![]() |
|
Verwijderd
|
Logfile of HijackThis v1.99.1
Scan saved at 23:03:16, on 6-10-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\QuickTime\qttask.exe C:\windows\system32\stonedrv.exe C:\Program Files\Common Files\{DCAFFC61-0710-1043-0624-05110304001f}\Update.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe D:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file) F2 - REG ![]() O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [explorer] D:\Documents and Settings\Charlotte\Yinstall.exe O4 - HKLM\..\Run: [bwx5adde] RUNDLL32.EXE w03c1c1f.dll,n 0055add90000000a03c1c1f O4 - HKLM\..\Run: [defender] C:\\dfndrff_e23.exe O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe O4 - Global Startup: Remote Control.lnk = C:\Program Files\ZOLID Multimedia\VS-TV7134RF Utilities\P3XRCtl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/downloa...t/instwact.dll O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\rdcc.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe computer van me vriendin, heeft op een link via msn geklikt (van ben jij dit op de foto??!?!!?) en sindsdien..hoe dit weg te halen? hitman pro pakt het niet.. en wat is het probleem eigenlijk?;p |
Advertentie | |
|
![]() |
|
Antwoord aan reuff
Lekker handig hoor, spring je ook in het water als iemand dat tegen je zegt ? Ok de fix, probeer die zo goed als kan uit te voeren, lukt er iets niet gewoon doorgaan. Ga naar software in configuratiescherm en uninstall daar MSN , Start HJT opnieuw en vink onderstaande regels aan sluit alle vensters behalve HJT en klik op fix checked. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about :blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank F2 - REG ystem.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file) O4 - HKLM\..\Run: [explorer] D:\Documents and Settings\Charlotte\Yinstall.exe O4 - HKLM\..\Run: [bwx5adde] RUNDLL32.EXE w03c1c1f.dll,n 0055add90000000a03c1c1f O4 - HKLM\..\Run: [defender] C:\\dfndrff_e23.exe O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\rdcc.dll (file missing) Verwijder via verkenner onderstaande dikgedrukte items. D:\Documents and Settings\Charlotte\Yinstall.exe C:\windows\system32\stonedrv.exe C:\WINDOWS\system32\rpcc.dll Download Dr.Web CureIt naar je Bureaublad:
Negeer popups over Buy of 50% korting Download Combofix naar je Bureaublad.
Plaats deze log in je volgende post samen met een nieuw HijackThis log. NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. Aub Een nieuw logje van HJT en het logje van dr.web en combofix. Succes. Juisterr
__________________
Alles is betrekkelijk.
Proud member of ASAP |
![]() |
|||
HJT log
Citaat:
Citaat:
__________________
|| Heaven won't let me in, Hell's afraid that I take over ||
[QUOTE=Ellesdee;26151717]hahaha, je bent wel lief <3[/QUOTE] |
![]() |
||
Verwijderd
|
Citaat:
![]() maar bedankt, ik ga het straks proberen ![]() |
![]() |
||||
Verwijderd
|
Citaat:
Citaat:
Citaat:
|
![]() |
|
antwoord aan Solowolf,
Code: Download Ccleaner Let op niet de yahoo toolbar installeren <<<<<<<<<<<<< update hem en doe een scan (aan de linkerkant staan icoons, eerst die met het stoffertje doen, laat hem scannen en doe daarna opschonen, twee keer opschonen) Daaronder staat een icoon met problemen, klik die aan en doe een scan, klik op fouten reparen (indien fouten aanwezig) en maak een backupmapje op je pc. Code: - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel". - Zet een vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Windows vraagt of je dat zeker weet. - Klik "Ja". - Klik "OK". - Start de pc opnieuw op. - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?" - Klik "Ja". - Verwijder het vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Klik "OK". Draai dr.web nogmaals en plaats dat logje aub. Juisterr
__________________
Alles is betrekkelijk.
Proud member of ASAP |
![]() |
||
Antwoord aan reuff,
Helaas slecht nieuws, je kan het zelf ook zien in je combofixlogje. Je ben de "gelukkige" bezitter van een rootkit ![]() ![]() Die gaan we eerst aanpakken, (lees de nek omdraaien) Lees onderstaande goed. Citaat:
Deze rootkit is ook onzichtbaar voor rootkitscanners, zodat we hem daarmee niet kunnen bestrijden. Dit komt omdat de pe386 rootkit ook de rootkitscanners zelf viseert, en zichzelf verwijdert zodra je een rootkitscanner draait, waardoor hij niet op te sporen is. Zodra de scanner stopt, wordt de pe386 terug actief. We gaan dus een speciale werkwijze moeten gebruiken : Ik ga je een rootkitscanner laten downloaden, maar zodra deze de scan start, moet je de Powerknop enkele seconden indrukken om je computer uit te schakelen (gebruik dus niet de gewone manier om je PC af te sluiten, maar doe het wel met de Powerknop) We gaan de blacklight rootkit scanner gebruiken... Sluit alle openstaande toepassingen op je PC. Download en sla Blacklight op op je Bureaublad. F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml Dubbelklik op blbeta.exe en aanvaard de agreement. Klik vervolgens op Scan. Zodra de scan begint (dus TIJDENS de scan).....sluit je je PC af door de Powerknop ingedrukt te houden!!! Laat je PC terug opstarten, onderbreek een eventuele schijfkontrole niet. Doe dan nogmaals een combofix scan en plaats opnieuw het logje aub. Juisterr
__________________
Alles is betrekkelijk.
Proud member of ASAP |
![]() |
||
Verwijderd
|
Citaat:
![]() |
![]() |
||
Citaat:
__________________
|| Heaven won't let me in, Hell's afraid that I take over ||
[QUOTE=Ellesdee;26151717]hahaha, je bent wel lief <3[/QUOTE] |
![]() |
|
Hallo,
reuff Download NTrights.zip: http://www10.brinkster.com/expl0iter...dumprights.htm Plaats het op je bureaublad. Unzip het. Open de map NTrights en dubbelklik op Debug.bat en volg de aanwijzingen op het scherm. Herstart de computer. Open de map NTrights, en dubbelklik nog een keer op Debug.bat. Er wordt een logje gemaakt. Dit logje zou het volgende moeten aangeven: "Granting SeDebugPrivilege to Administrators ... successful" Als dit zo is, dan start je Blacklight nog een keer. Maar die link is waarschijnlijk down... Dan kan je deze nog gebruiken: http://download.bleepingcomputer.com...ug-Restore.exe Dubbelklik SeDebug-Restore.exe om de tool te starten. Als de tool klaar is, zal het programma vragen om de computer te herstarten.
__________________
Alles is betrekkelijk.
Proud member of ASAP Laatst gewijzigd op 10-10-2006 om 19:49. |
![]() |
|||
Citaat:
![]() hier overgens het HJT log Citaat:
__________________
|| Heaven won't let me in, Hell's afraid that I take over ||
[QUOTE=Ellesdee;26151717]hahaha, je bent wel lief <3[/QUOTE] |
![]() |
||
Citaat:
![]()
__________________
|| Heaven won't let me in, Hell's afraid that I take over ||
[QUOTE=Ellesdee;26151717]hahaha, je bent wel lief <3[/QUOTE] |
![]() |
||
Citaat:
C:\DOCUME~1\FAMILI~1\LOCALS~1\Temp\Rar$EX00.641\HijackThis.exe hier kan je zien dat het programma van HJT niet in een eigen mapje staat, dat is eigenlijk wel de bedoeling want alleen daar maakt het fatsoenlijke backups. dus ihv. maak een nieuwe map aan op je C bv. C:\HJT en UNZIP het programma daar naar toe en werk dan vanuit die map.
__________________
Alles is betrekkelijk.
Proud member of ASAP |
![]() |
||||
Hoi, volgens mij heb ik ongeveer hetzelfde probleem als wolf laatst had, die virusburst.
Hier een logje: Citaat:
Citaat:
Citaat:
__________________
Lampaan.
|
![]() |
|
Hai egged
1. Download SmitfraudFix (vanS!Ri), en pak het uit op je bureaublad. 2. Print onderstaande instrukties uit of kopieer ze naar een .txt bestand. Dit, omdat de rest van de fix in veilige modus is en je hier dus niet meer kan terugzoeken. 3. Start op in Veilige modus 4. Open de map smitfraudfix en dubbelklik op smitfraudfix.cmd
5. Post de inhoud van dit bestandje in je volgende antwoord, samen met een Hijackthis-logje. (Je kan het rapport ook vinden in c:\rapport.txt) Ik denk niet dat je direct van de boel afbent. Succes
__________________
Alles is betrekkelijk.
Proud member of ASAP |
![]() |
||
ha juisterr,
had mn probleem laatst ook gepost op hijackthis.nl, daar werd me die stap ook aangeraden en daarna nog wat dingetjes, waarvan ik er ook een of twee gedaan heb. tot nu toe ziet het er zo uit (zie hieronder), ik weet niet of dit goed of slecht niews is. de volgende stappen zouden zijn dr. web en combofix. gaat t een beetje goed ? ![]() bedankt als je nog kijkt ! Citaat:
__________________
Lampaan.
|
![]() |
|
Logfile of HijackThis v1.99.1
Scan saved at 14:19:50, on 22-10-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\ipwins\ipwins.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\??mbols\m?config.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Realtek\Rtl8180\RtlWake.exe C:\DOCUME~1\Sara\LOCALS~1\Temp\Rar$EX00.093\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll (file missing) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [cig0630c] RUNDLL32.EXE w0fbdf3f.dll,n 006063060000000a0fbdf3f O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe O4 - HKCU\..\Run: [Fsgxdikw] C:\WINDOWS\??mbols\m?config.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: RtlWake.lnk = C:\Program Files\Realtek\Rtl8180\RtlWake.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.google.nl O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: dxclib303562752.dll O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\fpp0037me.dll (file missing) O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\newddi.dll O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\l4n40e5qeh.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\R2VicnVpa2Vy\command.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Aldus van een computer die flink naar de kloten is. (spyware, adware, onbekende processen) |
![]() |
|
Hallo
M0ss0l Print onderstaande fix af of sla het op zodat je goed onderstaande stappen kan uitvoeren. Start HJT opnieuw en doe een systemscan only vink onderstaande regels aan sluit alle vensters behalve die van hjt en klik op fix checked. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll (file missing) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM\..\Run: [cig0630c] RUNDLL32.EXE w0fbdf3f.dll,n 006063060000000a0fbdf3f O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe O4 - HKCU\..\Run: [Fsgxdikw] C:\WINDOWS\??mbols\m?config.exe O20 - AppInit_DLLs: dxclib303562752.dll O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\fpp0037me.dll (file missing) O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\newddi.dll O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\l4n40e5qeh.dll (file missing) O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\R2VicnVpa2Vy\command.exe (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) Doe vervolgens beide onderstaande tools. Download Alcanshorty, en plaats het op je bureaublad. Dubbelklik op alcanshorty_nl om het te installeren. Open daarna de map alcanshorty_nl , en dubbelklik op run.bat De icoontjes op je Bureaublad zullen verdwijnen en daarna terug verschijnen. Dit is normaal. Wacht op de "Completed script execution"-boodschap en klik op "OK". Sluit BFU af door op "EXIT" te klikken. Herstart je pc, Download Combofix naar je Bureaublad.
Plaats deze log in je volgende post samen met een nieuw HijackThis log. NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
__________________
Alles is betrekkelijk.
Proud member of ASAP |
![]() |
|
Sara - 06-10-22 15:32:02,18 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Sara\Bureaublad" ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log )))))))))))))))))))))))))))))))))))))))))))))))))) REGISTRY ENTRIES REMOVED: [HKEY_CLASSES_ROOT\clsid\{C28EAFEC-EE4D-4EB9-BF36-4F5E07B73334}] @="" [HKEY_CLASSES_ROOT\clsid\{C28EAFEC-EE4D-4EB9-BF36-4F5E07B73334}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\clsid\{C28EAFEC-EE4D-4EB9-BF36-4F5E07B73334}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\clsid\{C28EAFEC-EE4D-4EB9-BF36-4F5E07B73334}\InprocServer32] @="C:\\WINDOWS\\system32\\mkls31.dll" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\clsid\{9EF50D66-6B78-44A4-B7B6-3C066101397A}] @="" [HKEY_CLASSES_ROOT\clsid\{9EF50D66-6B78-44A4-B7B6-3C066101397A}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\clsid\{9EF50D66-6B78-44A4-B7B6-3C066101397A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\clsid\{9EF50D66-6B78-44A4-B7B6-3C066101397A}\InprocServer32] @="C:\\WINDOWS\\system32\\wbspdmoe.dll" "ThreadingModel"="Apartment" * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * FILES REMOVED: C:\WINDOWS\system32\CKEMUPIA.DLL C:\WINDOWS\system32\fpr4039qe.dll C:\WINDOWS\system32\mkls31.dll C:\WINDOWS\system32\n44s0eh7eh4.dll C:\WINDOWS\system32\wbspdmoe.dll Granting sedebugprivilege to Administrators ... successful ((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Documents and Settings\Jan\Application Data\Dxcknwrd.dll C:\Documents and Settings\Sara\Application Data\Dxccwrd.dll C:\Documents and Settings\Sara\Application Data\Dxcknwrd.dll C:\WINDOWS\system32\bkd.exe C:\Program Files\DeluxeCommunications\Dxc.exe C:\Program Files\DeluxeCommunications\DxcCore.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\teller2.chk C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\wintsvsu.exe C:\Program Files\Common Files\Yazzle1122OinAdmin.exe C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe C:\WINDOWS\system32\atmtd.dll C:\WINDOWS\system32\atmtd.dll._ C:\Documents and Settings\LocalService\Application Data\NetMon C:\Program Files\Cowabanga C:\Program Files\Deskbar C:\Program Files\PrintView C:\Program Files\Common Files\{FCB2F18D-0AEF-1043-0124-03071103001f} ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\QooBox\Purity\Program Files\ICROSO~1.NET C:\QooBox\Purity\Program Files\ICROSO~1.NET\ICROSO~1.NET C:\QooBox\Purity\Program Files\ICROSO~1.NET\tracert.exe C:\QooBox\Purity\Program Files\ICROSO~1.NET\ICROSO~1.NET\ctxad-497.0000 C:\QooBox\Purity\Program Files\ICROSO~1.NET\ICROSO~1.NET\ctxad-497.0001 C:\QooBox\Purity\WINDOWS\MBOLS~1 C:\QooBox\Purity\WINDOWS\MBOLS~1\m?config.exe ((((((((((((((((((((((((((((((( Files Created from 2006-09-22 to 2006-10-22 )))))))))))))))))))))))))))))))))) 2006-10-21 13:42 24,296 --a------ C:\WINDOWS\icont.exe 2006-10-19 20:40 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2006-10-19 20:40 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2006-10-19 20:40 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys 2006-10-19 20:40 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2006-10-19 20:15 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-10-19 19:32 131,072 --a------ C:\WINDOWS\system32\bupgjcfe.dll 2006-10-19 18:57 50,912 --a------ C:\WINDOWS\iconu.exe 2006-10-19 18:34 192 --a------ C:\Documents and Settings\Sara\ggg.bat 2006-10-19 18:34 16,384 --a------ C:\Documents and Settings\Sara\dr.exe 2006-10-19 18:34 1,259 --a------ C:\WINDOWS\system32\cig0630c.sys 2006-10-19 18:33 20,480 --a------ C:\Documents and Settings\Sara\setup9X.exe 2006-10-19 18:33 115,947 --a------ C:\Documents and Settings\Sara\install.exe 2006-10-19 14:23 305,152 --a------ C:\WINDOWS\IsUninst.exe 2006-10-19 13:58 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2006-10-12 17:46 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2006-10-11 20:13 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2006-10-05 13:35 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2006-10-05 13:35 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2006-10-05 13:35 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2006-10-05 13:35 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2006-10-05 13:35 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe 2006-09-24 21:45 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2006-09-24 21:45 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2006-09-24 21:45 308,224 --a------ C:\WINDOWS\IsUn0413.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-22 15:33 -------- d-------- C:\Program Files\Common Files 2006-10-22 12:07 -------- d-------- C:\Program Files\Zango 2006-10-20 21:30 -------- d-------- C:\Program Files\Call of Duty 2006-10-20 12:42 -------- d-------- C:\Documents and Settings\Sara\Application Data\AVG7 2006-10-19 20:40 -------- d-------- C:\Program Files\Grisoft 2006-10-19 19:33 -------- d-------- C:\Program Files\LimeWire 2006-10-19 19:32 -------- d-------- C:\Program Files\Java 2006-10-19 14:24 -------- d-------- C:\Program Files\Mplayer 2006-10-19 14:23 -------- d-------- C:\Program Files\Quake III Arena 2006-10-19 14:15 -------- d-------- C:\Documents and Settings\Sara\Application Data\uTorrent 2006-10-19 14:00 -------- d-------- C:\Program Files\DAEMON Tools 2006-10-19 11:47 -------- d-------- C:\Program Files\Winamp 2006-10-19 11:47 -------- d-------- C:\Documents and Settings\Sara\Application Data\Sun 2006-10-18 13:22 -------- d-------- C:\Program Files\BearShare 2006-10-15 21:32 -------- d-------- C:\Program Files\uTorrent 2006-10-11 20:17 -------- d-------- C:\Documents and Settings\Sara\Application Data\EPSON 2006-10-05 14:08 -------- d-------- C:\Documents and Settings\Sara\Application Data\Winamp 2006-10-04 20:27 -------- d-------- C:\Program Files\QuickTime 2006-10-03 19:30 -------- d-------- C:\Program Files\Teach2000 2006-09-27 18:45 -------- d-------- C:\Program Files\Guitar Pro 5 2006-09-25 19:05 -------- d-------- C:\Program Files\MSN Messenger 2006-09-24 21:45 -------- d-------- C:\Program Files\Malmberg 2006-09-24 21:45 -------- d-------- C:\Program Files\Common Files\YDP 2006-09-22 20:52 -------- d-------- C:\Documents and Settings\Sara\Application Data\AdobeUM 2006-09-19 11:03 -------- d-------- C:\Documents and Settings\Sara\Application Data\Creative 2006-09-18 20:16 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-09-18 20:16 -------- d-------- C:\Program Files\Creative 2006-09-18 19:36 -------- d-------- C:\Documents and Settings\Sara\Application Data\ArcSoft 2006-09-18 19:35 -------- d-------- C:\Program Files\EPSON 2006-09-18 19:34 -------- d-------- C:\Program Files\Common Files\Python 2006-09-18 19:34 -------- d-------- C:\Program Files\ArcSoft 2006-09-18 19:31 -------- d-------- C:\Program Files\Common Files\EPSON 2006-09-18 08:38 -------- d-------- C:\Program Files\Windows Media Player 2006-09-17 20:24 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2006-09-17 18:14 -------- d---s---- C:\Documents and Settings\Sara\Application Data\Microsoft 2006-09-16 18:00 -------- d-------- C:\Program Files\MessengerPlus! 3 2006-09-16 17:00 -------- d-------- C:\Documents and Settings\Sara\Application Data\Google 2006-09-16 16:55 -------- d-------- C:\Program Files\Google 2006-09-16 16:55 -------- d-------- C:\Program Files\Common Files\InstallShield 2006-09-16 16:48 -------- d-------- C:\Documents and Settings\Sara\Application Data\Macromedia 2006-09-15 18:17 -------- d-------- C:\Program Files\Common Files\Java 2006-09-15 16:01 -------- d-------- C:\Program Files\MyGlobalSearch 2006-09-13 21:40 -------- d-------- C:\Program Files\TagScanner 2006-09-13 19:52 -------- d-------- C:\Program Files\Realtek 2006-09-13 19:13 -------- d-------- C:\Program Files\WinRAR 2006-09-13 07:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-09-12 16:14 44 --a------ C:\WINDOWS\system32\msssc.dll 2006-09-12 16:14 -------- d-------- C:\Program Files\Analog Devices 2006-09-12 15:55 -------- d-------- C:\Program Files\OfficeUpdate11 2006-09-12 12:27 -------- d-------- C:\Documents and Settings\Sara\Application Data\Adobe 2006-09-12 09:53 -------- d-------- C:\Program Files\Common Files\Ahead 2006-09-12 09:53 -------- d-------- C:\Program Files\Ahead 2006-09-12 09:47 -------- d-------- C:\Program Files\CyberLink 2006-09-12 09:42 -------- d-------- C:\Program Files\Internet Explorer 2006-09-12 09:16 -------- d-------- C:\Program Files\Common Files\Cisco Systems 2006-09-12 09:14 -------- d-------- C:\Program Files\Common Files\Adobe 2006-09-12 09:13 -------- d-------- C:\Program Files\Adobe 2006-09-12 03:03 -------- d-------- C:\Program Files\Messenger 2006-09-12 03:00 -------- d-------- C:\Program Files\Outlook Express 2006-09-12 03:00 -------- d-------- C:\Program Files\Common Files\System 2006-09-12 01:03 62 --ahs---- C:\Documents and Settings\Sara\Application Data\desktop.ini 2006-09-12 01:03 -------- d-------- C:\Program Files\Common Files\SpeechEngines 2006-09-12 01:03 -------- d-------- C:\Program Files\Common Files\ODBC 2006-09-11 23:35 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-09-11 23:34 -------- d-------- C:\Program Files\Microsoft.NET 2006-09-11 23:32 -------- d-------- C:\Program Files\Microsoft Office 2006-09-11 23:32 -------- d-------- C:\Program Files\Common Files\DESIGNER 2006-09-11 23:31 -------- d-------- C:\Program Files\Microsoft Works 2006-09-11 23:31 -------- d-------- C:\Program Files\Microsoft Visual Studio 2006-09-11 23:18 -------- d-------- C:\Documents and Settings\Sara\Application Data\Identities 2006-09-11 23:17 -------- d--h----- C:\Program Files\Uninstall Information 2006-09-11 23:12 -------- d-------- C:\Program Files\xerox 2006-09-11 23:12 -------- d-------- C:\Program Files\microsoft frontpage 2006-09-11 23:11 0 -rahs---- C:\MSDOS.SYS 2006-09-11 23:11 0 -rahs---- C:\IO.SYS 2006-09-11 23:11 0 --a------ C:\CONFIG.SYS 2006-09-11 23:11 0 --a------ C:\AUTOEXEC.BAT 2006-09-11 23:10 -------- d--h----- C:\Program Files\WindowsUpdate 2006-09-11 23:10 -------- d-------- C:\Program Files\Online Services 2006-09-11 23:09 -------- d-------- C:\Program Files\NetMeeting 2006-09-11 23:09 -------- d-------- C:\Program Files\Movie Maker 2006-09-11 23:09 -------- d-------- C:\Program Files\Common Files\Services 2006-09-11 23:09 -------- d-------- C:\Program Files\Common Files\MSSoap 2006-09-11 23:08 -------- d-------- C:\Program Files\ComPlus Applications 2006-09-11 23:07 -------- d-------- C:\Program Files\Windows NT 2006-09-11 23:07 -------- d-------- C:\Program Files\MSN Gaming Zone 2006-08-25 17:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll 2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-16 17:55 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2006-08-16 13:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll 2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll 2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll 2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll 2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll 2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll 2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll 2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll 2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll 2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll 2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll 2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll 2006-08-11 21:45 266240 --a------ C:\WINDOWS\system32\nvrsesm.dll 2006-08-11 21:45 258048 --a------ C:\WINDOWS\system32\nvrsko.dll 2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrssl.dll 2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrssk.dll 2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrshu.dll 2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll 2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll 2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll 2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll 2006-08-11 21:44 323584 --a------ C:\WINDOWS\system32\nvrshe.dll 2006-08-11 21:44 323584 --a------ C:\WINDOWS\system32\nvrsar.dll 2006-08-11 21:44 274432 --a------ C:\WINDOWS\system32\nvrses.dll 2006-08-11 21:44 274432 --a------ C:\WINDOWS\system32\nvrsel.dll 2006-08-11 21:44 266240 --a------ C:\WINDOWS\system32\nvrspt.dll 2006-08-11 21:44 262144 --a------ C:\WINDOWS\system32\nvrsja.dll 2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrstr.dll 2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrspl.dll 2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrsno.dll 2006-08-11 21:44 241664 --a------ C:\WINDOWS\system32\nvrscs.dll 2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe 2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll 2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll 2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe 2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll 2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe 2006-08-11 21:43 335872 --a------ C:\WINDOWS\system32\nvwrses.dll 2006-08-11 21:43 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll 2006-08-11 21:43 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll 2006-08-11 21:43 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll 2006-08-11 21:43 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll 2006-08-11 21:43 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll 2006-08-11 21:43 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll 2006-08-11 21:43 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll 2006-08-11 21:43 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll 2006-08-11 21:43 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll 2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll 2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll 2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll 2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll 2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll 2006-08-11 21:43 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll 2006-08-11 21:43 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll 2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll 2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll 2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll 2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll 2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll 2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll 2006-08-11 21:43 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll 2006-08-11 21:43 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll 2006-08-11 21:43 278528 --a------ C:\WINDOWS\system32\nvrsfr.dll 2006-08-11 21:43 274432 --a------ C:\WINDOWS\system32\nvrsit.dll 2006-08-11 21:43 270336 --a------ C:\WINDOWS\system32\nvrsde.dll 2006-08-11 21:43 266240 --a------ C:\WINDOWS\system32\nvrsnl.dll 2006-08-11 21:43 262144 --a------ C:\WINDOWS\system32\nvrsru.dll 2006-08-11 21:43 262144 --a------ C:\WINDOWS\system32\nvrsptb.dll 2006-08-11 21:43 245760 --a------ C:\WINDOWS\system32\nvrssv.dll 2006-08-11 21:43 245760 --a------ C:\WINDOWS\system32\nvrsda.dll 2006-08-11 21:43 241664 --a------ C:\WINDOWS\system32\nvrsfi.dll 2006-08-11 21:43 241664 --a------ C:\WINDOWS\system32\nvrseng.dll 2006-08-11 21:43 221184 --a------ C:\WINDOWS\system32\nvrszhc.dll 2006-08-11 21:43 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll 2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvwrsko.dll 2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll 2006-08-11 21:43 167936 --a------ C:\WINDOWS\system32\nvwrszht.dll 2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2006-08-11 21:43 163840 --a------ C:\WINDOWS\system32\nvwrszhc.dll 2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe 2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll 2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2006-08-11 21:43 122880 --a------ C:\WINDOWS\system32\nvrszht.dll 2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll 2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll 2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll 2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll 2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll 2006-08-11 21:42 208896 --a------ C:\WINDOWS\system32\nvudisp.exe 2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe 2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CT Startup] "CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "WINDVDPatch"="CTHELPER.EXE" "UpdReg"="C:\\WINDOWS\\UpdReg.EXE" "Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\"" "CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run" "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\"" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optio nalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optio nalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optio nalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optio nalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Mijn huidige introductiepagina" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c4,02,0 0,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,f f,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,0 0,d2,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\ sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\ shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\e xplorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\e xplorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\ system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\ explorer] @="" "NoDriveTypeAutoRun"=hex:5f,00,00,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\ explorer\run] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies \explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserv iceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: 06-10-22 15:36:19.46 C:\ComboFix.txt ... 06-10-22 15:36 Logfile of HijackThis v1.99.1 Scan saved at 15:40:34, on 22-10-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Realtek\Rtl8180\RtlWake.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Sara\LOCALS~1\Temp\Rar$EX00.844\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: RtlWake.lnk = C:\Program Files\Realtek\Rtl8180\RtlWake.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.google.nl O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe |
![]() |
|
Om te beginnen, M0ss0l
Zet het programma van HJT in een eigen mapje, dus maak een nieuwe map aan op je C schijf en noem het bv. C:HJT en unzip het programma dan daar naar toe en werk dan vanuit die map. Verder Print onderstaande even af. Sluit alle open vensters van internet explorer. Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig DeluxeCommunications. Indien deze er niet tussen staat ga je naar Start - uitvoeren en tik je dit commando in: "%ProgramFiles%\DeluxeCommunications\Dxc.exe" /u Druk daarna op OK. Het deïnstallatieprocess van DeluxeCommunications zal starten. In een venster dat opent wordt je gevraagd een securitycode in te voeren om deïnstallatieprocess verder te zetten. Typ de securitycode in en klik op OK. In het nieuwe venster dat verschijnt klik je op Yes om ermee akkoord te gaan dat alle browservensters gesloten worden om het deïnstallatieprocess te voltooien. Wanneer gevraagd wordt om de computer te herstarten, sta je dit toe: klik op Ja. Wanneer de computer herstart is, download je deze regfile: FixDXC.reg Plaats FixDXC.reg op je bureaublad, dubbelklik erop, en laat de wijzigingen aan het register toevoegen. Start de verkenner en zoek naar onderstaande mappen en verwijder die (indien nog aanwezig) C:\Documents and Settings\Jan\Application Data\Dxcknwrd.dll C:\WINDOWS\system32\bkd.exe C:\Program Files\DeluxeCommunications\ Start opnieuw op en doe weer een combofix als eerder beschreven en weer een HJT logje ter controle aub. Dan kan ik kijken of alles weg is. Juisterr
__________________
Alles is betrekkelijk.
Proud member of ASAP |
![]() |
||
Citaat:
http://www.hijackthis.nl/forum/viewtopic.php?t=5224 volgens mij gaat t de goede kant op
__________________
Lampaan.
|
![]() |
||
Citaat:
__________________
Lampaan.
|
![]() |
||
Citaat:
(veilige modus, tijdens opstarten op F8 getapt drukken)
__________________
Alles is betrekkelijk.
Proud member of ASAP |
![]() |
|
Halo, im back
![]() Kun je deze ff controleren, kwil m toch clean. Hijackthis na 14 dagen herinstallatie ![]() Logfile of HijackThis v1.99.1 Scan saved at 18:05:59, on 26/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\windows\system32\rlvknlg.exe C:\Program Files\Arcade\PCMService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\acer\eRecovery\Monitor.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\DOCUME~1\Simon\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
__________________
Lang , mijn systeembeheerder | www.google.be | Aspire 3020
|
![]() |
||
Citaat:
![]() Ook kan je op google zoeken op trojan horse removal of zo, wees hier wel voorzichtig mee want sommige programma's zijn niet bepaald goed voor je computer dus zorg ervoor dat je het vertrouwt.
__________________
Als je iets niet ziet, wil dat niet zeggen dat het er niet is...
Laatst gewijzigd op 27-10-2006 om 14:18. |
![]() |
||
Citaat:
__________________
"Typefouten zijn gratis" | "Daar is vast wel een knopje voor" | "Ik weet, want ik zoek" | Powered by Firefox, Chromium, Mac OS X, OpenSuse, and Google.
|
![]() |
||
Citaat:
Ennuh de inhoud van program files\neddotnet dumpen En proces rlvknlg.exe stoppen en deze uit je windows\system32 map gooien
__________________
"Typefouten zijn gratis" | "Daar is vast wel een knopje voor" | "Ik weet, want ik zoek" | Powered by Firefox, Chromium, Mac OS X, OpenSuse, and Google.
|
![]() |
||
Citaat:
__________________
Scatterheart heeft chronisch fernwee.
|
![]() |
||
Citaat:
![]()
__________________
Scatterheart heeft chronisch fernwee.
|
![]() |
||
Citaat:
![]()
__________________
Als je iets niet ziet, wil dat niet zeggen dat het er niet is...
|
![]() |
|||
Citaat:
Citaat:
Dus post hier ff een logje dat je maakt met hijackthis, zodat wij je kunnen zeggen wat je moet verwijderen.
__________________
"Typefouten zijn gratis" | "Daar is vast wel een knopje voor" | "Ik weet, want ik zoek" | Powered by Firefox, Chromium, Mac OS X, OpenSuse, and Google.
|
![]() |
||
Citaat:
Ik zou toch proberen om het zaakje opgelost te krijgen door de Uninstall van NewDotNet te gebruiken want NewDotNet gooit een hele hoop registersleutels die belangrijk zijn voor uw internetverbinding overhoop. Heb al dikwijls gezien als NewDotNet word verwijderd manueel dat nadien geen verbinding meer mogelijk is met het internet. De uninstall tool herstelt deze registersleutels, een ander mogelijkheid is een Anti-Spyware programma het zaakje laten opkuisen en dan nadien de WinSockFix gebruiken : http://users.pandora.be/DeLorean/Dow...WinsockFix.exe Handleiding voor deze WinSockfix : Na downloaden Winsockfix.exe aanklikken en "Reg backup" klikken, je huidig register word nu opgeslaan in de map "ERDNT" Daarna klik je "Fix" de Winsockfix Utility doet dan het volgende: 1) Controleert je Windows versie 2) Releast uw IP-adress zodat je Offline bent 3) Reset de TCP stack door Netsh.exe te gebruiken (Windows XP alleen) 4) Verwijderd de huidige TCP en Winsock waardes in het register 5) Nieuwe "werkende" waardes worden in de plaats gezet 6) Uw huidig Host bestand word gebackupt 7) Er word een standaard Host bestand geplaatst Cool Computer herstart. Ps: Deze fix mag je ook aanraden als mensen klagen over "Kan pagina niet weergeven..." terwijl ze toch een geldig IP-adress toegekent krijgen. pps. Als je NewDotNet verwijderd via Software, dan word de Uninstall van NewDotNet gebruikt, deze bevind zich in C:\Windows\ Als je eerst programma's gaat gebruiken zoals Spybot, Ad-Aware, Ewido enz enz, die verwijderen die uninstall en gooien alles van NewDotNet weg, maar de beschadigde register-sleutels welke betrekking hebben op uw internetverbinding, die blijven beschadigt achter. Daarom die WinSockfix altijd gebruiken als Anti-spyware programma's eerst gebruikt geweest zijn, de Uninstall van NewDotNet doet ongeveer hetzelfde als de WinSockfix.
__________________
Alles is betrekkelijk.
Proud member of ASAP |
![]() |
|
Hier HijackTHis
Logfile of HijackThis v1.99.1 Scan saved at 14:19:28, on 28/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\windows\system32\rlvknlg.exe C:\Program Files\Arcade\PCMService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\acer\eRecovery\Monitor.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\DOCUME~1\Simon\LOCALS~1\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
__________________
Lang , mijn systeembeheerder | www.google.be | Aspire 3020
|
![]() |
|
Ik heb geprobeerd dat 04 bestandje ...-boot te verwijderen via manuele manier maar HijackThis gaf dit telkens terug dan maar Fix Scan gedaan en dan kreeg ik dit :
Logfile of HijackThis v1.99.1 Scan saved at 14:30:17, on 28/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Arcade\PCMService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\acer\eRecovery\Monitor.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\DOCUME~1\Simon\LOCALS~1\Temp\Tijdelijke map 5 voor hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
__________________
Lang , mijn systeembeheerder | www.google.be | Aspire 3020
|
![]() |
|
C:\DOCUME~1\Simon\LOCALS~1\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe
Het programma van HJT dient uit een vaste map gedraaid te worden Simon, dus maak een nieuwe map aan op je C schijf bv. C:\HJT en unzip het programma daar naar toe en werk dan vanuit die map, alleen dan kan het netjes backups maken. Start opnieuw op in veilige modus, http://users.telenet.be/marcvn/spyware/1378056.htm Start HJT opnieuw en doe een systemscan only vink onderstaande regel aan sluit alle vensters behalve HJT en klik op fix checked. O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe –boot start je verkenner en verwijder onderstaand dikgedrukt bestandje. C:\windows\system32\rlvknlg.exe Mag ik een nieuw HJT logje aub. Juisterr
__________________
Alles is betrekkelijk.
Proud member of ASAP |
![]() |
|
Mensen heb alles all geprobeert trend micro huis call 2 verschillende viruscanners op de computer en spybot maar ze zitten er nog steeds snotverdepotver....
nou hies is mijn hackthis log ik hoop dat jullie me kunnen helpen Logfile of HijackThis v1.99.1 Scan saved at 9:22:01, on 1-11-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\arservice.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\sxserv101.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\PROGRA~1\MESSEN~1\Msmsgs.exe C:\windows\system32\ngpw36.exe C:\DOCUME~1\NICKDA~1\MIJNDO~1\RACLE~1\regsvr32.exe C:\Documents and Settings\Nick da Costa\Application Data\S?mantec\?hkntfs.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier. exe C:\Program Files\HP\Digital Imaging\bin\Data\resources\hpqtra08.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\Data\resources\st121g.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\NICKDA~1\LOCALS~1\Temp\Rar$EX00.797\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll R3 - URLSearchHook: (no name) - {54AFBF6D-08A2-2601-82BC-25A7785CE695} - C:\WINDOWS\system32\pdo.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {54AFBF6D-08A2-2601-82BC-25A7785CE695} - C:\WINDOWS\system32\pdo.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ngsh33.clsIS - {941CA48C-3984-4E7D-AAF8-8755ED76EB50} - C:\WINDOWS\system32\ngsh33.dll O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\g4832734.dll O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00403} - C:\WINDOWS\fontextc.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Aapp] C:\windows\system32\adprot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [MSMSGS] "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background O4 - HKCU\..\Run: [ngpw36] C:\windows\system32\ngpw36.exe O4 - HKCU\..\Run: [adprot] C:\windows\system32\adprot.exe O4 - HKCU\..\Run: [Oiud] "C:\DOCUME~1\NICKDA~1\MIJNDO~1\RACLE~1\regsvr32.exe" -vt tzt O4 - HKCU\..\Run: [Bfx] C:\Documents and Settings\Nick da Costa\Application Data\S?mantec\?hkntfs.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier. exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\Data\resources\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\Data\resources\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\Data\resources\OSA.EXE O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\Data\resources\st121g.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://deaapuitdemouw.spaces.msn.com...d/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1157996733703 O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://partyflock.nl/components/ImageUploader3.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0BC7B357-60E8-4EC5-B3D0-7F62CEA78E2D}: NameServer = 10.0.0.138 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winwil32 - C:\WINDOWS\SYSTEM32\winwil32.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe alvast bedankt ![]() ![]()
__________________
All Hail to the Ale!
|
![]() |
|
** Freyk's kladje **
C:\WINDOWS\system32\sxserv101.exe C:\windows\system32\ngpw36.exe C:\DOCUME~1\NICKDA~1\MIJNDO~1\RACLE~1\regsvr32.exe C:\Documents and Settings\Nick da Costa\Application Data\S?mantec\?hkntfs.exe O2 - BHO: ngsh33.clsIS - {941CA48C-3984-4E7D-AAF8-8755ED76EB50} - C:\WINDOWS\system32\ngsh33.dll O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\g4832734.dll O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00403} - C:\WINDOWS\fontextc.dll O4 - HKLM\..\Run: [Aapp] C:\windows\system32\adprot O4 - HKCU\..\Run: [ngpw36] C:\windows\system32\ngpw36.exe O4 - HKCU\..\Run: [adprot] C:\windows\system32\adprot.exe O4 - HKCU\..\Run: [Oiud] "C:\DOCUME~1\NICKDA~1\MIJNDO~1\RACLE~1\regsvr32.exe" -vt tzt O4 - HKCU\..\Run: [Bfx] C:\Documents and Settings\Nick da Costa\Application Data\S?mantec\?hkntfs.exe O20 - Winlogon Notify: winwil32 - C:\WINDOWS\SYSTEM32\winwil32.dll O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe ( adprot.exe ngpw36.exe) -> adware.adblaster (fontextc.dll) -> Troj/CWSMeup-E
__________________
"Typefouten zijn gratis" | "Daar is vast wel een knopje voor" | "Ik weet, want ik zoek" | Powered by Firefox, Chromium, Mac OS X, OpenSuse, and Google.
Laatst gewijzigd op 02-11-2006 om 07:14. |
![]() |
|
Mijn HJT:
Logfile of HijackThis v1.99.1 Scan saved at 0:35:41, on 2-11-2006 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE C:\WINNT\System32\svchost.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\WatchDog\wdserver.exe C:\Program Files\F-Secure\Common\FSGK32.EXE C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\BACKWE~1.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\WINNT\Explorer.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINNT\System32\igfxtray.exe C:\WINNT\System32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\WINNT\loadqm.exe C:\Program Files\WatchDog\watchdog.exe C:\WINNT\FVProtect.exe C:\WINNT\System32\BtUsrBdg.exe C:\WINNT\System32\BTSetBootKey.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINNT\System32\internat.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easywebsearch.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.easywebsearch.nl/ie.php R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msn.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.1.9:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*;intranet.sgj.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [WatchDog] "C:\Program Files\WatchDog\watchdog.exe" /login O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINNT\FVProtect.exe O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe" O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Startup.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/nl_ver32n.CAB O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6} (Easywebinstaller Control) - http://s7.blingblingcontent.com/tool...binstaller.ocx O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/Cl.../OCI/setup.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://herma1986.spaces.msn.com//Pho...d/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13250041...p/RdxIE601.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents...r/imloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1B2EAB35-FAF8-42A5-9185-2B2494F5D842}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{1B2EAB35-FAF8-42A5-9185-2B2494F5D842}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{1B2EAB35-FAF8-42A5-9185-2B2494F5D842}: NameServer = 192.168.1.1 O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O23 - Service: FS BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: WatchDog Network Server (wdserver) - None - C:\Program Files\WatchDog\wdserver.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing) Wat te doen?
__________________
Veramerikanisering alom!
|
Advertentie |
|
![]() |
Topictools | Zoek in deze topic |
|
|
![]() |
||||
Forum | Topic | Reacties | Laatste bericht | |
Software & Hardware |
Centraal spyware, adware & virussen topic [5] M@rco | 499 | 26-03-2008 13:10 |