr.exe
    c:\windows\system32\ASTSRV.EXE
    c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
    c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\progra~1\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\AVG\AVG8\avgcsrvx.exe
    c:\program files\AVG\AVG8\avgcsrvx.exe
    c:\windows\Dit.exe
    c:\windows\system32\RUNDLL32.EXE
    .
    **************************************************************************
    .
    Voltooingstijd: 2010-03-07 17:20:35 - machine werd herstart
    ComboFix-quarantined-files.txt 2010-03-07 17:20
    ComboFix2.txt 2010-02-24 19:46

    Pre-Run: 34.039.050.240 bytes beschikbaar
    Post-Run: 33.796.612.096 bytes beschikbaar

    - - End Of File - - 5F61BA5D42E5ACBFE1821E15933608FE
  • Hallo Toon,
    Combofix mag nu verwijderd worden:

    • ga daarvoor naar Start - Uitvoeren
    • kopieer en plak hierin het volgende: [b:f7cd3830e2]Combofix /Uninstall[/b:f7cd3830e2]
    • klik daarna op [b:f7cd3830e2]OK[/b:f7cd3830e2].
    • indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.

    Voorbeeld:

    [img:f7cd3830e2]http://home.kpn.nl/stefsmeenk/CFUninstall.PNG[/img:f7cd3830e2]

    Uitvoeren kan ook gestart worden door de toetsencombinatie [img:f7cd3830e2]http://home.kpn.nl/stefsmeenk/W+R.jpg[/img:f7cd3830e2]


    Of Combofix handmatig verwijderen:

    [b:f7cd3830e2]Verwijder dan:[/b:f7cd3830e2]
    • ComboFix.exe
    • C:\combofix.txt
    • C:\ComboFix-quarantined-files.txt
    • C:\ComboFix2.txt
    • C:\ComboFix3.txt
    • etc.etc.
    • de map c:\Qoobox (mits aanwezig)


    [b:f7cd3830e2]Download TFC (klick) naar je bureaublad.[/b:f7cd3830e2]
    N.B.: Gebruikers van Windows Vista en Windows 7 starten het tool middels rechtsklik en daarbij dan kiezend voor Als Administrator uitvoeren!
    • Klik/dubbelklik op [b:f7cd3830e2]TFC.exe[/b:f7cd3830e2] om het programma te starten.
    • Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen!
    • Vervolgens klik je op de knop [b:f7cd3830e2]Start[/b:f7cd3830e2] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is.
    • Indien TFC klaar is, dan komt de melding dat de computer opnieu opgestart wordt.
    • Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op.
    • Noot: TFC vertoont geen log!


    Download [b:f7cd3830e2]CKScanner by askey 127[/b:f7cd3830e2] en sla het op je bueaublad op.

    Vista en Win 7 gebruikers gebruiken dit tool via rechtsklik en kiezen voor Als Administrator uitvoeren.

    • Klik/dubbelklik op [b:f7cd3830e2]CKScanner by askey 127[/b:f7cd3830e2] om het tool te starten en klik op Search for Files.
    • Na een korte tijd, wanneer de zandloper verdwijnt, klik dan op Save List To File
    • Een berichtvenster zal bevestigen dat het dokument is opgelagen.
    • Klik/dubbelklik op de CKFiles.txt snelkoppeling op je bureaublad en kopiëer en plak de inhoud in je volgende post.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.