SecuGuard
24 December 2009, 21:47
Probleem:
-PC reageert redelijk traag op commando's
-Openen van programma's zoals firefox gaat enorm traag
-AVG scan heeft virus gevonden
Reeds gedaan als oplossing:
-Scan met AVG
-Scan met Ad-Aware
-De bestanden die AVG aangaf als virus verwijderd it de map (waren nochtans geen illegale downloads maar demoversies van een programma)
Onderstaand de scanlogs van AVG, Ad-Aware en HJT
______________________________________________
Log AVG:
"Scan ""De hele computer scannen"" is voltooid."
"Infecties";"8";"2";"6"
"Waarschuwingen";"104";"103";"1"
"Voor scan geselecteerde mappen:";"De hele computer scannen"
"Scan is gestart:";"donderdag 24 december 2009, 14:22:47"
"Scan voltooid:";"donderdag 24 december 2009, 17:25:33 (3 uur (uren) 2 min. 45 seconde (n))"
"Totaal gescande objecten:";"581378"
"Gebruiker die de scan heeft gestart:";"Kurt"
"Infecties"
"Bestand";"Infectie";"Resultaat"
"C:\WINDOWS\TEMP\irdm.tmp";"Trojaans paard Generic16.EUT";"Verplaatst naar de quarantaine"
"C:\WINDOWS\TEMP\irdm.tmp";"Trojaans paard Generic16.EUT";"Verplaatst naar de quarantaine"
"C:\WINDOWS\system32\tdlcmd.dll";"Trojaans paard Vundo.JE";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Mijn documenten\Downloads\iSkysoft.Video.Converter.v1.6 .0.1\Setup\Setup.exe:\10771_~1.EXE";"Virus herkend Packed.Hidden";"Geïnfecteerd"
"C:\Documents and Settings\Kurt\Mijn documenten\Downloads\iSkysoft.Video.Converter.v1.6 .0.1\Setup\Setup.exe";"Virus herkend Packed.Hidden";"Geïnfecteerd"
"C:\Documents and Settings\Kurt\Mijn documenten\Downloads\iSkysoft.Video.Converter.v1.6 .0.1.rar:\Setup\Setup.exe:\10771_~1.EXE";"Virus herkend Packed.Hidden";"Geïnfecteerd"
"C:\Documents and Settings\Kurt\Mijn documenten\Downloads\iSkysoft.Video.Converter.v1.6 .0.1.rar:\Setup\Setup.exe";"Virus herkend Packed.Hidden";"Geïnfecteerd"
"C:\Documents and Settings\Kurt\Mijn documenten\Downloads\iSkysoft.Video.Converter.v1.6 .0.1.rar";"Virus herkend Packed.Hidden";"Geïnfecteerd"
"Waarschuwingen"
"Bestand";"Infectie";"Resultaat"
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ RegistryMonitor1";"Registersleutel gevonden met verwijzing naar geïnfecteerd bestand C:\WINDOWS\TEMP\irdm.tmp";"Object ontbreekt."
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Run\\RegistryMonitor1";"Registersleutel gevonden met verwijzing naar geïnfecteerd bestand C:\WINDOWS\TEMP\irdm.tmp";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Cookies\Kurt@bluestreak[1].txt:\bluestreak.com.bf396750";"Gevonden Tracking cookie.Bluestreak";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Cookies\Kurt@bluestreak[1].txt";"Gevonden Tracking cookie.Bluestreak";"Hersteld"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\zedo.com.f462b69f";"Gevonden Tracking cookie.Zedo";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\zedo.com.c1dd09f2";"Gevonden Tracking cookie.Zedo";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\zedo.com.a5b6a132";"Gevonden Tracking cookie.Zedo";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\zedo.com.27f1639b";"Gevonden Tracking cookie.Zedo";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\yadro.ru.c77afad5";"Gevonden Tracking cookie.Yadro";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\yadro.ru.a4842f54";"Gevonden Tracking cookie.Yadro";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\weborama.fr.30104bcb";"Gevonden Tracking cookie.Weborama";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tribalfusion.com.ff8546b9";"Gevonden Tracking cookie.Tribalfusion";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tribalfusion.com.dcc03271";"Gevonden Tracking cookie.Tribalfusion";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tribalfusion.com.9bc3e98f";"Gevonden Tracking cookie.Tribalfusion";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tribalfusion.com.8b22ad8c";"Gevonden Tracking cookie.Tribalfusion";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tribalfusion.com.7610f0e0";"Gevonden Tracking cookie.Tribalfusion";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tribalfusion.com.5eef93d0";"Gevonden Tracking cookie.Tribalfusion";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\trafficmp.com.f3e5803e";"Gevonden Tracking cookie.Trafficmp";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\trafficmp.com.d99100e6";"Gevonden Tracking cookie.Trafficmp";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\trafficmp.com.a00e30b4";"Gevonden Tracking cookie.Trafficmp";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tradedoubler.com.f4648305";"Gevonden Tracking cookie.Tradedoubler";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tradedoubler.com.ef90aa95";"Gevonden Tracking cookie.Tradedoubler";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tradedoubler.com.eab0972e";"Gevonden Tracking cookie.Tradedoubler";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tradedoubler.com.dc3c9994";"Gevonden Tracking cookie.Tradedoubler";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tradedoubler.com.ba12c0e9";"Gevonden Tracking cookie.Tradedoubler";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tradedoubler.com.adc507fa";"Gevonden Tracking cookie.Tradedoubler";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tacoda.net.c4fe2ebb";"Gevonden Tracking cookie.Tacoda";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tacoda.net.5935e89";"Gevonden Tracking cookie.Tacoda";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tacoda.net.4366831a";"Gevonden Tracking cookie.Tacoda";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tacoda.net.27341d57";"Gevonden Tracking cookie.Tacoda";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\statse.webtrendslive.com.b4ca7df0";"Gevonden Tracking cookie.Webtrendslive";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\smartadserver.com.c5827141";"Gevonden Tracking cookie.Smartadserver";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\smartadserver.com.bf8b766";"Gevonden Tracking cookie.Smartadserver";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\smartadserver.com.5550c4ed";"Gevonden Tracking cookie.Smartadserver";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\smartadserver.com.3e749ab9";"Gevonden Tracking cookie.Smartadserver";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\smartadserver.com.321a5cf8";"Gevonden Tracking cookie.Smartadserver";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\serving-sys.com.c9034af6";"Gevonden Tracking cookie.Serving-sys";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\serving-sys.com.6a1cf9e8";"Gevonden Tracking cookie.Serving-sys";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\serving-sys.com.606c3d3b";"Gevonden Tracking cookie.Serving-sys";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\serving-sys.com.4b416ef8";"Gevonden Tracking cookie.Serving-sys";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\serving-sys.com.400f83f";"Gevonden Tracking cookie.Serving-sys";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\serving-sys.com.255d6f2f";"Gevonden Tracking cookie.Serving-sys";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\revsci.net.e9dbeb91";"Gevonden Tracking cookie.Revsci";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\revsci.net.a5874ce1";"Gevonden Tracking cookie.Revsci";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\revsci.net.976b899a";"Gevonden Tracking cookie.Revsci";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\revsci.net.8642c85d";"Gevonden Tracking cookie.Revsci";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\revsci.net.55564293";"Gevonden Tracking cookie.Revsci";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\revsci.net.50e13b1b";"Gevonden Tracking cookie.Revsci";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\revsci.net.44927ec";"Gevonden Tracking cookie.Revsci";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\revsci.net.2df99d79";"Gevonden Tracking cookie.Revsci";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\questionmarket.com.4dd5e426";"Gevonden Tracking cookie.Questionmarket";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\questionmarket.com.3eb5a9f1";"Gevonden Tracking cookie.Questionmarket";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\perf.overture.com.610ef18d";"Gevonden Tracking cookie.Overture";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\overture.com.52ca467a";"Gevonden Tracking cookie.Overture";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\msnportal.112.2o7.net.7225be6f";"Gevonden Tracking cookie.2o7";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\mediaplex.com.f652b123";"Gevonden Tracking cookie.Mediaplex";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\ivwbox.de.41d82fe2";"Gevonden Tracking cookie.Ivwbox";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\fastclick.net.94ca190b";"Gevonden Tracking cookie.Fastclick";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\fastclick.net.8a6435e9";"Gevonden Tracking cookie.Fastclick";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\fastclick.net.57e8da10";"Gevonden Tracking cookie.Fastclick";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\doubleclick.net.bf396750";"Gevonden Tracking cookie.Doubleclick";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\commission-junction.com.3f989311";"Gevonden Tracking cookie.Commission-junction";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\commission-junction.com.2060efc3";"Gevonden Tracking cookie.Commission-junction";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\casalemedia.com.fb62dd4b";"Gevonden Tracking cookie.Casalemedia";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\casalemedia.com.ce59db3e";"Gevonden Tracking cookie.Casalemedia";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\casalemedia.com.987e6b46";"Gevonden Tracking cookie.Casalemedia";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\casalemedia.com.8c65eddd";"Gevonden Tracking cookie.Casalemedia";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\casalemedia.com.80ad4799";"Gevonden Tracking cookie.Casalemedia";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\casalemedia.com.650648e8";"Gevonden Tracking cookie.Casalemedia";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\casalemedia.com.1773afc";"Gevonden Tracking cookie.Casalemedia";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\burstnet.com.c4fe2ebb";"Gevonden Tracking cookie.Burstnet";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\burstnet.com.a3218a37";"Gevonden Tracking cookie.Burstnet";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\burstnet.com.27341d57";"Gevonden Tracking cookie.Burstnet";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\bs.serving-sys.com.5bf1f00f";"Gevonden Tracking cookie.Serving-sys";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\bluestreak.com.bf396750";"Gevonden Tracking cookie.Bluestreak";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\atdmt.com.b3e33b5f";"Gevonden Tracking cookie.Atdmt";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\atdmt.com.7247c262";"Gevonden Tracking cookie.Atdmt";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\adviva.net.85256b16";"Gevonden Tracking cookie.Adviva";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\adviva.net.39ec90c";"Gevonden Tracking cookie.Adviva";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\advertising.com.f62113d5";"Gevonden Tracking cookie.Advertising";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\advertising.com.b624fa46";"Gevonden Tracking cookie.Advertising";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\advertising.com.7ae8f949";"Gevonden Tracking cookie.Advertising";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\advertising.com.525a5fb9";"Gevonden Tracking cookie.Advertising";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\advertising.com.203aa218";"Gevonden Tracking cookie.Advertising";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\advertising.com.1dfa2206";"Gevonden Tracking cookie.Advertising";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\advertising.com.1820df7a";"Gevonden Tracking cookie.Advertising";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\adtech.de.a9245469";"Gevonden Tracking cookie.Adtech";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\adbrite.com.e1f04284";"Gevonden Tracking cookie.Adbrite";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\adbrite.com.d5e309c2";"Gevonden Tracking cookie.Adbrite";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\adbrite.com.775ee79c";"Gevonden Tracking cookie.Adbrite";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\adbrite.com.71beeff9";"Gevonden Tracking cookie.Adbrite";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\adbrite.com.557c9f74";"Gevonden Tracking cookie.Adbrite";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\adbrite.com.44f92a69";"Gevonden Tracking cookie.Adbrite";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\ad.yieldmanager.com.e626e6be";"Gevonden Tracking cookie.Yieldmanager";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\ad.yieldmanager.com.b68f2b7b";"Gevonden Tracking cookie.Yieldmanager";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\ad.yieldmanager.com.830b6f08";"Gevonden Tracking cookie.Yieldmanager";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\ad.yieldmanager.com.7bd525e5";"Gevonden Tracking cookie.Yieldmanager";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\ad.yieldmanager.com.557bf2b0";"Gevonden Tracking cookie.Yieldmanager";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\ad.yieldmanager.com.539b0606";"Gevonden Tracking cookie.Yieldmanager";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\2o7.net.a9b49f05";"Gevonden Tracking cookie.2o7";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\2o7.net.7937d45d";"Gevonden Tracking cookie.2o7";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\2o7.net.64cf934e";"Gevonden Tracking cookie.2o7";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\2o7.net.51705b36";"Gevonden Tracking cookie.2o7";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite";"Gevonden Tracking cookie.Doubleclick";"Hersteld"
______________________________________________
Log Ad-Aware:
Logfile created: 24/12/2009 18:20:26
Lavasoft Ad-Aware version: 8.1.3
User performing scan: Kurt
*********************** Definitions database information ***********************
Lavasoft definition file: 149.121
Genotype definition file version: 2009/12/21 14:31:21
******************************** Scan results: *********************************
Scan profile name: Vol. scan (ID: full)
Objects scanned: 234575
Objects detected: 1
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 1
Browser hijacks.: 0
MRU objects.....: 0
Removed items:
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Scan and cleaning complete: Finished correctly after 7808 seconds
*********************************** Settings ***********************************
Scan profile:
ID: full, enabled:1, value: Vol. scan
ID: folderstoscan, enabled:1, value: C:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Thu Dec 24 11:52:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Thu Dec 24 17:52:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Thu Dec 24 23:52:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Thu Dec 24 05:52:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Thu Dec 24 11:52:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: true
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: true
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: nl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
****************************** System information ******************************
Computer name: Kurt-F9612CFE65
Processor name: AMD Sempron(tm) Processor 3200+
Processor identifier: x86 Family 15 Model 79 Stepping 2
Processor speed: ~1809MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 20226, number of processors 1, processor features: [MMX,SSE,SSE2,3DNow]
Physical memory available: 356753408 bytes
Physical memory total: 1073070080 bytes
Virtual memory available: 1990926336 bytes
Virtual memory total: 2147352576 bytes
Memory load: 66%
Microsoft Windows XP Professional Service Pack 3 (build 2600)
Windows startup mode:
Running processes:
PID: 832 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 912 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 936 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 980 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 992 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1148 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1216 name: C:\WINDOWS\system32\svchost.exe owner: Netwerkservice domain: NT AUTHORITY
PID: 1360 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1436 name: C:\WINDOWS\system32\svchost.exe owner: Netwerkservice domain: NT AUTHORITY
PID: 1632 name: C:\Program Files\AVG\AVG9\avgchsvx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1640 name: C:\Program Files\AVG\AVG9\avgrsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1700 name: C:\WINDOWS\system32\svchost.exe owner: Lokale service domain: NT AUTHORITY
PID: 2012 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2040 name: C:\WINDOWS\Explorer.EXE owner: Kurt domain: Kurt-F9612CFE65
PID: 268 name: C:\Program Files\AVG\AVG9\avgcsrvx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 444 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1864 name: C:\WINDOWS\system32\svchost.exe owner: Lokale service domain: NT AUTHORITY
PID: 1924 name: C:\WINDOWS\ATKKBService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1928 name: C:\Program Files\AVG\AVG9\avgwdsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 200 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1100 name: C:\WINDOWS\system32\FsUsbExService.Exe owner: SYSTEM domain: NT AUTHORITY
PID: 1720 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Kurt domain: Kurt-F9612CFE65
PID: 1532 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1564 name: C:\WINDOWS\RTHDCPL.EXE owner: Kurt domain: Kurt-F9612CFE65
PID: 1600 name: C:\PROGRA~1\AVG\AVG9\avgtray.exe owner: Kurt domain: Kurt-F9612CFE65
PID: 1400 name: C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe owner: Kurt domain: Kurt-F9612CFE65
PID: 1620 name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe owner: Kurt domain: Kurt-F9612CFE65
PID: 560 name: C:\Program Files\AVG\AVG9\avgnsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 724 name: C:\Program Files\OpenOffice.org 3\program\soffice.exe owner: Kurt domain: Kurt-F9612CFE65
PID: 1324 name: C:\Program Files\OpenOffice.org 3\program\soffice.bin owner: Kurt domain: Kurt-F9612CFE65
PID: 2064 name: C:\Program Files\AVG\AVG9\avgemc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2464 name: C:\Program Files\AVG\AVG9\avgcsrvx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2976 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3092 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3248 name: C:\WINDOWS\System32\alg.exe owner: Lokale service domain: NT AUTHORITY
PID: 2756 name: C:\Program Files\AVG\AVG9\avgui.exe owner: Kurt domain: Kurt-F9612CFE65
PID: 3992 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Kurt domain: Kurt-F9612CFE65
PID: 2712 name: C:\WINDOWS\system32\NOTEPAD.EXE owner: Kurt domain: Kurt-F9612CFE65
PID: 3624 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Kurt domain: Kurt-F9612CFE65
Startup items:
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Preloader van browseui
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Cache-daemon voor onderdeelcategorieën
Name: SkyTel
imagepath: SkyTel.EXE
Name: nwiz
imagepath: C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Name: NPSStartup
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"
Name: RTHDCPL
imagepath: RTHDCPL.EXE
Name: Alcmtr
imagepath: ALCMTR.EXE
Name: AdobeCS4ServiceManager
imagepath: "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
Name: RegistryMonitor1
imagepath: C:\WINDOWS\system32\qtplugin.exe
Name: AVG9_TRAY
imagepath: C:\PROGRA~1\AVG\AVG9\avgtray.exe
Name:
imagepath: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
Name:
imagepath: C:\WINDOWS\system32\config\systemprofile\Menu Start\Programma's\Opstarten\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete
Running services:
Name: ALG
displayname: Application Layer Gateway-service
Name: ATKKeyboardService
displayname: ATK Keyboard Service
Name: AudioSrv
displayname: Windows Audio
Name: avg9emc
displayname: AVG Free E-mail Scanner
Name: avg9wd
displayname: AVG Free WatchDog
Name: BITS
displayname: Intelligente achtergrondsoverdrachtservice
Name: Bonjour Service
displayname: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# #
Name: CryptSvc
displayname: Services voor cryptografie
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: dmserver
displayname: Logical Disk Manager
Name: Dnscache
displayname: DNS Client
Name: ERSvc
displayname: Service voor het rapporteren van fouten
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+-gebeurtenissysteem
Name: FastUserSwitchingCompatibility
displayname: Compatibiliteit voor Snelle gebruikerswisseling
Name: FsUsbExService
displayname: FsUsbExService
Name: helpsvc
displayname: Help en ondersteuning
Name: HidServ
displayname: HID Input Service
Name: Irmon
displayname: Infraroodmonitor
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC-services
Name: ProtectedStorage
displayname: Protected Storage
Name: RemoteRegistry
displayname: Remote Registry
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall (WF) / Internet-verbinding delen (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore-service
Name: SSDPSRV
displayname: SSDP Discovery-service
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Thema's
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: WZCSVC
displayname: Wireless Zero Configuration-service
______________________________________________
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:07, on 24/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RegistryMonitor1] "C:\WINDOWS\system32\qtplugin.exe"
O4 - Startup: OpenOffice.org 3.1 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258166412500
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5553 bytes
______________________________________________
Alvast bedankt voor de hulp en vrolijke kerst
-PC reageert redelijk traag op commando's
-Openen van programma's zoals firefox gaat enorm traag
-AVG scan heeft virus gevonden
Reeds gedaan als oplossing:
-Scan met AVG
-Scan met Ad-Aware
-De bestanden die AVG aangaf als virus verwijderd it de map (waren nochtans geen illegale downloads maar demoversies van een programma)
Onderstaand de scanlogs van AVG, Ad-Aware en HJT
______________________________________________
Log AVG:
"Scan ""De hele computer scannen"" is voltooid."
"Infecties";"8";"2";"6"
"Waarschuwingen";"104";"103";"1"
"Voor scan geselecteerde mappen:";"De hele computer scannen"
"Scan is gestart:";"donderdag 24 december 2009, 14:22:47"
"Scan voltooid:";"donderdag 24 december 2009, 17:25:33 (3 uur (uren) 2 min. 45 seconde (n))"
"Totaal gescande objecten:";"581378"
"Gebruiker die de scan heeft gestart:";"Kurt"
"Infecties"
"Bestand";"Infectie";"Resultaat"
"C:\WINDOWS\TEMP\irdm.tmp";"Trojaans paard Generic16.EUT";"Verplaatst naar de quarantaine"
"C:\WINDOWS\TEMP\irdm.tmp";"Trojaans paard Generic16.EUT";"Verplaatst naar de quarantaine"
"C:\WINDOWS\system32\tdlcmd.dll";"Trojaans paard Vundo.JE";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Mijn documenten\Downloads\iSkysoft.Video.Converter.v1.6 .0.1\Setup\Setup.exe:\10771_~1.EXE";"Virus herkend Packed.Hidden";"Geïnfecteerd"
"C:\Documents and Settings\Kurt\Mijn documenten\Downloads\iSkysoft.Video.Converter.v1.6 .0.1\Setup\Setup.exe";"Virus herkend Packed.Hidden";"Geïnfecteerd"
"C:\Documents and Settings\Kurt\Mijn documenten\Downloads\iSkysoft.Video.Converter.v1.6 .0.1.rar:\Setup\Setup.exe:\10771_~1.EXE";"Virus herkend Packed.Hidden";"Geïnfecteerd"
"C:\Documents and Settings\Kurt\Mijn documenten\Downloads\iSkysoft.Video.Converter.v1.6 .0.1.rar:\Setup\Setup.exe";"Virus herkend Packed.Hidden";"Geïnfecteerd"
"C:\Documents and Settings\Kurt\Mijn documenten\Downloads\iSkysoft.Video.Converter.v1.6 .0.1.rar";"Virus herkend Packed.Hidden";"Geïnfecteerd"
"Waarschuwingen"
"Bestand";"Infectie";"Resultaat"
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ RegistryMonitor1";"Registersleutel gevonden met verwijzing naar geïnfecteerd bestand C:\WINDOWS\TEMP\irdm.tmp";"Object ontbreekt."
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Run\\RegistryMonitor1";"Registersleutel gevonden met verwijzing naar geïnfecteerd bestand C:\WINDOWS\TEMP\irdm.tmp";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Cookies\Kurt@bluestreak[1].txt:\bluestreak.com.bf396750";"Gevonden Tracking cookie.Bluestreak";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Cookies\Kurt@bluestreak[1].txt";"Gevonden Tracking cookie.Bluestreak";"Hersteld"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\zedo.com.f462b69f";"Gevonden Tracking cookie.Zedo";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\zedo.com.c1dd09f2";"Gevonden Tracking cookie.Zedo";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\zedo.com.a5b6a132";"Gevonden Tracking cookie.Zedo";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\zedo.com.27f1639b";"Gevonden Tracking cookie.Zedo";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\yadro.ru.c77afad5";"Gevonden Tracking cookie.Yadro";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\yadro.ru.a4842f54";"Gevonden Tracking cookie.Yadro";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\weborama.fr.30104bcb";"Gevonden Tracking cookie.Weborama";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tribalfusion.com.ff8546b9";"Gevonden Tracking cookie.Tribalfusion";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tribalfusion.com.dcc03271";"Gevonden Tracking cookie.Tribalfusion";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tribalfusion.com.9bc3e98f";"Gevonden Tracking cookie.Tribalfusion";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tribalfusion.com.8b22ad8c";"Gevonden Tracking cookie.Tribalfusion";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tribalfusion.com.7610f0e0";"Gevonden Tracking cookie.Tribalfusion";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tribalfusion.com.5eef93d0";"Gevonden Tracking cookie.Tribalfusion";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\trafficmp.com.f3e5803e";"Gevonden Tracking cookie.Trafficmp";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\trafficmp.com.d99100e6";"Gevonden Tracking cookie.Trafficmp";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\trafficmp.com.a00e30b4";"Gevonden Tracking cookie.Trafficmp";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tradedoubler.com.f4648305";"Gevonden Tracking cookie.Tradedoubler";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tradedoubler.com.ef90aa95";"Gevonden Tracking cookie.Tradedoubler";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tradedoubler.com.eab0972e";"Gevonden Tracking cookie.Tradedoubler";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tradedoubler.com.dc3c9994";"Gevonden Tracking cookie.Tradedoubler";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tradedoubler.com.ba12c0e9";"Gevonden Tracking cookie.Tradedoubler";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tradedoubler.com.adc507fa";"Gevonden Tracking cookie.Tradedoubler";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tacoda.net.c4fe2ebb";"Gevonden Tracking cookie.Tacoda";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tacoda.net.5935e89";"Gevonden Tracking cookie.Tacoda";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tacoda.net.4366831a";"Gevonden Tracking cookie.Tacoda";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\tacoda.net.27341d57";"Gevonden Tracking cookie.Tacoda";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\statse.webtrendslive.com.b4ca7df0";"Gevonden Tracking cookie.Webtrendslive";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\smartadserver.com.c5827141";"Gevonden Tracking cookie.Smartadserver";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\smartadserver.com.bf8b766";"Gevonden Tracking cookie.Smartadserver";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\smartadserver.com.5550c4ed";"Gevonden Tracking cookie.Smartadserver";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\smartadserver.com.3e749ab9";"Gevonden Tracking cookie.Smartadserver";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\smartadserver.com.321a5cf8";"Gevonden Tracking cookie.Smartadserver";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\serving-sys.com.c9034af6";"Gevonden Tracking cookie.Serving-sys";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\serving-sys.com.6a1cf9e8";"Gevonden Tracking cookie.Serving-sys";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\serving-sys.com.606c3d3b";"Gevonden Tracking cookie.Serving-sys";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\serving-sys.com.4b416ef8";"Gevonden Tracking cookie.Serving-sys";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\serving-sys.com.400f83f";"Gevonden Tracking cookie.Serving-sys";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\serving-sys.com.255d6f2f";"Gevonden Tracking cookie.Serving-sys";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\revsci.net.e9dbeb91";"Gevonden Tracking cookie.Revsci";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\revsci.net.a5874ce1";"Gevonden Tracking cookie.Revsci";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\revsci.net.976b899a";"Gevonden Tracking cookie.Revsci";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\revsci.net.8642c85d";"Gevonden Tracking cookie.Revsci";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\revsci.net.55564293";"Gevonden Tracking cookie.Revsci";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\revsci.net.50e13b1b";"Gevonden Tracking cookie.Revsci";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\revsci.net.44927ec";"Gevonden Tracking cookie.Revsci";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\revsci.net.2df99d79";"Gevonden Tracking cookie.Revsci";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\questionmarket.com.4dd5e426";"Gevonden Tracking cookie.Questionmarket";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\questionmarket.com.3eb5a9f1";"Gevonden Tracking cookie.Questionmarket";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\perf.overture.com.610ef18d";"Gevonden Tracking cookie.Overture";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\overture.com.52ca467a";"Gevonden Tracking cookie.Overture";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\msnportal.112.2o7.net.7225be6f";"Gevonden Tracking cookie.2o7";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\mediaplex.com.f652b123";"Gevonden Tracking cookie.Mediaplex";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\ivwbox.de.41d82fe2";"Gevonden Tracking cookie.Ivwbox";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\fastclick.net.94ca190b";"Gevonden Tracking cookie.Fastclick";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\fastclick.net.8a6435e9";"Gevonden Tracking cookie.Fastclick";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\fastclick.net.57e8da10";"Gevonden Tracking cookie.Fastclick";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\doubleclick.net.bf396750";"Gevonden Tracking cookie.Doubleclick";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\commission-junction.com.3f989311";"Gevonden Tracking cookie.Commission-junction";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\commission-junction.com.2060efc3";"Gevonden Tracking cookie.Commission-junction";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\casalemedia.com.fb62dd4b";"Gevonden Tracking cookie.Casalemedia";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\casalemedia.com.ce59db3e";"Gevonden Tracking cookie.Casalemedia";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\casalemedia.com.987e6b46";"Gevonden Tracking cookie.Casalemedia";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\casalemedia.com.8c65eddd";"Gevonden Tracking cookie.Casalemedia";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\casalemedia.com.80ad4799";"Gevonden Tracking cookie.Casalemedia";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\casalemedia.com.650648e8";"Gevonden Tracking cookie.Casalemedia";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\casalemedia.com.1773afc";"Gevonden Tracking cookie.Casalemedia";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\burstnet.com.c4fe2ebb";"Gevonden Tracking cookie.Burstnet";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\burstnet.com.a3218a37";"Gevonden Tracking cookie.Burstnet";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\burstnet.com.27341d57";"Gevonden Tracking cookie.Burstnet";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\bs.serving-sys.com.5bf1f00f";"Gevonden Tracking cookie.Serving-sys";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\bluestreak.com.bf396750";"Gevonden Tracking cookie.Bluestreak";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\atdmt.com.b3e33b5f";"Gevonden Tracking cookie.Atdmt";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\atdmt.com.7247c262";"Gevonden Tracking cookie.Atdmt";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\adviva.net.85256b16";"Gevonden Tracking cookie.Adviva";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\adviva.net.39ec90c";"Gevonden Tracking cookie.Adviva";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\advertising.com.f62113d5";"Gevonden Tracking cookie.Advertising";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\advertising.com.b624fa46";"Gevonden Tracking cookie.Advertising";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\advertising.com.7ae8f949";"Gevonden Tracking cookie.Advertising";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\advertising.com.525a5fb9";"Gevonden Tracking cookie.Advertising";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\advertising.com.203aa218";"Gevonden Tracking cookie.Advertising";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\advertising.com.1dfa2206";"Gevonden Tracking cookie.Advertising";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\advertising.com.1820df7a";"Gevonden Tracking cookie.Advertising";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\adtech.de.a9245469";"Gevonden Tracking cookie.Adtech";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\adbrite.com.e1f04284";"Gevonden Tracking cookie.Adbrite";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\adbrite.com.d5e309c2";"Gevonden Tracking cookie.Adbrite";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\adbrite.com.775ee79c";"Gevonden Tracking cookie.Adbrite";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\adbrite.com.71beeff9";"Gevonden Tracking cookie.Adbrite";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\adbrite.com.557c9f74";"Gevonden Tracking cookie.Adbrite";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\adbrite.com.44f92a69";"Gevonden Tracking cookie.Adbrite";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\ad.yieldmanager.com.e626e6be";"Gevonden Tracking cookie.Yieldmanager";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\ad.yieldmanager.com.b68f2b7b";"Gevonden Tracking cookie.Yieldmanager";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\ad.yieldmanager.com.830b6f08";"Gevonden Tracking cookie.Yieldmanager";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\ad.yieldmanager.com.7bd525e5";"Gevonden Tracking cookie.Yieldmanager";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\ad.yieldmanager.com.557bf2b0";"Gevonden Tracking cookie.Yieldmanager";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\ad.yieldmanager.com.539b0606";"Gevonden Tracking cookie.Yieldmanager";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\2o7.net.a9b49f05";"Gevonden Tracking cookie.2o7";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\2o7.net.7937d45d";"Gevonden Tracking cookie.2o7";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\2o7.net.64cf934e";"Gevonden Tracking cookie.2o7";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite:\2o7.net.51705b36";"Gevonden Tracking cookie.2o7";"Verplaatst naar de quarantaine"
"C:\Documents and Settings\Kurt\Application Data\Mozilla\Firefox\Profiles\uihq2hnh.default\coo kies.sqlite";"Gevonden Tracking cookie.Doubleclick";"Hersteld"
______________________________________________
Log Ad-Aware:
Logfile created: 24/12/2009 18:20:26
Lavasoft Ad-Aware version: 8.1.3
User performing scan: Kurt
*********************** Definitions database information ***********************
Lavasoft definition file: 149.121
Genotype definition file version: 2009/12/21 14:31:21
******************************** Scan results: *********************************
Scan profile name: Vol. scan (ID: full)
Objects scanned: 234575
Objects detected: 1
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 1
Browser hijacks.: 0
MRU objects.....: 0
Removed items:
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Scan and cleaning complete: Finished correctly after 7808 seconds
*********************************** Settings ***********************************
Scan profile:
ID: full, enabled:1, value: Vol. scan
ID: folderstoscan, enabled:1, value: C:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Thu Dec 24 11:52:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Thu Dec 24 17:52:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Thu Dec 24 23:52:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Thu Dec 24 05:52:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Thu Dec 24 11:52:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: true
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: true
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: nl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
****************************** System information ******************************
Computer name: Kurt-F9612CFE65
Processor name: AMD Sempron(tm) Processor 3200+
Processor identifier: x86 Family 15 Model 79 Stepping 2
Processor speed: ~1809MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 20226, number of processors 1, processor features: [MMX,SSE,SSE2,3DNow]
Physical memory available: 356753408 bytes
Physical memory total: 1073070080 bytes
Virtual memory available: 1990926336 bytes
Virtual memory total: 2147352576 bytes
Memory load: 66%
Microsoft Windows XP Professional Service Pack 3 (build 2600)
Windows startup mode:
Running processes:
PID: 832 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 912 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 936 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 980 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 992 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1148 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1216 name: C:\WINDOWS\system32\svchost.exe owner: Netwerkservice domain: NT AUTHORITY
PID: 1360 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1436 name: C:\WINDOWS\system32\svchost.exe owner: Netwerkservice domain: NT AUTHORITY
PID: 1632 name: C:\Program Files\AVG\AVG9\avgchsvx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1640 name: C:\Program Files\AVG\AVG9\avgrsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1700 name: C:\WINDOWS\system32\svchost.exe owner: Lokale service domain: NT AUTHORITY
PID: 2012 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2040 name: C:\WINDOWS\Explorer.EXE owner: Kurt domain: Kurt-F9612CFE65
PID: 268 name: C:\Program Files\AVG\AVG9\avgcsrvx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 444 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1864 name: C:\WINDOWS\system32\svchost.exe owner: Lokale service domain: NT AUTHORITY
PID: 1924 name: C:\WINDOWS\ATKKBService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1928 name: C:\Program Files\AVG\AVG9\avgwdsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 200 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1100 name: C:\WINDOWS\system32\FsUsbExService.Exe owner: SYSTEM domain: NT AUTHORITY
PID: 1720 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Kurt domain: Kurt-F9612CFE65
PID: 1532 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1564 name: C:\WINDOWS\RTHDCPL.EXE owner: Kurt domain: Kurt-F9612CFE65
PID: 1600 name: C:\PROGRA~1\AVG\AVG9\avgtray.exe owner: Kurt domain: Kurt-F9612CFE65
PID: 1400 name: C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe owner: Kurt domain: Kurt-F9612CFE65
PID: 1620 name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe owner: Kurt domain: Kurt-F9612CFE65
PID: 560 name: C:\Program Files\AVG\AVG9\avgnsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 724 name: C:\Program Files\OpenOffice.org 3\program\soffice.exe owner: Kurt domain: Kurt-F9612CFE65
PID: 1324 name: C:\Program Files\OpenOffice.org 3\program\soffice.bin owner: Kurt domain: Kurt-F9612CFE65
PID: 2064 name: C:\Program Files\AVG\AVG9\avgemc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2464 name: C:\Program Files\AVG\AVG9\avgcsrvx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2976 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3092 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3248 name: C:\WINDOWS\System32\alg.exe owner: Lokale service domain: NT AUTHORITY
PID: 2756 name: C:\Program Files\AVG\AVG9\avgui.exe owner: Kurt domain: Kurt-F9612CFE65
PID: 3992 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Kurt domain: Kurt-F9612CFE65
PID: 2712 name: C:\WINDOWS\system32\NOTEPAD.EXE owner: Kurt domain: Kurt-F9612CFE65
PID: 3624 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Kurt domain: Kurt-F9612CFE65
Startup items:
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Preloader van browseui
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Cache-daemon voor onderdeelcategorieën
Name: SkyTel
imagepath: SkyTel.EXE
Name: nwiz
imagepath: C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Name: NPSStartup
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"
Name: RTHDCPL
imagepath: RTHDCPL.EXE
Name: Alcmtr
imagepath: ALCMTR.EXE
Name: AdobeCS4ServiceManager
imagepath: "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
Name: RegistryMonitor1
imagepath: C:\WINDOWS\system32\qtplugin.exe
Name: AVG9_TRAY
imagepath: C:\PROGRA~1\AVG\AVG9\avgtray.exe
Name:
imagepath: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
Name:
imagepath: C:\WINDOWS\system32\config\systemprofile\Menu Start\Programma's\Opstarten\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete
Running services:
Name: ALG
displayname: Application Layer Gateway-service
Name: ATKKeyboardService
displayname: ATK Keyboard Service
Name: AudioSrv
displayname: Windows Audio
Name: avg9emc
displayname: AVG Free E-mail Scanner
Name: avg9wd
displayname: AVG Free WatchDog
Name: BITS
displayname: Intelligente achtergrondsoverdrachtservice
Name: Bonjour Service
displayname: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# #
Name: CryptSvc
displayname: Services voor cryptografie
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: dmserver
displayname: Logical Disk Manager
Name: Dnscache
displayname: DNS Client
Name: ERSvc
displayname: Service voor het rapporteren van fouten
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+-gebeurtenissysteem
Name: FastUserSwitchingCompatibility
displayname: Compatibiliteit voor Snelle gebruikerswisseling
Name: FsUsbExService
displayname: FsUsbExService
Name: helpsvc
displayname: Help en ondersteuning
Name: HidServ
displayname: HID Input Service
Name: Irmon
displayname: Infraroodmonitor
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC-services
Name: ProtectedStorage
displayname: Protected Storage
Name: RemoteRegistry
displayname: Remote Registry
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall (WF) / Internet-verbinding delen (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore-service
Name: SSDPSRV
displayname: SSDP Discovery-service
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Thema's
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: WZCSVC
displayname: Wireless Zero Configuration-service
______________________________________________
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:07, on 24/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RegistryMonitor1] "C:\WINDOWS\system32\qtplugin.exe"
O4 - Startup: OpenOffice.org 3.1 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258166412500
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5553 bytes
______________________________________________
Alvast bedankt voor de hulp en vrolijke kerst