Oud 06-10-2006, 22:49
Verwijderd
Logfile of HijackThis v1.99.1
Scan saved at 23:03:16, on 6-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\stonedrv.exe
C:\Program Files\Common Files\{DCAFFC61-0710-1043-0624-05110304001f}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
D:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
F2 - REGystem.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [explorer] D:\Documents and Settings\Charlotte\Yinstall.exe
O4 - HKLM\..\Run: [bwx5adde] RUNDLL32.EXE w03c1c1f.dll,n 0055add90000000a03c1c1f
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e23.exe
O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - Global Startup: Remote Control.lnk = C:\Program Files\ZOLID Multimedia\VS-TV7134RF Utilities\P3XRCtl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/downloa...t/instwact.dll
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\rdcc.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe



computer van me vriendin, heeft op een link via msn geklikt (van ben jij dit op de foto??!?!!?) en sindsdien..hoe dit weg te halen? hitman pro pakt het niet..
en wat is het probleem eigenlijk?;p
Advertentie
Oud 07-10-2006, 07:31
juisterr
Avatar van juisterr
juisterr is offline
Antwoord aan reuff

Lekker handig hoor, spring je ook in het water als iemand dat tegen je zegt ?

Ok de fix, probeer die zo goed als kan uit te voeren, lukt er iets niet gewoon doorgaan.


Ga naar software in configuratiescherm en uninstall daar MSN ,



Start HJT opnieuw en vink onderstaande regels aan sluit alle vensters behalve HJT en klik op fix checked.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
F2 - REG ystem.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O4 - HKLM\..\Run: [explorer] D:\Documents and Settings\Charlotte\Yinstall.exe
O4 - HKLM\..\Run: [bwx5adde] RUNDLL32.EXE w03c1c1f.dll,n 0055add90000000a03c1c1f
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e23.exe
O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\rdcc.dll (file missing)


Verwijder via verkenner onderstaande dikgedrukte items.

D:\Documents and Settings\Charlotte\Yinstall.exe
C:\windows\system32\stonedrv.exe
C:\WINDOWS\system32\rpcc.dll


Download Dr.Web CureIt naar je Bureaublad:
  • Dubbelklik drweb-cureit.exe Klik op udate
  • Na de update verschijnt er een nieuw icoontje op je buroblad "CureIt.exe" dubbelklik het en klik op Scan, sta het toe om de express scan te starten.
  • Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
    klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
  • Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen.
  • Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
  • Klik daarna de groene pijl rechts om de scan te starten.
  • Klik Yes to all wanneer er gevraagd wordt om cure of move uit te voeren.
  • Wanneer de scan beëindigd is, kijk of je kunt op het icoontje naast de gevonden bestanden klikken:
  • Indien ja,klik er op en klik vervolgens op het icoontje er juist onder en selecteer Move incurable zoals je hier ziet:

    Dit verplaatst gevonden bestanden naar de "%userprofile%\DoctorWeb\quarantaine-map" indien herstel niet mogelijk is.
  • Nadat de scan gedaan is, in het menu bovenaan, klik File en kies Save report List. Bewaar het op je Bureaublad.
  • Sluit daarna Dr.Web Cureit.
  • Herstart je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
  • Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

Negeer popups over Buy of 50% korting

Download Combofix naar je Bureaublad.
  • Dubbelklik Combofix.exe
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.


Aub
Een nieuw logje van HJT en het logje van dr.web en combofix.

Succes.

Juisterr
__________________
Alles is betrekkelijk.
Proud member of ASAP
Oud 07-10-2006, 12:28
-SoloWolf-
Avatar van -SoloWolf-
-SoloWolf- is offline
HJT log
Citaat:
Logfile of HijackThis v1.99.1
Scan saved at 13:27, on 06-10-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hitman Pro\srhelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\GrabIt\GrabIt.exe
C:\DOCUME~1\FAMILI~1\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Hitman Pro\surfright.exe" "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "C:\Program Files\Hitman Pro\srhelper.exe"
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1157312328557
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata...PSUploader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/SITE/xupload/XUpload.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
DR. web
Citaat:
A0012317.dll;C:\System Volume Information\_restore{1E850D15-038C-4A46-A578-9181D98BCED0}\RP49;Probably STPAGE.Trojan;Incurable.Moved.;
A0012330.dll;C:\System Volume Information\_restore{1E850D15-038C-4A46-A578-9181D98BCED0}\RP49;Probably STPAGE.Trojan;Incurable.Moved.;
A0012345.dll;C:\System Volume Information\_restore{1E850D15-038C-4A46-A578-9181D98BCED0}\RP49;Probably STPAGE.Trojan;Incurable.Moved.;
A0012356.dll;C:\System Volume Information\_restore{1E850D15-038C-4A46-A578-9181D98BCED0}\RP49;Probably STPAGE.Trojan;Incurable.Moved.;
A0012366.dll;C:\System Volume Information\_restore{1E850D15-038C-4A46-A578-9181D98BCED0}\RP49;Probably STPAGE.Trojan;Incurable.Moved.;
A0012376.dll;C:\System Volume Information\_restore{1E850D15-038C-4A46-A578-9181D98BCED0}\RP49;Probably STPAGE.Trojan;Incurable.Moved.;
A0012387.dll;C:\System Volume Information\_restore{1E850D15-038C-4A46-A578-9181D98BCED0}\RP49;Probably STPAGE.Trojan;Incurable.Moved.;
A0012484.dll;C:\System Volume Information\_restore{1E850D15-038C-4A46-A578-9181D98BCED0}\RP50;Probably STPAGE.Trojan;Incurable.Moved.;
A0012505.dll;C:\System Volume Information\_restore{1E850D15-038C-4A46-A578-9181D98BCED0}\RP50;Probably STPAGE.Trojan;Incurable.Moved.;
A0012515.dll;C:\System Volume Information\_restore{1E850D15-038C-4A46-A578-9181D98BCED0}\RP50;Probably STPAGE.Trojan;Incurable.Moved.;
A0012525.dll;C:\System Volume Information\_restore{1E850D15-038C-4A46-A578-9181D98BCED0}\RP50;Probably STPAGE.Trojan;Incurable.Moved.;
A0012534.dll;C:\System Volume Information\_restore{1E850D15-038C-4A46-A578-9181D98BCED0}\RP50;Probably STPAGE.Trojan;Incurable.Moved.;
A0012552.dll;C:\System Volume Information\_restore{1E850D15-038C-4A46-A578-9181D98BCED0}\RP51;Probably STPAGE.Trojan;Incurable.Moved.;
A0012572.dll;C:\System Volume Information\_restore{1E850D15-038C-4A46-A578-9181D98BCED0}\RP51;Trojan.Popuper;Deleted.;
A0012574.dll;C:\System Volume Information\_restore{1E850D15-038C-4A46-A578-9181D98BCED0}\RP51;Probably STPAGE.Trojan;Incurable.Moved.;
A0012576.exe\data002;C:\System Volume Information\_restore{1E850D15-038C-4A46-A578-9181D98BCED0}\RP51\A0012576.exe;Probably STPAGE.Trojan;;
A0012576.exe;C:\System Volume Information\_restore{1E850D15-038C-4A46-A578-9181D98BCED0}\RP51;Archive contains infected objects;Moved.;
__________________
|| Heaven won't let me in, Hell's afraid that I take over ||
[QUOTE=Ellesdee;26151717]hahaha, je bent wel lief <3[/QUOTE]
Oud 07-10-2006, 16:27
Verwijderd
Citaat:
juisterr schreef op 07-10-2006 @ 08:31 :
Antwoord aan reuff

Lekker handig hoor, spring je ook in het water als iemand dat tegen je zegt ?

Ok de fix, probeer die zo goed als kan uit te voeren, lukt er iets niet gewoon doorgaan.


Ga naar software in configuratiescherm en uninstall daar MSN ,



Start HJT opnieuw en vink onderstaande regels aan sluit alle vensters behalve HJT en klik op fix checked.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
F2 - REG ystem.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O4 - HKLM\..\Run: [explorer] D:\Documents and Settings\Charlotte\Yinstall.exe
O4 - HKLM\..\Run: [bwx5adde] RUNDLL32.EXE w03c1c1f.dll,n 0055add90000000a03c1c1f
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e23.exe
O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\rdcc.dll (file missing)


Verwijder via verkenner onderstaande dikgedrukte items.

D:\Documents and Settings\Charlotte\Yinstall.exe
C:\windows\system32\stonedrv.exe
C:\WINDOWS\system32\rpcc.dll


Download Dr.Web CureIt naar je Bureaublad:
  • Dubbelklik drweb-cureit.exe Klik op udate
  • Na de update verschijnt er een nieuw icoontje op je buroblad "CureIt.exe" dubbelklik het en klik op Scan, sta het toe om de express scan te starten.
  • Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
    klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
  • Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen.
  • Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
  • Klik daarna de groene pijl rechts om de scan te starten.
  • Klik Yes to all wanneer er gevraagd wordt om cure of move uit te voeren.
  • Wanneer de scan beëindigd is, kijk of je kunt op het icoontje naast de gevonden bestanden klikken: [afbeelding]
  • Indien ja,klik er op en klik vervolgens op het icoontje er juist onder en selecteer Move incurable zoals je hier ziet:
    [afbeelding]
    Dit verplaatst gevonden bestanden naar de "%userprofile%\DoctorWeb\quarantaine-map" indien herstel niet mogelijk is.
  • Nadat de scan gedaan is, in het menu bovenaan, klik File en kies Save report List. Bewaar het op je Bureaublad.
  • Sluit daarna Dr.Web Cureit.
  • Herstart je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
  • Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

Negeer popups over Buy of 50% korting

Download Combofix naar je Bureaublad.
  • Dubbelklik Combofix.exe
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.


Aub
Een nieuw logje van HJT en het logje van dr.web en combofix.

Succes.

Juisterr
hej het was me vriendin die er op klinkte hoor
maar bedankt, ik ga het straks proberen
Oud 07-10-2006, 18:51
Verwijderd
Citaat:
Logfile of HijackThis v1.99.1
Scan saved at 19:44:14, on 7-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ZOLID Multimedia\VS-TV7134RF Utilities\P3XRCtl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
D:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\Tijdelijke map 5 voor hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Remote Control.lnk = C:\Program Files\ZOLID Multimedia\VS-TV7134RF Utilities\P3XRCtl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/downloa...t/instwact.dll
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
combofix
Citaat:
Charlotte - 06-10-07 19:40:09,07 Service Pack 2
ComboFix 06.09.28 - Running from: "D:\Documents and Settings\Charlotte\Bureaublad"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\deskbar.exe
C:\deskbar_e21.exe
D:\Documents and Settings\Charlotte\Local Settings\Temporary Internet Files\Content.IE5\23G9WJ2N\dfndrff_e_uit[1].exe
D:\Documents and Settings\Charlotte\Local Settings\Temporary Internet Files\Content.IE5\23G9WJ2N\deskbar_e[1].exe
D:\Documents and Settings\Charlotte\Local Settings\Temporary Internet Files\Content.IE5\MNSNQJCV\MTE3NDI6ODoxNgV2[1].exe
C:\Program Files\Common Files\{DCAFFC61-0710-1043-0624-05110304001f}


((((((((((((((((((((((((((((((( Files Created from 2006-09-07 to 2006-10-07 ))))))))))))))))))))))))))))))))))


2006-10-06 22:46 76,288 --a------ C:\ccreenfd.exe
2006-10-06 22:46 40,958 --a------ C:\tyeoh.exe
2006-10-06 22:46 1,465 --a------ C:\ovvpecjh.exe
2006-10-05 21:10 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-10-05 21:10 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-10-05 21:09 78,336 --a------ C:\WINDOWS\system32\drivers\ssi.sys
2006-10-05 21:09 102,912 --a------ C:\WINDOWS\system32\islzma.dll
2006-10-05 21:03 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-10-05 21:03 270,336 --a------ C:\WINDOWS\system32\imon.dll
2006-10-05 20:07 1,233 --a------ C:\WINDOWS\system32\bwx5adde.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required

2006-10-07 19:41 -------- d-------- C:\Program Files\Common Files
2006-10-07 19:41 -------- d-------- C:\Program Files\Common Files
2006-10-06 22:56 -------- d-------- C:\Program Files\Windows Media Player
2006-10-06 22:56 -------- d-------- C:\Program Files\Windows Media Player
2006-10-06 22:52 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-06 22:51 -------- d-------- C:\Program Files\MSN Messenger
2006-10-06 22:51 -------- d-------- C:\Program Files\MSN Messenger
2006-10-06 16:24 -------- d-------- C:\Program Files\Hitman Pro
2006-10-06 16:24 -------- d-------- C:\Program Files\Hitman Pro
2006-10-06 16:21 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-05 21:21 -------- d-------- C:\Program Files\ESET
2006-10-05 21:21 -------- d-------- C:\Program Files\ESET
2006-10-05 21:13 -------- d-------- C:\Program Files\Spyware Doctor
2006-10-05 21:13 -------- d-------- C:\Program Files\Spyware Doctor
2006-10-05 21:08 -------- d-------- C:\Program Files\Webroot
2006-10-05 21:08 -------- d-------- C:\Program Files\Webroot
2006-10-05 20:38 -------- d-------- C:\Program Files\SpywareBlaster
2006-10-05 20:38 -------- d-------- C:\Program Files\SpywareBlaster
2006-10-05 19:07 -------- d-------- C:\Program Files\Norton Internet Security
2006-10-05 19:07 -------- d-------- C:\Program Files\Norton Internet Security
2006-08-29 21:57 -------- d-------- C:\Program Files\Microsoft Office
2006-08-29 21:57 -------- d-------- C:\Program Files\Microsoft Office
2006-08-29 21:57 -------- d-------- C:\Program Files\Common Files\System
2006-08-29 21:57 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-08-29 21:25 -------- d-------- C:\Program Files\Microsoft.NET
2006-08-29 21:25 -------- d-------- C:\Program Files\Microsoft.NET
2006-08-29 09:51 1339392 -ra------ C:\WINDOWS\system32\FreeImage.dll
2006-08-27 20:46 -------- d-------- C:\Program Files\Catan
2006-08-27 20:46 -------- d-------- C:\Program Files\Catan
2006-08-27 20:38 4608 --a------ C:\WINDOWS\system32\w95inf32.dll
2006-08-27 20:38 2272 --a------ C:\WINDOWS\system32\w95inf16.dll
2006-08-27 20:16 -------- d-------- C:\Program Files\Common Files\LightScribe
2006-08-27 20:14 -------- d-------- C:\Program Files\Ahead
2006-08-27 20:14 -------- d-------- C:\Program Files\Ahead
2006-08-27 20:13 -------- d-------- C:\Program Files\Common Files\Nero
2006-08-27 20:11 -------- d-------- C:\Program Files\Common Files\Ahead
2006-08-25 14:32 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-25 14:32 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-25 14:32 -------- d-------- C:\Program Files\ZOLID Multimedia
2006-08-25 14:32 -------- d-------- C:\Program Files\ZOLID Multimedia
2006-08-22 20:24 -------- d-------- C:\Program Files\Common Files\ArcSoft
2006-08-22 20:23 -------- d-------- C:\Program Files\ArcSoft
2006-08-22 20:23 -------- d-------- C:\Program Files\ArcSoft
2006-08-22 20:20 -------- d-------- C:\Program Files\Common Files\snpstd3
2006-08-15 21:02 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-08-15 21:02 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-08-14 22:10 -------- d-------- C:\Program Files\Symantec
2006-08-14 22:10 -------- d-------- C:\Program Files\Symantec
2006-08-14 22:09 -------- d-------- C:\Program Files\SymNetDrv
2006-08-14 22:09 -------- d-------- C:\Program Files\SymNetDrv
2006-08-14 21:55 -------- d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2006-08-14 21:55 -------- d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2006-08-14 21:18 -------- d-------- C:\Program Files\Panda Software
2006-08-14 21:18 -------- d-------- C:\Program Files\Panda Software
2006-08-14 21:15 -------- d-------- C:\Program Files\Messenger
2006-08-14 21:15 -------- d-------- C:\Program Files\Messenger
2006-08-14 21:15 -------- d-------- C:\Program Files\Lexmark X1100 Series
2006-08-14 21:15 -------- d-------- C:\Program Files\Lexmark X1100 Series
2006-08-14 21:15 -------- d-------- C:\Program Files\Internet Explorer
2006-08-14 21:15 -------- d-------- C:\Program Files\Internet Explorer
2006-08-14 21:13 -------- d-------- C:\Program Files\Common Files\Panda Software


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.E XE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"VTTimer"="VTTimer.exe"
"VTTrayp"="VTtrayp.exe"
"SoundMan"="SOUNDMAN.EXE"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Ulead AutoDetector v2"="C:\\Program Files\\Common Files\\Ulead Systems\\AutoDetector\\monitor.exe"
"PCMService"="\"c:\\Apps\\Powercinema\\PCMService.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32\""
"ACTIVBOARD"="c:\\apps\\ABoard\\ABoard.exe"
"Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"DXM6Patch_981116"="C:\\WINDOWS\\p_981116.exe /Q:A"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Optio nalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Optio nalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Optio nalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Optio nalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,0 0,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,f f,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,0 0,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"=""

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\e xplorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\e xplorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies \explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServ iceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Herinnering voor registratie 1.job
C:\WINDOWS\tasks\Herinnering voor registratie 2.job
C:\WINDOWS\tasks\Herinnering voor registratie 3.job
C:\WINDOWS\tasks\PC instellen.job

Completion time: Sat 07-10-2006 19:41:46.10
ComboFix.txt
drweb
Citaat:
c.exe D:\Documents and Settings\Charlotte Win32.HLLW.Bure Deleted.
drsmartload1135a.exe D:\Documents and Settings\Charlotte Adware.DollarRevenue Incurable.Moved.
loadadv455.exe D:\Documents and Settings\Charlotte Trojan.DownLoader.13549 Deleted.
mt-uninstaller.exe D:\Documents and Settings\Charlotte Trojan.PurityAd Incurable.Moved.
installer.exe D:\Documents and Settings\Charlotte\Local Settings\Temp Trojan.MulDrop.924 Deleted.
drsmartload1135a[1].exe D:\Documents and Settings\Charlotte\Local Settings\Temporary Internet Files\Content.IE5\23G9WJ2N Adware.DollarRevenue Incurable.Moved.
loadadv455[1].exe D:\Documents and Settings\Charlotte\Local Settings\Temporary Internet Files\Content.IE5\23G9WJ2N Trojan.DownLoader.13549 Deleted.
edyokhrbd[1].txt D:\Documents and Settings\Charlotte\Local Settings\Temporary Internet Files\Content.IE5\8D23K9AN Trojan.PWS.Snap Deleted.
speedtest2[1].dll D:\Documents and Settings\Charlotte\Local Settings\Temporary Internet Files\Content.IE5\8D23K9AN Adware.Matcash Incurable.Moved.
ljeuqaxuj[1].htm D:\Documents and Settings\Charlotte\Local Settings\Temporary Internet Files\Content.IE5\GPUBK9AV Trojan.Proxy.1052 Deleted.
GFORCE[1].exe D:\Documents and Settings\Charlotte\Local Settings\Temporary Internet Files\Content.IE5\W1Q30LMV Win32.HLLW.Bure Deleted.
photo211.pif D:\Documents and Settings\Charlotte\Mijn documenten\Mijn muziek Trojan.DownLoader.13876 Deleted.
mt-uninstaller.exe D:\Documents and Settings\Eva Trojan.PurityAd Incurable.Moved.
installer.exe D:\Documents and Settings\Eva\Local Settings\Temp Trojan.MulDrop.924 Deleted.
A0007176.exe D:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP37 Trojan.PurityAd Incurable.Moved.
A0007181.exe D:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP37 Adware.DollarRevenue Incurable.Moved.
A0007182.exe D:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP37 Trojan.DownLoader.13549 Deleted.
A0007345.exe D:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP40 Trojan.MulDrop.4192 Deleted.
A0007348.exe D:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP40 Win32.HLLW.Bure Deleted.
A0007349.exe D:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP40 Trojan.DownLoader.13549 Deleted.
A0007350.exe D:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP40 Trojan.PurityAd Incurable.Moved.
A0007351.exe D:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP40 Trojan.PurityAd Incurable.Moved.
A0007352.exe D:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP40 Trojan.MulDrop.924 Deleted.
POSTOOBE.NEC C:\DRIVERS VBS.Generic.278 Deleted.
A0007269.dll C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP39 Trojan.PWS.Snap Deleted.
A0007270.exe C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP39 Trojan.Proxy.1052 Deleted.
A0007272.exe C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP39 Trojan.PWS.Snap Deleted.
A0007274.dll C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP39 Probably DLOADER.PWS.Trojan Incurable.Moved.
A0007275.exe C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP39 Trojan.PWS.Snap Deleted.
A0007277.exe C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP39 Win32.HLLW.Bure Deleted.
A0007278.exe C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP39 Adware.DollarRevenue Incurable.Moved.
A0007279.exe C:\System Volume Information\_restore{D786E0BB-1C34-4673-BCA6-1BB91F86BD21}\RP39 Trojan.DownLoader.13549 Deleted.
TheMatrixHasYou.exe C:\WINDOWS\system32 Trojan.Proxy.899 Deleted.
Oud 08-10-2006, 12:25
juisterr
Avatar van juisterr
juisterr is offline
antwoord aan Solowolf,

Code:
Download Ccleaner
Let op niet de yahoo toolbar installeren <<<<<<<<<<<<<

update hem en doe een scan (aan de linkerkant staan icoons, eerst die met het stoffertje doen, laat hem scannen en doe daarna opschonen, twee keer opschonen)
Daaronder staat een icoon met problemen, klik die aan en doe een scan, klik op fouten reparen (indien fouten aanwezig) en maak een backupmapje op je pc.

Code:

- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
- Zet een vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Windows vraagt of je dat zeker weet.
- Klik "Ja".
- Klik "OK".
- Start de pc opnieuw op.
- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
- Klik "Ja".
- Verwijder het vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Klik "OK".

Draai dr.web nogmaals en plaats dat logje aub.

Juisterr
__________________
Alles is betrekkelijk.
Proud member of ASAP
Oud 08-10-2006, 12:29
juisterr
Avatar van juisterr
juisterr is offline
Antwoord aan reuff,

Helaas slecht nieuws, je kan het zelf ook zien in je combofixlogje.

Je ben de "gelukkige" bezitter van een rootkit

Die gaan we eerst aanpakken, (lees de nek omdraaien)

Lees onderstaande goed.

Citaat:
Rootkit driver pe386 is present. A rootkit scan is required
Je hebt een speciale rootkit binnengehaald! :?
Deze rootkit is ook onzichtbaar voor rootkitscanners, zodat we hem daarmee niet kunnen bestrijden.
Dit komt omdat de pe386 rootkit ook de rootkitscanners zelf viseert,
en zichzelf verwijdert zodra je een rootkitscanner draait, waardoor hij niet op te sporen is.
Zodra de scanner stopt, wordt de pe386 terug actief.

We gaan dus een speciale werkwijze moeten gebruiken :
Ik ga je een rootkitscanner laten downloaden, maar zodra deze de scan start, moet je de Powerknop enkele seconden indrukken om je computer uit te schakelen (gebruik dus niet de gewone manier om je PC af te sluiten, maar doe het wel met de Powerknop)

We gaan de blacklight rootkit scanner gebruiken...
Sluit alle openstaande toepassingen op je PC.
Download en sla Blacklight op op je Bureaublad.
F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
Dubbelklik op blbeta.exe en aanvaard de agreement.
Klik vervolgens op Scan.
Zodra de scan begint (dus TIJDENS de scan).....sluit je je PC af door de Powerknop ingedrukt te houden!!!

Laat je PC terug opstarten, onderbreek een eventuele schijfkontrole niet.

Doe dan nogmaals een combofix scan en plaats opnieuw het logje aub.

Juisterr
__________________
Alles is betrekkelijk.
Proud member of ASAP
Oud 09-10-2006, 19:50
Verwijderd
Citaat:
juisterr schreef op 08-10-2006 @ 13:29 :
Antwoord aan reuff,

Helaas slecht nieuws, je kan het zelf ook zien in je combofixlogje.

Je ben de "gelukkige" bezitter van een rootkit

Die gaan we eerst aanpakken, (lees de nek omdraaien)

Lees onderstaande goed.


Je hebt een speciale rootkit binnengehaald! :?
Deze rootkit is ook onzichtbaar voor rootkitscanners, zodat we hem daarmee niet kunnen bestrijden.
Dit komt omdat de pe386 rootkit ook de rootkitscanners zelf viseert,
en zichzelf verwijdert zodra je een rootkitscanner draait, waardoor hij niet op te sporen is.
Zodra de scanner stopt, wordt de pe386 terug actief.

We gaan dus een speciale werkwijze moeten gebruiken :
Ik ga je een rootkitscanner laten downloaden, maar zodra deze de scan start, moet je de Powerknop enkele seconden indrukken om je computer uit te schakelen (gebruik dus niet de gewone manier om je PC af te sluiten, maar doe het wel met de Powerknop)

We gaan de blacklight rootkit scanner gebruiken...
Sluit alle openstaande toepassingen op je PC.
Download en sla Blacklight op op je Bureaublad.
F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
Dubbelklik op blbeta.exe en aanvaard de agreement.
Klik vervolgens op Scan.
Zodra de scan begint (dus TIJDENS de scan).....sluit je je PC af door de Powerknop ingedrukt te houden!!!

Laat je PC terug opstarten, onderbreek een eventuele schijfkontrole niet.

Doe dan nogmaals een combofix scan en plaats opnieuw het logje aub.

Juisterr
cold not acquere necessary privileges (seDebugprivilege.

Oud 09-10-2006, 20:36
-SoloWolf-
Avatar van -SoloWolf-
-SoloWolf- is offline
Citaat:
juisterr schreef op 08-10-2006 @ 13:25 :
antwoord aan Solowolf,

Code:
Download Ccleaner
Let op niet de yahoo toolbar installeren <<<<<<<<<<<<<

update hem en doe een scan (aan de linkerkant staan icoons, eerst die met het stoffertje doen, laat hem scannen en doe daarna opschonen, twee keer opschonen)
Daaronder staat een icoon met problemen, klik die aan en doe een scan, klik op fouten reparen (indien fouten aanwezig) en maak een backupmapje op je pc.

Code:

- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
- Zet een vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Windows vraagt of je dat zeker weet.
- Klik "Ja".
- Klik "OK".
- Start de pc opnieuw op.
- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
- Klik "Ja".
- Verwijder het vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Klik "OK".

Draai dr.web nogmaals en plaats dat logje aub.

Juisterr
ik kreeg bij dr. web een lege log dus vertel maar wat ie deed. Niets, omdat er geen virussen of ietsgelijks vond
__________________
|| Heaven won't let me in, Hell's afraid that I take over ||
[QUOTE=Ellesdee;26151717]hahaha, je bent wel lief <3[/QUOTE]
Oud 10-10-2006, 18:19
juisterr
Avatar van juisterr
juisterr is offline
hee solowolf, mag ik een nieuw HJT logje van je en vertel eens of je problemen al over zijn.
__________________
Alles is betrekkelijk.
Proud member of ASAP
Oud 10-10-2006, 18:20
juisterr
Avatar van juisterr
juisterr is offline
Hallo,
reuff


Download NTrights.zip: http://www10.brinkster.com/expl0iter...dumprights.htm
Plaats het op je bureaublad. Unzip het.
Open de map NTrights en dubbelklik op Debug.bat en volg de aanwijzingen op het scherm.
Herstart de computer.
Open de map NTrights, en dubbelklik nog een keer op Debug.bat.
Er wordt een logje gemaakt.
Dit logje zou het volgende moeten aangeven:
"Granting SeDebugPrivilege to Administrators ... successful"

Als dit zo is, dan start je Blacklight nog een keer.

Maar die link is waarschijnlijk down...
Dan kan je deze nog gebruiken:

http://download.bleepingcomputer.com...ug-Restore.exe
Dubbelklik SeDebug-Restore.exe om de tool te starten.
Als de tool klaar is, zal het programma vragen om de computer te herstarten.
__________________
Alles is betrekkelijk.
Proud member of ASAP

Laatst gewijzigd op 10-10-2006 om 19:49.
Oud 11-10-2006, 18:52
-SoloWolf-
Avatar van -SoloWolf-
-SoloWolf- is offline
Citaat:
juisterr schreef op 10-10-2006 @ 19:19 :
hee solowolf, mag ik een nieuw HJT logje van je en vertel eens of je problemen al over zijn.
de problemen zijn al over ja

hier overgens het HJT log
Citaat:
Logfile of HijackThis v1.99.1
Scan saved at 19:51, on 06-10-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hitman Pro\srhelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\GrabIt\GrabIt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\DOCUME~1\FAMILI~1\LOCALS~1\Temp\Rar$EX00.641\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Hitman Pro\surfright.exe" "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "C:\Program Files\Hitman Pro\srhelper.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1157312328557
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata...PSUploader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/SITE/xupload/XUpload.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
__________________
|| Heaven won't let me in, Hell's afraid that I take over ||
[QUOTE=Ellesdee;26151717]hahaha, je bent wel lief <3[/QUOTE]
Oud 11-10-2006, 21:05
juisterr
Avatar van juisterr
juisterr is offline
mooi werk wolf
__________________
Alles is betrekkelijk.
Proud member of ASAP
Oud 12-10-2006, 18:19
-SoloWolf-
Avatar van -SoloWolf-
-SoloWolf- is offline
Citaat:
juisterr schreef op 11-10-2006 @ 22:05 :
mooi werk wolf
daaruit concludeer ik dat het weer goed is
__________________
|| Heaven won't let me in, Hell's afraid that I take over ||
[QUOTE=Ellesdee;26151717]hahaha, je bent wel lief <3[/QUOTE]
Oud 13-10-2006, 17:01
juisterr
Avatar van juisterr
juisterr is offline
Citaat:
-SoloWolf- schreef op 12-10-2006 @ 19:19 :
daaruit concludeer ik dat het weer goed is
afgezien van 1 ding.
C:\DOCUME~1\FAMILI~1\LOCALS~1\Temp\Rar$EX00.641\HijackThis.exe

hier kan je zien dat het programma van HJT niet in een eigen mapje staat, dat is eigenlijk wel de bedoeling want alleen daar maakt het fatsoenlijke backups.

dus ihv. maak een nieuwe map aan op je C bv. C:\HJT en UNZIP het programma daar naar toe en werk dan vanuit die map.
__________________
Alles is betrekkelijk.
Proud member of ASAP
Oud 19-10-2006, 11:56
EggeD
Avatar van EggeD
EggeD is offline
Hoi, volgens mij heb ik ongeveer hetzelfde probleem als wolf laatst had, die virusburst.

Hier een logje:

Citaat:
Logfile of HijackThis v1.99.1
Scan saved at 12:53:42, on 19-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
Citaat:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\VirusBurster\virusburster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier. exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\BASTIA~1\LOCALS~1\Temp\Rar$EX00.256\HijackThis.exe
Citaat:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirusBurster] C:\Program Files\VirusBurster\virusburster.exe /h
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier. exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zang...3253c8576da316
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32\tazth.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
__________________
Lampaan.
Oud 19-10-2006, 21:14
juisterr
Avatar van juisterr
juisterr is offline
Hai egged

1. Download SmitfraudFix (vanS!Ri), en pak het uit op je bureaublad.

2. Print onderstaande instrukties uit of kopieer ze naar een .txt bestand.
Dit, omdat de rest van de fix in veilige modus is en je hier dus niet meer kan terugzoeken.

3. Start op in Veilige modus

4. Open de map smitfraudfix en dubbelklik op smitfraudfix.cmd
  • * Kies optie #2 - Clean door2 te typen, en druk op "Enter" om de
    geïnfecteerde bestanden te verwijderen.

    Je zal een vraag krijgen: ""Registry cleaning - Do you want to clean the registry ?"
    * Antwoord "yes" door y te typen en druk op "Enter".
    (Als je pc daarna niet herstart, start hem dan handmatig terug op in normale modus)

    Het kan zijn dat het tooltje je pc opnieuw laat opstarten om zijn werk te kunnen afmaken.
    * Als dat niet zo is, start je pc dan handmatig opnieuw op in normale modus.
Er zal een tekstbestandje openen met de resultaten van de fix.

5. Post de inhoud van dit bestandje in je volgende antwoord,
samen met een Hijackthis-logje.
(Je kan het rapport ook vinden in c:\rapport.txt)

Ik denk niet dat je direct van de boel afbent.
Succes
__________________
Alles is betrekkelijk.
Proud member of ASAP
Oud 20-10-2006, 01:08
EggeD
Avatar van EggeD
EggeD is offline
ha juisterr,

had mn probleem laatst ook gepost op hijackthis.nl, daar werd me die stap ook aangeraden en daarna nog wat dingetjes, waarvan ik er ook een of twee gedaan heb. tot nu toe ziet het er zo uit (zie hieronder), ik weet niet of dit goed of slecht niews is. de volgende stappen zouden zijn dr. web en combofix.

gaat t een beetje goed ?

bedankt als je nog kijkt !

Citaat:
Logfile of HijackThis v1.99.1
Scan saved at 2:05:13, on 20-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier. exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\BASTIA~1\LOCALS~1\Temp\Rar$EX00.138\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier. exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zang...3253c8576da316
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
__________________
Lampaan.
Oud 20-10-2006, 12:02
juisterr
Avatar van juisterr
juisterr is offline
Ik ben een helper bij HJT.nl onder andere.

Citaat:
5. Post de inhoud van dit bestandje in je volgende antwoord,
waar is dat ?? mag ik die ook nog zien aub.??
__________________
Alles is betrekkelijk.
Proud member of ASAP
Oud 22-10-2006, 13:20
M0ss0l
Avatar van M0ss0l
M0ss0l is offline
Logfile of HijackThis v1.99.1
Scan saved at 14:19:50, on 22-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\??mbols\m?config.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\DOCUME~1\Sara\LOCALS~1\Temp\Rar$EX00.093\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [cig0630c] RUNDLL32.EXE w0fbdf3f.dll,n 006063060000000a0fbdf3f
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [Fsgxdikw] C:\WINDOWS\??mbols\m?config.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RtlWake.lnk = C:\Program Files\Realtek\Rtl8180\RtlWake.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.nl
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\fpp0037me.dll (file missing)
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\newddi.dll
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\l4n40e5qeh.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\R2VicnVpa2Vy\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Aldus van een computer die flink naar de kloten is. (spyware, adware, onbekende processen)
Oud 22-10-2006, 13:57
juisterr
Avatar van juisterr
juisterr is offline
Hallo
M0ss0l

Print onderstaande fix af of sla het op zodat je goed onderstaande stappen kan uitvoeren.

Start HJT opnieuw en doe een systemscan only vink onderstaande regels aan sluit alle vensters behalve die van hjt en klik op fix checked.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [cig0630c] RUNDLL32.EXE w0fbdf3f.dll,n 006063060000000a0fbdf3f
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [Fsgxdikw] C:\WINDOWS\??mbols\m?config.exe
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\fpp0037me.dll (file missing)
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\newddi.dll
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\l4n40e5qeh.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\R2VicnVpa2Vy\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)


Doe vervolgens beide onderstaande tools.


Download Alcanshorty, en plaats het op je bureaublad.

Dubbelklik op alcanshorty_nl om het te installeren.
Open daarna de map alcanshorty_nl , en dubbelklik op run.bat

De icoontjes op je Bureaublad zullen verdwijnen en daarna terug verschijnen. Dit is normaal.
Wacht op de "Completed script execution"-boodschap en klik op "OK".
Sluit BFU af door op "EXIT" te klikken.

Herstart je pc,

Download Combofix naar je Bureaublad.
  • Dubbelklik Combofix.exe
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
__________________
Alles is betrekkelijk.
Proud member of ASAP
Oud 22-10-2006, 14:41
M0ss0l
Avatar van M0ss0l
M0ss0l is offline
Sara - 06-10-22 15:32:02,18 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Sara\Bureaublad"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{C28EAFEC-EE4D-4EB9-BF36-4F5E07B73334}]
@=""

[HKEY_CLASSES_ROOT\clsid\{C28EAFEC-EE4D-4EB9-BF36-4F5E07B73334}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{C28EAFEC-EE4D-4EB9-BF36-4F5E07B73334}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{C28EAFEC-EE4D-4EB9-BF36-4F5E07B73334}\InprocServer32]
@="C:\\WINDOWS\\system32\\mkls31.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{9EF50D66-6B78-44A4-B7B6-3C066101397A}]
@=""

[HKEY_CLASSES_ROOT\clsid\{9EF50D66-6B78-44A4-B7B6-3C066101397A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{9EF50D66-6B78-44A4-B7B6-3C066101397A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{9EF50D66-6B78-44A4-B7B6-3C066101397A}\InprocServer32]
@="C:\\WINDOWS\\system32\\wbspdmoe.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\system32\CKEMUPIA.DLL
C:\WINDOWS\system32\fpr4039qe.dll
C:\WINDOWS\system32\mkls31.dll
C:\WINDOWS\system32\n44s0eh7eh4.dll
C:\WINDOWS\system32\wbspdmoe.dll


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Jan\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Sara\Application Data\Dxccwrd.dll
C:\Documents and Settings\Sara\Application Data\Dxcknwrd.dll
C:\WINDOWS\system32\bkd.exe
C:\Program Files\DeluxeCommunications\Dxc.exe
C:\Program Files\DeluxeCommunications\DxcCore.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\teller2.chk
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\wintsvsu.exe
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Cowabanga
C:\Program Files\Deskbar
C:\Program Files\PrintView
C:\Program Files\Common Files\{FCB2F18D-0AEF-1043-0124-03071103001f}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\ICROSO~1.NET
C:\QooBox\Purity\Program Files\ICROSO~1.NET\ICROSO~1.NET
C:\QooBox\Purity\Program Files\ICROSO~1.NET\tracert.exe
C:\QooBox\Purity\Program Files\ICROSO~1.NET\ICROSO~1.NET\ctxad-497.0000
C:\QooBox\Purity\Program Files\ICROSO~1.NET\ICROSO~1.NET\ctxad-497.0001
C:\QooBox\Purity\WINDOWS\MBOLS~1
C:\QooBox\Purity\WINDOWS\MBOLS~1\m?config.exe


((((((((((((((((((((((((((((((( Files Created from 2006-09-22 to 2006-10-22 ))))))))))))))))))))))))))))))))))


2006-10-21 13:42 24,296 --a------ C:\WINDOWS\icont.exe
2006-10-19 20:40 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-19 20:40 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-19 20:40 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-19 20:40 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-19 20:15 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-19 19:32 131,072 --a------ C:\WINDOWS\system32\bupgjcfe.dll
2006-10-19 18:57 50,912 --a------ C:\WINDOWS\iconu.exe
2006-10-19 18:34 192 --a------ C:\Documents and Settings\Sara\ggg.bat
2006-10-19 18:34 16,384 --a------ C:\Documents and Settings\Sara\dr.exe
2006-10-19 18:34 1,259 --a------ C:\WINDOWS\system32\cig0630c.sys
2006-10-19 18:33 20,480 --a------ C:\Documents and Settings\Sara\setup9X.exe
2006-10-19 18:33 115,947 --a------ C:\Documents and Settings\Sara\install.exe
2006-10-19 14:23 305,152 --a------ C:\WINDOWS\IsUninst.exe
2006-10-19 13:58 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-12 17:46 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2006-10-11 20:13 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-10-05 13:35 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-10-05 13:35 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-10-05 13:35 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-10-05 13:35 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-10-05 13:35 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-09-24 21:45 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2006-09-24 21:45 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-09-24 21:45 308,224 --a------ C:\WINDOWS\IsUn0413.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-22 15:33 -------- d-------- C:\Program Files\Common Files
2006-10-22 12:07 -------- d-------- C:\Program Files\Zango
2006-10-20 21:30 -------- d-------- C:\Program Files\Call of Duty
2006-10-20 12:42 -------- d-------- C:\Documents and Settings\Sara\Application Data\AVG7
2006-10-19 20:40 -------- d-------- C:\Program Files\Grisoft
2006-10-19 19:33 -------- d-------- C:\Program Files\LimeWire
2006-10-19 19:32 -------- d-------- C:\Program Files\Java
2006-10-19 14:24 -------- d-------- C:\Program Files\Mplayer
2006-10-19 14:23 -------- d-------- C:\Program Files\Quake III Arena
2006-10-19 14:15 -------- d-------- C:\Documents and Settings\Sara\Application Data\uTorrent
2006-10-19 14:00 -------- d-------- C:\Program Files\DAEMON Tools
2006-10-19 11:47 -------- d-------- C:\Program Files\Winamp
2006-10-19 11:47 -------- d-------- C:\Documents and Settings\Sara\Application Data\Sun
2006-10-18 13:22 -------- d-------- C:\Program Files\BearShare
2006-10-15 21:32 -------- d-------- C:\Program Files\uTorrent
2006-10-11 20:17 -------- d-------- C:\Documents and Settings\Sara\Application Data\EPSON
2006-10-05 14:08 -------- d-------- C:\Documents and Settings\Sara\Application Data\Winamp
2006-10-04 20:27 -------- d-------- C:\Program Files\QuickTime
2006-10-03 19:30 -------- d-------- C:\Program Files\Teach2000
2006-09-27 18:45 -------- d-------- C:\Program Files\Guitar Pro 5
2006-09-25 19:05 -------- d-------- C:\Program Files\MSN Messenger
2006-09-24 21:45 -------- d-------- C:\Program Files\Malmberg
2006-09-24 21:45 -------- d-------- C:\Program Files\Common Files\YDP
2006-09-22 20:52 -------- d-------- C:\Documents and Settings\Sara\Application Data\AdobeUM
2006-09-19 11:03 -------- d-------- C:\Documents and Settings\Sara\Application Data\Creative
2006-09-18 20:16 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-18 20:16 -------- d-------- C:\Program Files\Creative
2006-09-18 19:36 -------- d-------- C:\Documents and Settings\Sara\Application Data\ArcSoft
2006-09-18 19:35 -------- d-------- C:\Program Files\EPSON
2006-09-18 19:34 -------- d-------- C:\Program Files\Common Files\Python
2006-09-18 19:34 -------- d-------- C:\Program Files\ArcSoft
2006-09-18 19:31 -------- d-------- C:\Program Files\Common Files\EPSON
2006-09-18 08:38 -------- d-------- C:\Program Files\Windows Media Player
2006-09-17 20:24 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-09-17 18:14 -------- d---s---- C:\Documents and Settings\Sara\Application Data\Microsoft
2006-09-16 18:00 -------- d-------- C:\Program Files\MessengerPlus! 3
2006-09-16 17:00 -------- d-------- C:\Documents and Settings\Sara\Application Data\Google
2006-09-16 16:55 -------- d-------- C:\Program Files\Google
2006-09-16 16:55 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-16 16:48 -------- d-------- C:\Documents and Settings\Sara\Application Data\Macromedia
2006-09-15 18:17 -------- d-------- C:\Program Files\Common Files\Java
2006-09-15 16:01 -------- d-------- C:\Program Files\MyGlobalSearch
2006-09-13 21:40 -------- d-------- C:\Program Files\TagScanner
2006-09-13 19:52 -------- d-------- C:\Program Files\Realtek
2006-09-13 19:13 -------- d-------- C:\Program Files\WinRAR
2006-09-13 07:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 16:14 44 --a------ C:\WINDOWS\system32\msssc.dll
2006-09-12 16:14 -------- d-------- C:\Program Files\Analog Devices
2006-09-12 15:55 -------- d-------- C:\Program Files\OfficeUpdate11
2006-09-12 12:27 -------- d-------- C:\Documents and Settings\Sara\Application Data\Adobe
2006-09-12 09:53 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-12 09:53 -------- d-------- C:\Program Files\Ahead
2006-09-12 09:47 -------- d-------- C:\Program Files\CyberLink
2006-09-12 09:42 -------- d-------- C:\Program Files\Internet Explorer
2006-09-12 09:16 -------- d-------- C:\Program Files\Common Files\Cisco Systems
2006-09-12 09:14 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-12 09:13 -------- d-------- C:\Program Files\Adobe
2006-09-12 03:03 -------- d-------- C:\Program Files\Messenger
2006-09-12 03:00 -------- d-------- C:\Program Files\Outlook Express
2006-09-12 03:00 -------- d-------- C:\Program Files\Common Files\System
2006-09-12 01:03 62 --ahs---- C:\Documents and Settings\Sara\Application Data\desktop.ini
2006-09-12 01:03 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-12 01:03 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-11 23:35 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-11 23:34 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-11 23:32 -------- d-------- C:\Program Files\Microsoft Office
2006-09-11 23:32 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-11 23:31 -------- d-------- C:\Program Files\Microsoft Works
2006-09-11 23:31 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-09-11 23:18 -------- d-------- C:\Documents and Settings\Sara\Application Data\Identities
2006-09-11 23:17 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-11 23:12 -------- d-------- C:\Program Files\xerox
2006-09-11 23:12 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-11 23:11 0 -rahs---- C:\MSDOS.SYS
2006-09-11 23:11 0 -rahs---- C:\IO.SYS
2006-09-11 23:11 0 --a------ C:\CONFIG.SYS
2006-09-11 23:11 0 --a------ C:\AUTOEXEC.BAT
2006-09-11 23:10 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-11 23:10 -------- d-------- C:\Program Files\Online Services
2006-09-11 23:09 -------- d-------- C:\Program Files\NetMeeting
2006-09-11 23:09 -------- d-------- C:\Program Files\Movie Maker
2006-09-11 23:09 -------- d-------- C:\Program Files\Common Files\Services
2006-09-11 23:09 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-11 23:08 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-11 23:07 -------- d-------- C:\Program Files\Windows NT
2006-09-11 23:07 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-25 17:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 17:55 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-08-16 13:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 266240 --a------ C:\WINDOWS\system32\nvrsesm.dll
2006-08-11 21:45 258048 --a------ C:\WINDOWS\system32\nvrsko.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrssl.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrssk.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrshu.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 323584 --a------ C:\WINDOWS\system32\nvrshe.dll
2006-08-11 21:44 323584 --a------ C:\WINDOWS\system32\nvrsar.dll
2006-08-11 21:44 274432 --a------ C:\WINDOWS\system32\nvrses.dll
2006-08-11 21:44 274432 --a------ C:\WINDOWS\system32\nvrsel.dll
2006-08-11 21:44 266240 --a------ C:\WINDOWS\system32\nvrspt.dll
2006-08-11 21:44 262144 --a------ C:\WINDOWS\system32\nvrsja.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrstr.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrspl.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrsno.dll
2006-08-11 21:44 241664 --a------ C:\WINDOWS\system32\nvrscs.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 335872 --a------ C:\WINDOWS\system32\nvwrses.dll
2006-08-11 21:43 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll
2006-08-11 21:43 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2006-08-11 21:43 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2006-08-11 21:43 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2006-08-11 21:43 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2006-08-11 21:43 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2006-08-11 21:43 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2006-08-11 21:43 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2006-08-11 21:43 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2006-08-11 21:43 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll
2006-08-11 21:43 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2006-08-11 21:43 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll
2006-08-11 21:43 278528 --a------ C:\WINDOWS\system32\nvrsfr.dll
2006-08-11 21:43 274432 --a------ C:\WINDOWS\system32\nvrsit.dll
2006-08-11 21:43 270336 --a------ C:\WINDOWS\system32\nvrsde.dll
2006-08-11 21:43 266240 --a------ C:\WINDOWS\system32\nvrsnl.dll
2006-08-11 21:43 262144 --a------ C:\WINDOWS\system32\nvrsru.dll
2006-08-11 21:43 262144 --a------ C:\WINDOWS\system32\nvrsptb.dll
2006-08-11 21:43 245760 --a------ C:\WINDOWS\system32\nvrssv.dll
2006-08-11 21:43 245760 --a------ C:\WINDOWS\system32\nvrsda.dll
2006-08-11 21:43 241664 --a------ C:\WINDOWS\system32\nvrsfi.dll
2006-08-11 21:43 241664 --a------ C:\WINDOWS\system32\nvrseng.dll
2006-08-11 21:43 221184 --a------ C:\WINDOWS\system32\nvrszhc.dll
2006-08-11 21:43 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvwrsko.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 167936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 163840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 122880 --a------ C:\WINDOWS\system32\nvrszht.dll
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CT Startup]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"WINDVDPatch"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optio nalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optio nalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optio nalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optio nalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c4,02,0 0,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,f f,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,0 0,d2,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\ sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\ shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\e xplorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\e xplorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\ system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\ explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\ explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies \explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserv iceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-22 15:36:19.46
C:\ComboFix.txt ... 06-10-22 15:36






Logfile of HijackThis v1.99.1
Scan saved at 15:40:34, on 22-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Sara\LOCALS~1\Temp\Rar$EX00.844\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RtlWake.lnk = C:\Program Files\Realtek\Rtl8180\RtlWake.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.nl
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Oud 23-10-2006, 07:13
juisterr
Avatar van juisterr
juisterr is offline
Om te beginnen, M0ss0l

Zet het programma van HJT in een eigen mapje, dus maak een nieuwe map aan op je C schijf en noem het bv. C:HJT en unzip het programma dan daar naar toe en werk dan vanuit die map.

Verder

Print onderstaande even af.


Sluit alle open vensters van internet explorer.
Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig DeluxeCommunications.
Indien deze er niet tussen staat ga je naar Start - uitvoeren en tik je dit commando in:
"%ProgramFiles%\DeluxeCommunications\Dxc.exe" /u
Druk daarna op OK.
Het deïnstallatieprocess van DeluxeCommunications zal starten.
In een venster dat opent wordt je gevraagd een securitycode in te voeren om deïnstallatieprocess verder te zetten.
Typ de securitycode in en klik op OK.

In het nieuwe venster dat verschijnt klik je op Yes om ermee akkoord te gaan dat alle browservensters gesloten worden om het deïnstallatieprocess te voltooien.
Wanneer gevraagd wordt om de computer te herstarten, sta je dit toe: klik op Ja.
Wanneer de computer herstart is, download je deze regfile: FixDXC.reg

Plaats FixDXC.reg op je bureaublad, dubbelklik erop, en laat de wijzigingen aan het register toevoegen.


Start de verkenner en zoek naar onderstaande mappen en verwijder die (indien nog aanwezig)

C:\Documents and Settings\Jan\Application Data\Dxcknwrd.dll
C:\WINDOWS\system32\bkd.exe
C:\Program Files\DeluxeCommunications\


Start opnieuw op en doe weer een combofix als eerder beschreven en weer een HJT logje ter controle aub.
Dan kan ik kijken of alles weg is.

Juisterr
__________________
Alles is betrekkelijk.
Proud member of ASAP
Oud 24-10-2006, 08:22
EggeD
Avatar van EggeD
EggeD is offline
Citaat:
juisterr schreef op 20-10-2006 @ 13:02 :
Ik ben een helper bij HJT.nl onder andere.



waar is dat ?? mag ik die ook nog zien aub.??
staat allemaal hier:

http://www.hijackthis.nl/forum/viewtopic.php?t=5224

volgens mij gaat t de goede kant op
__________________
Lampaan.
Oud 24-10-2006, 17:52
juisterr
Avatar van juisterr
juisterr is offline
Bedankt voor de melding eggeD , het is natuurlijk niet handig om op meerdere fora te posten want iedere helper heeft zo zijn eigen systeem van werken al proberen we altijd de zelfde volgordes aan te houden.

Dan stop ik hier met jou helpen want je bent daar in de beste handen al zeg ik het zelf.
__________________
Alles is betrekkelijk.
Proud member of ASAP
Oud 24-10-2006, 21:43
M0ss0l
Avatar van M0ss0l
M0ss0l is offline
Juisterr; als ik doe wat je zegt krijg ik deze melding:

Oud 25-10-2006, 12:10
EggeD
Avatar van EggeD
EggeD is offline
Citaat:
juisterr schreef op 24-10-2006 @ 18:52 :
Bedankt voor de melding eggeD , het is natuurlijk niet handig om op meerdere fora te posten want iedere helper heeft zo zijn eigen systeem van werken al proberen we altijd de zelfde volgordes aan te houden.

Dan stop ik hier met jou helpen want je bent daar in de beste handen al zeg ik het zelf.
Ja ik weet het, sorry. Daarom toch bedankt, het lijkt opgelost.
__________________
Lampaan.
Oud 25-10-2006, 15:33
juisterr
Avatar van juisterr
juisterr is offline
Citaat:
M0ss0l schreef op 24-10-2006 @ 22:43 :
Juisterr; als ik doe wat je zegt krijg ik deze melding:

[afbeelding]
start op in veilige modus en probeer het dan nog eens.

(veilige modus, tijdens opstarten op F8 getapt drukken)
__________________
Alles is betrekkelijk.
Proud member of ASAP
Oud 26-10-2006, 17:07
Ske*
Avatar van Ske*
Ske* is offline
Halo, im back na een crash en reinstallatie

Kun je deze ff controleren, kwil m toch clean. Hijackthis na 14 dagen herinstallatie

Logfile of HijackThis v1.99.1
Scan saved at 18:05:59, on 26/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\windows\system32\rlvknlg.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Simon\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
__________________
Lang , mijn systeembeheerder | www.google.be | Aspire 3020
Oud 26-10-2006, 17:32
freyk
Avatar van freyk
freyk is offline
En na 14 dagen meteen weer rotzooi gevonden:

C:\windows\system32\rlvknlg.exe
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

Offtopic:
Toch gaan overstappen naar een leuke linuxdistributie?
__________________
"Typefouten zijn gratis" | "Daar is vast wel een knopje voor" | "Ik weet, want ik zoek" | Powered by Firefox, Chromium, Mac OS X, OpenSuse, and Google.

Laatst gewijzigd op 26-10-2006 om 17:36.
Oud 26-10-2006, 20:37
Ske*
Avatar van Ske*
Ske* is offline
En hoe doe ik dat weer weg Combofix?



Offtopic, jah als ik niet verder geraak in partitioneren...
__________________
Lang , mijn systeembeheerder | www.google.be | Aspire 3020
Oud 27-10-2006, 13:02
Scatterheart
Avatar van Scatterheart
Scatterheart is offline
Fijn. Op mijn laptop heb ik een Trojan:

Win32-Qqpass-DY[trj]

Als ik op google zoek vind ik vooral Japanse en Russische sites. Hoe kan ik deze het makkelijkste laten opzouten?
__________________
Scatterheart heeft chronisch fernwee.
Oud 27-10-2006, 14:14
Elite!
Avatar van Elite!
Elite! is offline
Citaat:
Scatterheart schreef op 27-10-2006 @ 14:02 :
Fijn. Op mijn laptop heb ik een Trojan:

Win32-Qqpass-DY[trj]

Als ik op google zoek vind ik vooral Japanse en Russische sites. Hoe kan ik deze het makkelijkste laten opzouten?
Download AVG (op http://free.grisoft.com/freeweb.php/doc/2/) en instaleer het. Tot nu toe heeft hij bij mij meerdere trojaanse paarden en trojan horse downloaders verwijdert. Sccs dr mee

Ook kan je op google zoeken op trojan horse removal of zo, wees hier wel voorzichtig mee want sommige programma's zijn niet bepaald goed voor je computer dus zorg ervoor dat je het vertrouwt.
__________________
Als je iets niet ziet, wil dat niet zeggen dat het er niet is...

Laatst gewijzigd op 27-10-2006 om 14:18.
Oud 27-10-2006, 15:17
freyk
Avatar van freyk
freyk is offline
Citaat:
Scatterheart schreef op 27-10-2006 @ 14:02 :
Als ik op google zoek vind ik vooral Japanse en Russische sites. Hoe kan ik deze het makkelijkste laten opzouten?
De virusdatabase van symantec kent hem wel.
__________________
"Typefouten zijn gratis" | "Daar is vast wel een knopje voor" | "Ik weet, want ik zoek" | Powered by Firefox, Chromium, Mac OS X, OpenSuse, and Google.
Oud 27-10-2006, 15:22
freyk
Avatar van freyk
freyk is offline
Citaat:
Ske* schreef op 26-10-2006 @ 21:37 :
En hoe doe ik dat weer weg Combofix?
Een beetje zoeken kan ook geen kwaad -> uitleg combofix

Ennuh de inhoud van program files\neddotnet dumpen
En proces rlvknlg.exe stoppen en deze uit je windows\system32 map gooien
__________________
"Typefouten zijn gratis" | "Daar is vast wel een knopje voor" | "Ik weet, want ik zoek" | Powered by Firefox, Chromium, Mac OS X, OpenSuse, and Google.
Oud 27-10-2006, 15:29
Scatterheart
Avatar van Scatterheart
Scatterheart is offline
Citaat:
The Dosh schreef op 27-10-2006 @ 15:14 :
Download AVG (op http://free.grisoft.com/freeweb.php/doc/2/) en instaleer het. Tot nu toe heeft hij bij mij meerdere trojaanse paarden en trojan horse downloaders verwijdert. Sccs dr mee

Ook kan je op google zoeken op trojan horse removal of zo, wees hier wel voorzichtig mee want sommige programma's zijn niet bepaald goed voor je computer dus zorg ervoor dat je het vertrouwt.
Hoop dat die hem al kent, vind AVG wel fijn op zich dus ga het straks even proberen!
__________________
Scatterheart heeft chronisch fernwee.
Oud 27-10-2006, 15:29
Scatterheart
Avatar van Scatterheart
Scatterheart is offline
Citaat:
freyk schreef op 27-10-2006 @ 16:17 :
De virusdatabase van symantec kent hem wel.
Bedankt, maak me over de schade niet zo'n zorgen, ik bel niet vaak op Chinese lijnen in.
__________________
Scatterheart heeft chronisch fernwee.
Oud 27-10-2006, 16:20
Elite!
Avatar van Elite!
Elite! is offline
Citaat:
Scatterheart schreef op 27-10-2006 @ 16:29 :
Hoop dat die hem al kent, vind AVG wel fijn op zich dus ga het straks even proberen!
Laat ff weten als het gelukt is
__________________
Als je iets niet ziet, wil dat niet zeggen dat het er niet is...
Oud 27-10-2006, 17:16
freyk
Avatar van freyk
freyk is offline
Citaat:
Scatterheart schreef op 27-10-2006 @ 16:29 :
Bedankt, maak me over de schade niet zo'n zorgen
Maar het is wel verstandig om deze ff te verwijderen, want
Citaat:
"Steals information from your computer and sends the information to a predefined email address. The stolen information includes:
  • Dial-up networking telephone numbers
  • User name and passwords
  • OICQ UID number and password

Dus post hier ff een logje dat je maakt met hijackthis, zodat wij je kunnen zeggen wat je moet verwijderen.
__________________
"Typefouten zijn gratis" | "Daar is vast wel een knopje voor" | "Ik weet, want ik zoek" | Powered by Firefox, Chromium, Mac OS X, OpenSuse, and Google.
Oud 27-10-2006, 17:42
juisterr
Avatar van juisterr
juisterr is offline
Citaat:
freyk schreef op 27-10-2006 @ 16:22 :
Een beetje zoeken kan ook geen kwaad -> uitleg combofix

Ennuh de inhoud van program files\neddotnet dumpen
En proces rlvknlg.exe stoppen en deze uit je windows\system32 map gooien
nog meer uitleg,


Ik zou toch proberen om het zaakje opgelost te krijgen door de Uninstall van NewDotNet te gebruiken want NewDotNet gooit een hele hoop registersleutels die belangrijk zijn voor uw internetverbinding overhoop.
Heb al dikwijls gezien als NewDotNet word verwijderd manueel dat nadien geen verbinding meer mogelijk is met het internet.
De uninstall tool herstelt deze registersleutels, een ander mogelijkheid is een Anti-Spyware programma het zaakje laten opkuisen en dan nadien de WinSockFix gebruiken :
http://users.pandora.be/DeLorean/Dow...WinsockFix.exe

Handleiding voor deze WinSockfix :

Na downloaden Winsockfix.exe aanklikken en "Reg backup" klikken,
je huidig register word nu opgeslaan in de map "ERDNT"
Daarna klik je "Fix" de Winsockfix Utility doet dan het volgende:

1) Controleert je Windows versie
2) Releast uw IP-adress zodat je Offline bent
3) Reset de TCP stack door Netsh.exe te gebruiken (Windows XP alleen)
4) Verwijderd de huidige TCP en Winsock waardes in het register
5) Nieuwe "werkende" waardes worden in de plaats gezet
6) Uw huidig Host bestand word gebackupt
7) Er word een standaard Host bestand geplaatst
Cool Computer herstart.

Ps: Deze fix mag je ook aanraden als mensen klagen over "Kan pagina niet weergeven..." terwijl ze toch een geldig IP-adress toegekent krijgen.

pps.
Als je NewDotNet verwijderd via Software, dan word de Uninstall van
NewDotNet gebruikt,
deze bevind zich in C:\Windows\
Als je eerst programma's gaat gebruiken zoals Spybot, Ad-Aware, Ewido enz
enz,
die verwijderen die uninstall en gooien alles van NewDotNet weg, maar de
beschadigde register-sleutels
welke betrekking hebben op uw internetverbinding, die blijven beschadigt
achter.
Daarom die WinSockfix altijd gebruiken als Anti-spyware programma's eerst
gebruikt geweest zijn,
de Uninstall van NewDotNet doet ongeveer hetzelfde als de WinSockfix.
__________________
Alles is betrekkelijk.
Proud member of ASAP
Oud 28-10-2006, 13:07
Ske*
Avatar van Ske*
Ske* is offline
Hi, even updaten,

Ik heb de uninstall dan maar gebruikt en het verwijdert als ik nu erachter zoek, vindt ie het niet meer.

Direct nog s HijackThis
__________________
Lang , mijn systeembeheerder | www.google.be | Aspire 3020
Oud 28-10-2006, 13:10
Ske*
Avatar van Ske*
Ske* is offline
voila eerst combofix

Simon - 06-10-28 14:08:45,39 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Program Files\Mozilla Firefox"

((((((((((((((((((((((((((((((( Files Created from 2006-09-28 to 2006-10-28 ))))))))))))))))))))))))))))))))))


2006-10-25 19:44 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-10-20 17:30 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2006-10-20 17:30 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-10-20 17:30 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-10-20 17:30 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2006-10-20 17:30 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-10-20 17:30 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-10-20 17:30 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-10-20 17:30 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-10-16 19:09 315,392 --a------ C:\WINDOWS\system32\rlls.dll
2006-10-16 19:07 183,296 --a-s---- C:\WINDOWS\NDNuninstall7_22.exe
2006-10-16 19:06 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2006-10-16 19:06 1,429,504 --a------ C:\WINDOWS\system32\rlvknlg.exe
2006-10-10 21:19 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-10-09 07:17 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-10-08 22:25 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-10-08 22:25 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-10-08 22:25 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-10-08 22:25 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-10-08 22:25 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-10-08 22:25 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-10-08 22:25 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-10-08 22:25 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-10-08 22:25 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-10-08 22:25 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-10-08 21:38 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2006-10-08 21:38 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2006-10-08 21:38 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2006-10-08 21:38 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2006-10-08 21:38 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll
2006-10-08 21:38 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2006-10-08 21:38 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
2006-10-08 21:38 1,317,152 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
2006-10-08 21:37 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll
2006-10-08 21:37 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll
2006-10-08 21:37 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll
2006-10-08 21:37 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2006-10-08 21:37 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2006-10-08 21:37 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2006-10-08 21:37 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2006-10-08 21:37 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2006-10-08 21:37 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2006-10-08 21:37 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll
2006-10-08 21:37 458,752 --a------ C:\WINDOWS\system32\LCamCpl.dll
2006-10-08 21:37 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2006-10-08 21:37 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll
2006-10-08 21:37 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2006-10-08 21:37 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL
2006-10-08 21:37 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll
2006-10-08 21:37 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll
2006-10-08 21:37 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll
2006-10-08 21:37 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll
2006-10-08 21:37 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll
2006-10-08 21:37 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll
2006-10-08 21:37 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL
2006-10-08 13:27 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-10-08 13:27 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-10-08 13:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-08 13:17 245,760 --a------ C:\WINDOWS\system32\Check.exe
2006-10-08 13:17 0 -rahs---- C:\MSDOS.SYS
2006-10-08 13:17 0 -rahs---- C:\IO.SYS
2006-10-08 13:15 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2006-10-08 13:14 55,296 --a------ C:\WINDOWS\system32\msxml4r.dll
2006-10-08 13:14 30,720 --a------ C:\WINDOWS\system32\msxml4a.dll
2006-10-08 13:14 1,374,720 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-08 13:13 147,456 --a------ C:\WINDOWS\UNINST32.EXE
2006-10-08 12:44 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-10-08 12:44 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-25 19:43 -------- d-------- C:\Program Files\Microsoft.NET
2006-10-25 19:43 -------- d-------- C:\Program Files\Microsoft Works
2006-10-25 19:43 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-10-25 19:42 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-10-25 19:42 -------- d-------- C:\Program Files\Microsoft Office
2006-10-25 19:39 -------- d-------- C:\Documents and Settings\Simon\Application Data\Ahead
2006-10-25 19:38 -------- d-------- C:\Program Files\Nero
2006-10-25 19:38 -------- d-------- C:\Program Files\Common Files\Ahead
2006-10-21 16:26 -------- d-------- C:\Program Files\FreeMind
2006-10-17 07:20 -------- d-------- C:\Program Files\LimeWire
2006-10-16 19:06 -------- d-------- C:\Program Files\CEDP Stealer 5.0 for Messenger
2006-10-16 19:03 -------- d-------- C:\Program Files\MessengerPlus! 3
2006-10-16 07:25 -------- d-------- C:\Program Files\SmartFTP Client 2.0
2006-10-16 07:25 -------- d-------- C:\Documents and Settings\Simon\Application Data\SmartFTP
2006-10-16 07:24 -------- d-------- C:\Program Files\SmartFTP Client 2.0 Setup Files
2006-10-15 22:12 -------- d-------- C:\Program Files\IncrediMail
2006-10-15 14:42 -------- d-------- C:\Program Files\NeoPhoto
2006-10-15 14:42 -------- d-------- C:\Documents and Settings\Simon\Application Data\DTLink
2006-10-15 14:32 -------- d--h----- C:\Program Files\Zero G Registry
2006-10-15 14:32 -------- d-------- C:\Program Files\JAlbum
2006-10-15 14:23 -------- d-------- C:\Program Files\IrfanView
2006-10-12 22:23 -------- d-------- C:\Program Files\iTunes
2006-10-12 22:23 -------- d-------- C:\Program Files\iPod
2006-10-12 22:23 -------- d-------- C:\Documents and Settings\Simon\Application Data\Apple Computer
2006-10-12 22:22 -------- d-------- C:\Program Files\QuickTime
2006-10-11 07:44 -------- d-------- C:\Program Files\PIXresizer
2006-10-09 18:21 -------- d-------- C:\Documents and Settings\Simon\Application Data\AdobeUM
2006-10-09 17:49 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-09 17:49 -------- d-------- C:\Documents and Settings\Simon\Application Data\Adobe
2006-10-08 21:48 -------- d-------- C:\Documents and Settings\Simon\Application Data\Sun
2006-10-08 21:42 -------- d-------- C:\Program Files\Java
2006-10-08 21:41 -------- d-------- C:\Program Files\Common Files\Java
2006-10-08 21:37 -------- d-------- C:\Program Files\Logitech
2006-10-08 17:53 -------- d-------- C:\Program Files\SymNetDrv
2006-10-08 14:07 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-10-08 13:56 -------- d-------- C:\Program Files\MSN Messenger
2006-10-08 13:49 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-08 13:49 -------- d-------- C:\Documents and Settings\Simon\Application Data\Mozilla
2006-10-08 13:46 -------- d-------- C:\Documents and Settings\Simon\Application Data\OpenOffice.org2
2006-10-08 13:45 -------- d-------- C:\Program Files\OpenOffice.org 2.0
2006-10-08 13:27 -------- d-------- C:\Program Files\Symantec
2006-10-08 13:27 -------- d-------- C:\Program Files\Norton AntiVirus
2006-10-08 13:27 -------- d-------- C:\Documents and Settings\Simon\Application Data\Symantec
2006-10-08 13:19 1024 -r-h----- C:\WINDOWS\system32\NTIBUN4.dll
2006-10-08 13:18 6144 --a------ C:\WINDOWS\system32\drivers\NTIDrvr.sys
2006-10-08 13:18 1024 -r-h----- C:\WINDOWS\system32\NTIMPEG2.dll
2006-10-08 13:18 1024 -r-h----- C:\WINDOWS\system32\NTIMP3.dll
2006-10-08 13:18 1024 -r-h----- C:\WINDOWS\system32\NTIFCD3.dll
2006-10-08 13:18 1024 -r-h----- C:\WINDOWS\system32\NTICDMK7.dll
2006-10-08 13:17 -------- d-------- C:\Program Files\acer
2006-10-08 13:16 -------- d-------- C:\Program Files\Realtek AC97
2006-10-08 13:16 -------- d-------- C:\Documents and Settings\Simon\Application Data\Macromedia
2006-10-08 13:14 -------- d-------- C:\Program Files\Launch Manager
2006-10-08 13:14 -------- d-------- C:\Program Files\CyberLink
2006-10-08 13:14 -------- d-------- C:\Program Files\Arcade
2006-09-13 07:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 17:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltMc.exe
2006-08-16 13:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"preload"="C:\\Windows\\RUNXMLPL.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"eRecoveryService"="C:\\Windows\\System32\\Check.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"RelevantKnowledge"="C:\\windows\\system32\\rlvknlg.exe -boot"
"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optio nalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optio nalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optio nalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Optio nalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,0 0,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,0 0,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,0 0,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\ sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\ shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\e xplorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\e xplorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\ system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies \explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserv iceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CtrlVol"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Launch Manager\\CtrlVol.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IncMail"
"hkey"="HKCU"
"command"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LaunchAp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Launch Manager\\LaunchAp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HotkeyApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Launch Manager\\HotkeyApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OSDCtrl"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Launch Manager\\OSDCtrl.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ManifestEngine"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerKey]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PowerKey"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Launch Manager\\PowerKey.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Mijn computer scannen - Simon.job

Completion time: 06-10-28 14:09:28.15
C:\ComboFix.txt ... 06-10-28 14:09
__________________
Lang , mijn systeembeheerder | www.google.be | Aspire 3020
Oud 28-10-2006, 13:19
Ske*
Avatar van Ske*
Ske* is offline
Hier HijackTHis

Logfile of HijackThis v1.99.1
Scan saved at 14:19:28, on 28/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\rlvknlg.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\DOCUME~1\Simon\LOCALS~1\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
__________________
Lang , mijn systeembeheerder | www.google.be | Aspire 3020
Oud 28-10-2006, 13:31
Ske*
Avatar van Ske*
Ske* is offline
Ik heb geprobeerd dat 04 bestandje ...-boot te verwijderen via manuele manier maar HijackThis gaf dit telkens terug dan maar Fix Scan gedaan en dan kreeg ik dit :

Logfile of HijackThis v1.99.1
Scan saved at 14:30:17, on 28/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Simon\LOCALS~1\Temp\Tijdelijke map 5 voor hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
__________________
Lang , mijn systeembeheerder | www.google.be | Aspire 3020
Oud 28-10-2006, 17:01
juisterr
Avatar van juisterr
juisterr is offline
C:\DOCUME~1\Simon\LOCALS~1\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe
Het programma van HJT dient uit een vaste map gedraaid te worden Simon, dus maak een nieuwe map aan op je C schijf bv. C:\HJT en unzip het programma daar naar toe en werk dan vanuit die map, alleen dan kan het netjes backups maken.


Start opnieuw op in veilige modus, http://users.telenet.be/marcvn/spyware/1378056.htm

Start HJT opnieuw en doe een systemscan only vink onderstaande regel aan sluit alle vensters behalve HJT en klik op fix checked.

O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe –boot

start je verkenner en verwijder onderstaand dikgedrukt bestandje.
C:\windows\system32\rlvknlg.exe

Mag ik een nieuw HJT logje aub.

Juisterr
__________________
Alles is betrekkelijk.
Proud member of ASAP
Oud 01-11-2006, 08:23
Blaf
Avatar van Blaf
Blaf is offline
Mensen heb alles all geprobeert trend micro huis call 2 verschillende viruscanners op de computer en spybot maar ze zitten er nog steeds snotverdepotver....

nou hies is mijn hackthis log ik hoop dat jullie me kunnen helpen

Logfile of HijackThis v1.99.1
Scan saved at 9:22:01, on 1-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sxserv101.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\windows\system32\ngpw36.exe
C:\DOCUME~1\NICKDA~1\MIJNDO~1\RACLE~1\regsvr32.exe
C:\Documents and Settings\Nick da Costa\Application Data\S?mantec\?hkntfs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier. exe
C:\Program Files\HP\Digital Imaging\bin\Data\resources\hpqtra08.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\Data\resources\st121g.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\NICKDA~1\LOCALS~1\Temp\Rar$EX00.797\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: (no name) - {54AFBF6D-08A2-2601-82BC-25A7785CE695} - C:\WINDOWS\system32\pdo.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54AFBF6D-08A2-2601-82BC-25A7785CE695} - C:\WINDOWS\system32\pdo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ngsh33.clsIS - {941CA48C-3984-4E7D-AAF8-8755ED76EB50} - C:\WINDOWS\system32\ngsh33.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\g4832734.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00403} - C:\WINDOWS\fontextc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Aapp] C:\windows\system32\adprot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MSMSGS] "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
O4 - HKCU\..\Run: [ngpw36] C:\windows\system32\ngpw36.exe
O4 - HKCU\..\Run: [adprot] C:\windows\system32\adprot.exe
O4 - HKCU\..\Run: [Oiud] "C:\DOCUME~1\NICKDA~1\MIJNDO~1\RACLE~1\regsvr32.exe" -vt tzt
O4 - HKCU\..\Run: [Bfx] C:\Documents and Settings\Nick da Costa\Application Data\S?mantec\?hkntfs.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier. exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\Data\resources\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\Data\resources\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\Data\resources\OSA.EXE
O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\Data\resources\st121g.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://deaapuitdemouw.spaces.msn.com...d/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1157996733703
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://partyflock.nl/components/ImageUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BC7B357-60E8-4EC5-B3D0-7F62CEA78E2D}: NameServer = 10.0.0.138
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwil32 - C:\WINDOWS\SYSTEM32\winwil32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe


alvast bedankt
__________________
All Hail to the Ale!
Oud 02-11-2006, 06:53
freyk
Avatar van freyk
freyk is offline
** Freyk's kladje **

C:\WINDOWS\system32\sxserv101.exe
C:\windows\system32\ngpw36.exe
C:\DOCUME~1\NICKDA~1\MIJNDO~1\RACLE~1\regsvr32.exe
C:\Documents and Settings\Nick da Costa\Application Data\S?mantec\?hkntfs.exe

O2 - BHO: ngsh33.clsIS - {941CA48C-3984-4E7D-AAF8-8755ED76EB50} - C:\WINDOWS\system32\ngsh33.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\g4832734.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00403} - C:\WINDOWS\fontextc.dll
O4 - HKLM\..\Run: [Aapp] C:\windows\system32\adprot
O4 - HKCU\..\Run: [ngpw36] C:\windows\system32\ngpw36.exe
O4 - HKCU\..\Run: [adprot] C:\windows\system32\adprot.exe
O4 - HKCU\..\Run: [Oiud] "C:\DOCUME~1\NICKDA~1\MIJNDO~1\RACLE~1\regsvr32.exe" -vt tzt
O4 - HKCU\..\Run: [Bfx] C:\Documents and Settings\Nick da Costa\Application Data\S?mantec\?hkntfs.exe
O20 - Winlogon Notify: winwil32 - C:\WINDOWS\SYSTEM32\winwil32.dll
O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe

( adprot.exe ngpw36.exe) -> adware.adblaster
(fontextc.dll) -> Troj/CWSMeup-E
__________________
"Typefouten zijn gratis" | "Daar is vast wel een knopje voor" | "Ik weet, want ik zoek" | Powered by Firefox, Chromium, Mac OS X, OpenSuse, and Google.

Laatst gewijzigd op 02-11-2006 om 07:14.
Oud 02-11-2006, 15:48
Blaf
Avatar van Blaf
Blaf is offline
ik kan sommige niet verwijderen......
__________________
All Hail to the Ale!
Oud 02-11-2006, 23:40
CaptainCaveman
Avatar van CaptainCaveman
CaptainCaveman is offline
Mijn HJT:

Logfile of HijackThis v1.99.1
Scan saved at 0:35:41, on 2-11-2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\WatchDog\wdserver.exe
C:\Program Files\F-Secure\Common\FSGK32.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\BACKWE~1.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINNT\Explorer.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINNT\loadqm.exe
C:\Program Files\WatchDog\watchdog.exe
C:\WINNT\FVProtect.exe
C:\WINNT\System32\BtUsrBdg.exe
C:\WINNT\System32\BTSetBootKey.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINNT\System32\internat.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easywebsearch.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.easywebsearch.nl/ie.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msn.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.1.9:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*;intranet.sgj.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WatchDog] "C:\Program Files\WatchDog\watchdog.exe" /login
O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINNT\FVProtect.exe
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Startup.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/nl_ver32n.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6} (Easywebinstaller Control) - http://s7.blingblingcontent.com/tool...binstaller.ocx
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/Cl.../OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://herma1986.spaces.msn.com//Pho...d/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13250041...p/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents...r/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B2EAB35-FAF8-42A5-9185-2B2494F5D842}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B2EAB35-FAF8-42A5-9185-2B2494F5D842}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B2EAB35-FAF8-42A5-9185-2B2494F5D842}: NameServer = 192.168.1.1
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: FS BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WatchDog Network Server (wdserver) - None - C:\Program Files\WatchDog\wdserver.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Wat te doen?
__________________
Veramerikanisering alom!
Oud 03-11-2006, 14:34
kalinho
Avatar van kalinho
kalinho is offline
en kheb al Ad-Aware eroverheen gegooid
ok het zit zo:
in een onbewaakte middag is mijn zus achter de pc gekropen en heeft op BearShare gezocht naar een crack voor de sims II Pet's life. Met als titel: sims crack.zip
Nou, u raad het al, dat was niet de crack, maar een of ander irritant ding. Het installeerde al een paar programma's, die ik er alweer af heb gekregen.Ik heb er verder nog een TuneUp Utillities tegenaan gegooid, en een registry cleaner.
Maar nog steeds krijg ik om de 5 minuten automatisch 2 internetvenstertjes die zich openen naar een reclamesite.
Hoe krijg ik dat eruit?
__________________
Das ook lef....om een heel volk uit te moorden; en daarna plastic speelgoedpoppetjes van te maken....Hebben ze in Duitsland toch nooit echt aangedurfd
Advertentie
Topic gesloten

Topictools Zoek in deze topic
Zoek in deze topic:

Geavanceerd zoeken

Regels voor berichten
Je mag geen nieuwe topics starten
Je mag niet reageren op berichten
Je mag geen bijlagen versturen
Je mag niet je berichten bewerken

BB code is Aan
Smileys zijn Aan
[IMG]-code is Aan
HTML-code is Uit

Spring naar

Soortgelijke topics
Forum Topic Reacties Laatste bericht
Software & Hardware Centraal spyware, adware & virussen topic [5]
M@rco
499 26-03-2008 13:10


Alle tijden zijn GMT +1. Het is nu 21:02.