PDA

Volledige versie bekijken : Pc geeft popups en gaat enorm traag



woter01
10 januari 2008, 22:21
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:58, on 10-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dutch.toggle.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eggs joy math type] C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\jugs sect.exe
O4 - HKCU\..\Run: [wma comp] C:\DOCUME~1\wouter\APPLIC~1\AMOKBA~1\Gplsign.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\wouter\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178649243218
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - https://sbs.orbolabels.be/Remote/msrdp.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 6266 bytes
merci

Jurgenv1
11 januari 2008, 18:50
Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6.0 (http://java.sun.com/javase/downloads/index.jsp).
Scroll omlaag naar : "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Klik op de "Download" knop aan de rechterkant.
Vink aan: "Accept License Agreement".
De pagina zal herladen.
Klik op de link om Windows Offline Installation te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6-windows-i586.exe op je Bureaublad om de nieuwste versie van Java te installeren.

* open hijackthis en vink volgende regels aan indien aanwezig:

O4 - HKLM\..\Run: [eggs joy math type] C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\jugs sect.exe
O4 - HKCU\..\Run: [wma comp] C:\DOCUME~1\wouter\APPLIC~1\AMOKBA~1\Gplsign.exe

* sluit dan alle vensters behalve hijackthis en klik op 'fix checked'

* Start je computer op in VEILIGE MODUS (http://users.pandora.be/marcvn/spyware/1378056.htm)

* Ga naar Start en klik op Deze computer.
In de menubalk selecteer je Extra en dan Mapopties.
Selecteer de tab Weergave.
Bij Verborgen bestanden en mappen selecteer je Verborgen bestanden en mappen weergeven.
Bij Bestanden en mappen haal je het vinkje weg bij: Beveiligde besturingssysteembestanden verbergen (aanbevolen).
Klik op Ja om dit te bevestigen.
Klik op OK.

* verwijder volgende mappen indien aanwezig:

C:\Documents and Settings\wouter\Application Data\AMOKBA~1 <== de map die begint met de letters 'AMOKBA'
C:\Documents and Settings\All Users\Application Data\Bind army eggs joy

* start je pc weer normaal

* Download dit bestand: Deljob.exe (http://home.hetnet.nl/~stefsmeenk/tools/deljob.exe) (mirror (http://members.lycos.nl/deljob/))
Plaats het op je bureaublad.
Indien je virusscanner de download van deljob.exe blokkeert,
schakel dan tijdelijk je virusscanner uit of download de zip-versie
deljob.zip (http://members.lycos.nl/deljob/deljob.zip) en pak deze uit naar je Bureaublad.
Dubbelklik Deljob.exe.
Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad.
Post de inhoud van logit.txt in je volgende bericht.

woter01
22 januari 2008, 20:14
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:12:55, on 22-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
c:\program files\common files\protexis\license service\psiservice_2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dutch.toggle.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttach File - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [wma comp] C:\DOCUME~1\wouter\APPLIC~1\AMOKBA~1\Gplsign.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\wouter\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178649243218
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - https://sbs.orbolabels.be/Remote/msrdp.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 6917 bytes
sry dat zo lang duurde

Jurgenv1
22 januari 2008, 20:18
En het logje van deljobs?

woter01
22 januari 2008, 21:11
--------------------------------------------------------
File(s) moved to C:\deljob

AB921ECE9065919A.job
--------------------------------------------------------
Files remaining after cleaning

--------------------------------------------------------
App data folders

De volumenaam van station C is WinXP
Het volumenummer is 4851-A594

Map van C:\Documents and Settings\wouter\Application Data

22-01-2008 21:07 <DIR> .
22-01-2008 21:07 <DIR> ..
16-01-2008 19:48 <DIR> ACT
13-05-2007 10:41 <DIR> Adobe
01-08-2007 18:40 <DIR> APPLEC~1 Apple Computer
06-12-2007 08:32 <DIR> AVG7
22-01-2008 20:56 <DIR> Azureus
05-11-2007 21:30 <DIR> BINARY~1 Binary Fortress Software
14-10-2007 14:58 <DIR> Google
08-05-2007 18:57 <DIR> IDENTI~1 Identities
16-05-2007 12:41 <DIR> INSTAL~1 InstallShield
02-01-2008 14:19 <DIR> INTERA~1 Interact Commerce
16-01-2008 19:56 <DIR> ISOLAT~1 IsolatedStorage
19-01-2008 13:56 <DIR> LimeWire
06-06-2007 18:16 <DIR> MACROM~1 Macromedia
22-08-2007 13:25 <DIR> MICROS~1 Microsoft
10-10-2007 12:44 <DIR> MIXMEI~1 MixMeister Technology
08-05-2007 19:40 <DIR> Mozilla
25-10-2007 21:26 <DIR> MSN6
03-08-2007 21:26 <DIR> MYTUNE~1 MyTunesRSS3
20-07-2007 09:36 <DIR> Nero
22-11-2007 17:28 <DIR> PARTIC~1 Participatory Culture Foundation
14-05-2007 17:40 <DIR> PCSUIT~1 PC Suite
22-11-2007 17:31 <DIR> PCF-VLC
23-07-2007 17:44 <DIR> PETROG~1 Petroglyph
15-07-2007 21:49 <DIR> Real
13-10-2007 12:46 <DIR> REALTI~1 Realtime Soft
19-07-2007 19:14 <DIR> SIMPLE~1 Simple Star
23-11-2007 18:08 <DIR> SMARTD~1 SmartDraw
09-08-2007 21:28 <DIR> SONYER~1 Sony Ericsson
14-05-2007 20:03 <DIR> Sun
08-05-2007 19:41 <DIR> Talkback
09-08-2007 21:29 <DIR> Teleca
16-11-2007 20:01 <DIR> VERZEN~1 Verzendmap van Share-to-Web
13-01-2008 18:20 <DIR> Vso
13-01-2008 20:41 <DIR> yoclient
0 bestand(en) 0 bytes
36 map(pen) 1.032.568.832 bytes beschikbaar
De volumenaam van station C is WinXP
Het volumenummer is 4851-A594

Map van C:\Documents and Settings\All Users\Application Data

22-01-2008 21:08 <DIR> .
22-01-2008 21:08 <DIR> ..
16-01-2008 22:02 <DIR> ACT
10-05-2007 21:38 <DIR> Adobe
08-07-2007 22:32 <DIR> Apple
08-05-2007 19:47 <DIR> APPLEC~1 Apple Computer
22-01-2008 05:46 <DIR> avg7
08-05-2007 19:52 <DIR> Grisoft
26-10-2007 21:36 <DIR> MICROS~1 Microsoft
09-07-2007 10:43 <DIR> MICROS~3 Microsoft Corporation
18-07-2007 10:38 <DIR> MICROS~2 Microsoft Help
16-06-2007 16:59 <DIR> Mindjet
09-05-2007 20:05 <DIR> MSN6
15-12-2007 14:04 <DIR> NCHSWI~1 NCH Swift Sound
24-11-2007 11:10 <DIR> Nero
13-10-2007 12:15 <DIR> NVIDIA
08-05-2007 19:18 <DIR> NVIEW_~1 nView_Profiles
14-05-2007 16:36 <DIR> PCSUIT~1 PC Suite
12-07-2007 10:18 <DIR> Real
25-11-2007 20:10 <DIR> REALTI~1 Realtime Soft
10-01-2008 22:22 <DIR> SPYBOT~1 Spybot - Search & Destroy
13-08-2007 10:38 <DIR> Teleca
06-10-2007 18:21 <DIR> TEMP
13-01-2008 17:25 <DIR> vsosdk
08-05-2007 19:58 <DIR> WINDOW~1 Windows Genuine Advantage
0 bestand(en) 0 bytes
25 map(pen) 1.032.564.736 bytes beschikbaar
--------------------------------------------------------
vergeten

Jurgenv1
23 januari 2008, 12:15
* Open hijackthis en vink volgende regels aan:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttach File - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O4 - HKCU\..\Run: [wma comp] C:\DOCUME~1\wouter\APPLIC~1\AMOKBA~1\Gplsign.exe

* Sluit dan alle vensters en klik op 'fix checked'

* Post dan een nieuw hijackhis logje hier.

woter01
23 januari 2008, 15:46
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:56, on 23-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dutch.toggle.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\wouter\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178649243218
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - https://sbs.orbolabels.be/Remote/msrdp.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 5790 bytes

Jurgenv1
23 januari 2008, 15:55
ziet er goed uit, hoe werkt alles verder?

woter01
23 januari 2008, 21:12
eel slecht mijn broer heeft op een link van Zango gedrukt en tis weer beetje zelfde alles blokeert ier en ga heel traag
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:11:50, on 23-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dutch.toggle.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\wouter\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178649243218
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - https://sbs.orbolabels.be/Remote/msrdp.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 5991 bytes

deze in het vet vraag ik mij af wat het zijn en als het kan mogen die weg op een of andere manier :):p

Jurgenv1
24 januari 2008, 15:20
Download Dr.Web CureIt en plaats het op je bureaublad: cureit.exe (ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe).

Dubbelklik op cureit.exe, en klik daarna op Start om het programma een snelle scan te laten uitvoeren.
Deze snelle scan zal de bestanden scannen die momenteel in het geheugen geladen zijn.
Wordt er wat gevonden, dan laat je CureIt dit repareren.
- Verschijnt er een venster met een aanbieding tot kopen met 50% korting, dan klik je deze weg met het kruisje.
Daarna zal het hoofdvenster zichtbaar worden.
- Kies bovenaan in het menu Optie voor Taal en wijzig deze naar Dutch (Nederlands), indien deze anders ingesteld staat.
- In het menu Opties kies je voor Instellingen veranderen (F9).
Op het tabblad "Scan" haal je het vinkje weg bij Heuristic Analyse.
Druk op Toepassen.
Op het tabblad "Bestandstypen" moet bij Scan mode geselecteerd zijn: Alle bestanden.
Op het tabblad "Acties" stel je het volgende in bij Malware:
-Adware: Verplaats
-Dialers: Verplaats
-Jokes: Rapportage
-Riskware: Rapportage
-Hacktools: Verplaats
Nog steeds op het tabblad "Acties" stel je het volgende in bij Objecten:
- Geïnfecteerde objecten: Repareer
- Onrepareerbare: Verplaats
- Verdachte objecten: Rapportage
Haal dan het vinkje weg bij: Prompt bij actie.
Druk op Toepassen.
Druk daarna op OK.
Terug in het hoofdvenster kan je selecteren welke scan je wil uitvoeren.
- Selecteer Volledige scan
Klik op de groene pijl aan de rechterkant om de scan te starten.
Indien de geïnfecteerde bestanden niet kunnen gedesinfecteerd worden, zullen deze verplaatst worden naar de map %userprofile%\DoctorWeb\Quarantine.
- Als de scan klaar is kies je in het menu voor Bestand voor Rapportagelijst opslaan en sla je de log op op je bureaublad.
- Sluit daarna Dr.Web Cureit.

Herstart je computer.
Dit moet je zeker uitvoeren, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen of verwijderen na een herstart.

Als de computer opnieuw gestart is, kopieer en plak je de inhoud van de log die je eerder hebt opgeslagen op je bureaublad, in je volgende post.
Post ook een nieuwe hijackthislog.

woter01
26 januari 2008, 02:57
================================================== ===========================
Dr.Web® Scanner voor Windows v4.44.2 (4.44.2.11261)
© Igor Daniloff, 1992-2007. All rights reserved.
Log gegenereerd op: 2008-01-26, 02:54:00 [PC01][wouter]
Command-lijn: "C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\setup.exe" /lng:nl-cureit.dwl /ini:setup_XP.ini
Besturingssysteem:Windows XP Professional x86 (Build 2600), Service Pack 2
================================================== ===========================
DwShield gestart
Engine versie: 4.44 (4.44.0.09170)
Engine API versie: 2.02
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crwtoday. cdb - 6601 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44423. cdb - 4210 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44422. cdb - 1010 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44421. cdb - 421 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44420. cdb - 1306 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44419. cdb - 1234 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44418. cdb - 1238 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44417. cdb - 4406 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44416. cdb - 7847 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44415. cdb - 6014 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44414. cdb - 804 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44413. cdb - 5020 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44412. cdb - 1565 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44411. cdb - 1582 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44410. cdb - 1131 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44409. cdb - 2303 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44408. cdb - 3904 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44407. cdb - 2456 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44406. cdb - 4411 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44405. cdb - 1311 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44404. cdb - 2486 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44403. cdb - 4462 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44402. cdb - 94 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44401. cdb - 557 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crw44400. cdb - 945 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crwebase. cdb - 209466 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\cwrtoday. cdb - 239 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\cwntoday. cdb - 813 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\cwn44401. cdb - 698 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crwrisky. cdb - 2747 virus lijst
[Virus base] C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\crwnasty. cdb - 13534 virus lijst
Totaal aantal virus definities: 294815
C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\setup.exe gepakt door BINARYRES
Sleutel bestand: C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\setup.key
Licentie sleutel nummer: 0010092936
Geregistreerd aan: Dr.Web CureIt Project
Licentie sleutel activatie: 2007-02-05
Licentie sleutel verloopt: 2010-02-11
Proces in geheugen: System:4 - Ok
Proces in geheugen: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe:212 - Ok
Proces in geheugen: C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe:236 - Ok
Proces in geheugen: C:\Program Files\UltraMon\UltraMon.exe:248 - Ok
Proces in geheugen: \SystemRoot\System32\smss.exe:592 - Ok
Proces in geheugen: \??\C:\WINDOWS\system32\csrss.exe:660 - Ok
Proces in geheugen: \??\C:\WINDOWS\system32\winlogon.exe:688 - Ok
Proces in geheugen: C:\WINDOWS\system32\services.exe:732 - Ok
Proces in geheugen: C:\WINDOWS\system32\lsass.exe:744 - Ok
Proces in geheugen: C:\WINDOWS\system32\svchost.exe:900 - Ok
Proces in geheugen: C:\WINDOWS\system32\svchost.exe:964 - Ok
Proces in geheugen: C:\WINDOWS\System32\svchost.exe:1060 - Ok
Proces in geheugen: C:\WINDOWS\system32\svchost.exe:1092 - Ok
Proces in geheugen: C:\Program Files\UltraMon\UltraMonTaskbar.exe:1172 - Ok
Proces in geheugen: C:\WINDOWS\System32\svchost.exe:1212 - Ok
Proces in geheugen: C:\WINDOWS\System32\svchost.exe:1324 - Ok
Proces in geheugen: C:\WINDOWS\System32\alg.exe:1332 - Ok
Proces in geheugen: C:\WINDOWS\Explorer.EXE:1408 - Ok
Proces in geheugen: C:\WINDOWS\system32\spoolsv.exe:1592 - Ok
Proces in geheugen: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe:1688 - Ok
Proces in geheugen: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe:1704 - Ok
Proces in geheugen: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe:1716 - Ok
Proces in geheugen: C:\WINDOWS\System32\svchost.exe:1876 - Ok
Proces in geheugen: C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe:1984 - Ok
Proces in geheugen: C:\Program Files\Mozilla Firefox\firefox.exe:2128 - Ok
Proces in geheugen: C:\WINDOWS\system32\wuauclt.exe:2276 - Ok
Proces in geheugen: C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\setup.exe :2520 - Ok
Proces in geheugen: C:\DOCUME~1\wouter\LOCALS~1\Temp\RarSFX0\_start.ex e:2712 - Ok
Proces in geheugen: C:\Program Files\MSN Messenger\livecall.exe:3364 - Ok
Proces in geheugen: C:\WINDOWS\System32\svchost.exe:3456 - Ok
Proces in geheugen: C:\Program Files\iPod\bin\iPodService.exe:3568 - Ok
Proces in geheugen: C:\WINDOWS\system32\drwtsn32.exe:3656 - Ok
Proces in geheugen: C:\WINDOWS\system32\drwtsn32.exe:3708 - Ok
Proces in geheugen: F:\Wouter\Mijn downloads\cureit.exe:3768 - Ok
Proces in geheugen: C:\Program Files\MSN Messenger\msnmsgr.exe:3920 - Ok
[Memory test] Geen virussen gevonden
Master Boot Record HDD1 - Ok
Active OS/2 or WinNT Boot Sector HDD1 - Ok
Master Boot Record HDD2 - Ok
Active OS/2 or WinNT Boot Sector HDD2 - Ok

[Scan lokatie] c:\documents and settings\all users\menu start\programma's\opstarten\desktop.ini
c:\documents and settings\all users\menu start\programma's\opstarten\desktop.ini - Ok

[Scan lokatie] c:\documents and settings\wouter\local settings\temp\rarsfx0\_start.exe
c:\documents and settings\wouter\local settings\temp\rarsfx0\_start.exe - Ok

[Scan lokatie] c:\documents and settings\wouter\local settings\temp\rarsfx0\dwebllio.dll
c:\documents and settings\wouter\local settings\temp\rarsfx0\dwebllio.dll gepakt door ASPACK
>c:\documents and settings\wouter\local settings\temp\rarsfx0\dwebllio.dll - Ok

[Scan lokatie] c:\documents and settings\wouter\local settings\temp\rarsfx0\setup.exe
c:\documents and settings\wouter\local settings\temp\rarsfx0\setup.exe gepakt door BINARYRES
>c:\documents and settings\wouter\local settings\temp\rarsfx0\setup.exe - Ok

[Scan lokatie] c:\documents and settings\wouter\menu start\programma's\opstarten\desktop.ini
c:\documents and settings\wouter\menu start\programma's\opstarten\desktop.ini - Ok

[Scan lokatie] c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll - Ok

[Scan lokatie] c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
c:\program files\common files\adobe\acrobat\activex\pdfshell.dll - Ok

[Scan lokatie] c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe - Ok

[Scan lokatie] c:\program files\common files\microsoft shared\information retrieval\msitss.dll
c:\program files\common files\microsoft shared\information retrieval\msitss.dll - Ok

[Scan lokatie] c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
c:\program files\common files\microsoft shared\office11\msoxmlmf.dll - Ok

[Scan lokatie] c:\program files\common files\microsoft shared\office12\msoshext.dll
c:\program files\common files\microsoft shared\office12\msoshext.dll - Ok

[Scan lokatie] c:\program files\common files\microsoft shared\source engine\ose.exe
c:\program files\common files\microsoft shared\source engine\ose.exe - Ok

[Scan lokatie] c:\program files\common files\microsoft shared\speech\sapi.cpl
c:\program files\common files\microsoft shared\speech\sapi.cpl - Ok

[Scan lokatie] c:\program files\common files\microsoft shared\web components\10\owc10.dll
c:\program files\common files\microsoft shared\web components\10\owc10.dll - Ok

[Scan lokatie] c:\program files\common files\microsoft shared\web components\11\owc11.dll
c:\program files\common files\microsoft shared\web components\11\owc11.dll - Ok

[Scan lokatie] c:\program files\common files\microsoft shared\web folders\msonsext.dll
c:\program files\common files\microsoft shared\web folders\msonsext.dll - Ok

[Scan lokatie] c:\program files\common files\protexis\license service\psiservice_2.exe
c:\program files\common files\protexis\license service\psiservice_2.exe - Ok

[Scan lokatie] c:\program files\common files\realtime soft\ultramonmirrordrv\x32\ultramonutility.sys
c:\program files\common files\realtime soft\ultramonmirrordrv\x32\ultramonutility.sys - Ok

[Scan lokatie] c:\program files\common files\system\ole db\oledb32.dll
c:\program files\common files\system\ole db\oledb32.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgabout.dll
c:\program files\grisoft\avg7\avgabout.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgamsvr.exe
c:\program files\grisoft\avg7\avgamsvr.exe - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgcc.exe
c:\program files\grisoft\avg7\avgcc.exe - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgcckrn.dll
c:\program files\grisoft\avg7\avgcckrn.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgcfg.dll
c:\program files\grisoft\avg7\avgcfg.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgctrl.dll
c:\program files\grisoft\avg7\avgctrl.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgemc.exe
c:\program files\grisoft\avg7\avgemc.exe - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgemsui.dll
c:\program files\grisoft\avg7\avgemsui.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgf.dll
c:\program files\grisoft\avg7\avgf.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgklib.dll
c:\program files\grisoft\avg7\avgklib.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avglng.dll
c:\program files\grisoft\avg7\avglng.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avglog.dll
c:\program files\grisoft\avg7\avglog.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgmail.dll
c:\program files\grisoft\avg7\avgmail.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgrep.dll
c:\program files\grisoft\avg7\avgrep.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgres.dll
c:\program files\grisoft\avg7\avgres.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgresf.dll
c:\program files\grisoft\avg7\avgresf.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgscan.dll
c:\program files\grisoft\avg7\avgscan.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgse.dll
c:\program files\grisoft\avg7\avgse.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgset.dll
c:\program files\grisoft\avg7\avgset.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgtest.dll
c:\program files\grisoft\avg7\avgtest.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgtmgr.dll
c:\program files\grisoft\avg7\avgtmgr.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgtres.dll
c:\program files\grisoft\avg7\avgtres.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgunarc.dll
c:\program files\grisoft\avg7\avgunarc.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgupsvc.exe
c:\program files\grisoft\avg7\avgupsvc.exe - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgvault.dll
c:\program files\grisoft\avg7\avgvault.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\avgw.exe
c:\program files\grisoft\avg7\avgw.exe - Ok

[Scan lokatie] c:\program files\grisoft\avg7\libsasl.dll
c:\program files\grisoft\avg7\libsasl.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\mfc71.dll
c:\program files\grisoft\avg7\mfc71.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\saslcrammd5.dll
c:\program files\grisoft\avg7\saslcrammd5.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\sasldigestmd5.dll
c:\program files\grisoft\avg7\sasldigestmd5.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\sasllogin.dll
c:\program files\grisoft\avg7\sasllogin.dll - Ok

[Scan lokatie] c:\program files\grisoft\avg7\saslplain.dll
c:\program files\grisoft\avg7\saslplain.dll - Ok

[Scan lokatie] c:\program files\hewlett-packard\hp share-to-web\hpgs2wns.dll
c:\program files\hewlett-packard\hp share-to-web\hpgs2wns.dll - Ok

[Scan lokatie] c:\program files\ipod\bin\ipodservice.exe
c:\program files\ipod\bin\ipodservice.exe - Ok

[Scan lokatie] c:\program files\ipod\bin\ipodservice.resources\ipodservice.d ll
c:\program files\ipod\bin\ipodservice.resources\ipodservice.d ll - Ok

[Scan lokatie] c:\program files\ipod\bin\ipodservice.resources\nl.lproj\ipod servicelocalized.dll
c:\program files\ipod\bin\ipodservice.resources\nl.lproj\ipod servicelocalized.dll - Ok

[Scan lokatie] c:\program files\itunes\itunesminiplayer.dll
c:\program files\itunes\itunesminiplayer.dll - Ok

[Scan lokatie] c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll - Ok

[Scan lokatie] c:\program files\java\jre1.6.0_01\bin\ssv.dll
c:\program files\java\jre1.6.0_01\bin\ssv.dll - Ok

[Scan lokatie] c:\program files\linksys wireless-g usb wireless network monitor\0004\aegise5.dll
c:\program files\linksys wireless-g usb wireless network monitor\0004\aegise5.dll - Ok

[Scan lokatie] c:\program files\linksys wireless-g usb wireless network monitor\aviwusb54gv4.dll
c:\program files\linksys wireless-g usb wireless network monitor\aviwusb54gv4.dll - Ok

[Scan lokatie] c:\program files\linksys wireless-g usb wireless network monitor\ez54g.dll
c:\program files\linksys wireless-g usb wireless network monitor\ez54g.dll - Ok

[Scan lokatie] c:\program files\linksys wireless-g usb wireless network monitor\gemwep.dll
c:\program files\linksys wireless-g usb wireless network monitor\gemwep.dll - Ok

[Scan lokatie] c:\program files\linksys wireless-g usb wireless network monitor\procnics.dll
c:\program files\linksys wireless-g usb wireless network monitor\procnics.dll - Ok

[Scan lokatie] c:\program files\linksys wireless-g usb wireless network monitor\ralinktek.dll
c:\program files\linksys wireless-g usb wireless network monitor\ralinktek.dll - Ok

[Scan lokatie] c:\program files\linksys wireless-g usb wireless network monitor\reswusb54gv4_us.dll
c:\program files\linksys wireless-g usb wireless network monitor\reswusb54gv4_us.dll - Ok

[Scan lokatie] c:\program files\linksys wireless-g usb wireless network monitor\rm_dev_code.dll
c:\program files\linksys wireless-g usb wireless network monitor\rm_dev_code.dll - Ok

[Scan lokatie] c:\program files\linksys wireless-g usb wireless network monitor\security.dll
c:\program files\linksys wireless-g usb wireless network monitor\security.dll - Ok

[Scan lokatie] c:\program files\linksys wireless-g usb wireless network monitor\ses.dll
c:\program files\linksys wireless-g usb wireless network monitor\ses.dll - Ok

[Scan lokatie] c:\program files\linksys wireless-g usb wireless network monitor\ses_cl.dll
c:\program files\linksys wireless-g usb wireless network monitor\ses_cl.dll - Ok

[Scan lokatie] c:\program files\linksys wireless-g usb wireless network monitor\wlservice.exe
c:\program files\linksys wireless-g usb wireless network monitor\wlservice.exe - Ok

[Scan lokatie] c:\program files\linksys wireless-g usb wireless network monitor\wusb54gv42.exe
c:\program files\linksys wireless-g usb wireless network monitor\wusb54gv42.exe - Ok

[Scan lokatie] c:\program files\messenger\msmsgs.exe
c:\program files\messenger\msmsgs.exe - Ok

[Scan lokatie] c:\program files\microsoft office\office11\mlshext.dll
c:\program files\microsoft office\office11\mlshext.dll - Ok

[Scan lokatie] c:\program files\microsoft office\office11\msohev.dll
c:\program files\microsoft office\office11\msohev.dll - Ok

[Scan lokatie] c:\program files\microsoft office\office11\olkfstub.dll
c:\program files\microsoft office\office11\olkfstub.dll - Ok

[Scan lokatie] c:\program files\mindjet\mindmanager 6\mm6internetexplorer.dll
c:\program files\mindjet\mindmanager 6\mm6internetexplorer.dll - Ok

[Scan lokatie] c:\program files\mozilla firefox\components\jar50.dll
c:\program files\mozilla firefox\components\jar50.dll - Ok

[Scan lokatie] c:\program files\mozilla firefox\components\myspell.dll
c:\program files\mozilla firefox\components\myspell.dll - Ok

[Scan lokatie] c:\program files\mozilla firefox\components\spellchk.dll
c:\program files\mozilla firefox\components\spellchk.dll - Ok

[Scan lokatie] c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components \fullsoft.dll
c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components \fullsoft.dll - Ok

[Scan lokatie] c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components \qfaservices.dll
c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components \qfaservices.dll - Ok

[Scan lokatie] c:\program files\mozilla firefox\firefox.exe
c:\program files\mozilla firefox\firefox.exe - Ok

[Scan lokatie] c:\program files\mozilla firefox\freebl3.dll
c:\program files\mozilla firefox\freebl3.dll - Ok

[Scan lokatie] c:\program files\mozilla firefox\js3250.dll
c:\program files\mozilla firefox\js3250.dll - Ok

[Scan lokatie] c:\program files\mozilla firefox\nspr4.dll
c:\program files\mozilla firefox\nspr4.dll - Ok

[Scan lokatie] c:\program files\mozilla firefox\nss3.dll
c:\program files\mozilla firefox\nss3.dll - Ok

[Scan lokatie] c:\program files\mozilla firefox\nssckbi.dll
c:\program files\mozilla firefox\nssckbi.dll - Ok

[Scan lokatie] c:\program files\mozilla firefox\plc4.dll
c:\program files\mozilla firefox\plc4.dll - Ok

[Scan lokatie] c:\program files\mozilla firefox\plds4.dll
c:\program files\mozilla firefox\plds4.dll - Ok

[Scan lokatie] c:\program files\mozilla firefox\smime3.dll
c:\program files\mozilla firefox\smime3.dll - Ok

[Scan lokatie] c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\softokn3.dll - Ok

[Scan lokatie] c:\program files\mozilla firefox\ssl3.dll
c:\program files\mozilla firefox\ssl3.dll - Ok

[Scan lokatie] c:\program files\mozilla firefox\xpcom_compat.dll
c:\program files\mozilla firefox\xpcom_compat.dll - Ok

[Scan lokatie] c:\program files\mozilla firefox\xpcom_core.dll
c:\program files\mozilla firefox\xpcom_core.dll - Ok

[Scan lokatie] c:\program files\msn messenger\abssm.dll
c:\program files\msn messenger\abssm.dll - Ok

[Scan lokatie] c:\program files\msn messenger\contact.dll
c:\program files\msn messenger\contact.dll - Ok

[Scan lokatie] c:\program files\msn messenger\contactsux.dll
c:\program files\msn messenger\contactsux.dll - Ok

[Scan lokatie] c:\program files\msn messenger\custsat.dll
c:\program files\msn messenger\custsat.dll - Ok

[Scan lokatie] c:\program files\msn messenger\dfsr.dll
c:\program files\msn messenger\dfsr.dll - Ok

[Scan lokatie] c:\program files\msn messenger\fsshext.8.1.0178.00.dll
c:\program files\msn messenger\fsshext.8.1.0178.00.dll - Ok

[Scan lokatie] c:\program files\msn messenger\lcapi.dll
c:\program files\msn messenger\lcapi.dll - Ok

[Scan lokatie] c:\program files\msn messenger\lcres.dll
c:\program files\msn messenger\lcres.dll - Ok

[Scan lokatie] c:\program files\msn messenger\livecall.exe
c:\program files\msn messenger\livecall.exe - Ok

[Scan lokatie] c:\program files\msn messenger\lmcdata.dll
c:\program files\msn messenger\lmcdata.dll - Ok

[Scan lokatie] c:\program files\msn messenger\msgrapp.8.1.0178.00.dll
c:\program files\msn messenger\msgrapp.8.1.0178.00.dll - Ok

[Scan lokatie] c:\program files\msn messenger\msgslang.8.1.0178.00.dll
c:\program files\msn messenger\msgslang.8.1.0178.00.dll - Ok

[Scan lokatie] c:\program files\msn messenger\msgsres.dll
c:\program files\msn messenger\msgsres.dll - Ok

[Scan lokatie] c:\program files\msn messenger\msgswcam.dll
c:\program files\msn messenger\msgswcam.dll - Ok

[Scan lokatie] c:\program files\msn messenger\msidcrl40.dll
c:\program files\msn messenger\msidcrl40.dll - Ok

-----------------------------------------------------------------------------
Scan statistieken
-----------------------------------------------------------------------------
Objecten gescand: 113
Geinfecteerde objecten gevonden: 0
Gemodificeerde objecten gevonden: 0
Verdachte objecten gevonden: 0
Adware programma's gevonden: 0
Dialer programma's gevonden: 0
Joke programma's gevonden: 0
Riskware programma's gevonden: 0
Hacktool programma's gevonden: 0
Objecten gerepareerd: 0
Objecten verwijderd: 0
Objecten hernoemd: 0
Objecten verplaatst: 0
Objecten genegeerd: 0
Scan snelheid: 3561 Kb/s
Scan tijd: 00:00:18
-----------------------------------------------------------------------------

Scannen onderbroken door gebruiker! - geen virussen gevonden
Master Boot Record HDD1 - Ok
Active OS/2 or WinNT Boot Sector HDD1 - Ok
Master Boot Record HDD2 - Ok
Active OS/2 or WinNT Boot Sector HDD2 - Ok

[Scan lokatie] C:\
-----------------------------------------------------------------------------
Scan statistieken
-----------------------------------------------------------------------------
Objecten gescand: 4
Geinfecteerde objecten gevonden: 0
Gemodificeerde objecten gevonden: 0
Verdachte objecten gevonden: 0
Adware programma's gevonden: 0
Dialer programma's gevonden: 0
Joke programma's gevonden: 0
Riskware programma's gevonden: 0
Hacktool programma's gevonden: 0
Objecten gerepareerd: 0
Objecten verwijderd: 0
Objecten hernoemd: 0
Objecten verplaatst: 0
Objecten genegeerd: 0
Scan snelheid: 0 Kb/s
Scan tijd: 00:00:04
-----------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:17, on 26-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dutch.toggle.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\wouter\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178649243218
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - https://sbs.orbolabels.be/Remote/msrdp.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 5902 bytes

Jurgenv1
26 januari 2008, 13:54
Ziet er goed uit, hoe werkt alles verder?