Vraag & Antwoord

Beveiliging & privacy

Prettige Feestdagen.....Kan iemand deze logfile ff checkke

22 antwoorden
  • Logfile of HijackThis v1.98.2 Scan saved at 23:02:21, on 25-12-2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\PROGRA~1\NORTON~3\NORTON~4\GHOSTS~2.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~3\NORTON~2\NPROTECT.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\PROGRA~1\NORTON~3\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\ssoftsrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\ATI Technologies\ATI-configuratiescherm\atiptaxx.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qvxrpaszxwjxzchdg.com/lChIf5PiCIKaOdSZQkB6Metg/IkVjEhlEaXGwFPBwPaCkTPEu8fVLajiq9b0zynQ.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnnszccbyvhlcccbpifydtt.com/lChIf5PiCIIPrKjUBxLvraRaBw3ZhQVPhaRGUf3zem4.cgi R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ne6.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ne6.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.kwgyxfqqhmlwlugmumitby.net/73NoMXLVdNsMmy_uDayim6AAqfeyfqvio1dZOkjItIWnOCC__5aPG3HkY5yfmoiZ.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {8E876C8E-27CB-8885-6CC6-DB81A1BFD3DE} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: (no name) - {E1DDB8B6-1CB1-FCF8-5787-E3FC5AB202FF} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SiteLoad] C:\DOCUME~1\Eigenaar\APPLIC~1\bendburnhelp\BalmFrag.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{24E723C1-1606-4D88-ABA9-6A9478EB2760}: NameServer = 195.121.1.34 195.121.1.66 O17 - HKLM\System\CS1\Services\Tcpip\..\{24E723C1-1606-4D88-ABA9-6A9478EB2760}: NameServer = 195.121.1.34 195.121.1.66 Mijn Hartelijke dank Jacques van Zaalen
  • Deïnstalleer Messengerplus. Herstart de computer. Download de nieuwste versie van Hijackthis, maak een logje en post deze.
  • En plaats HiJackThis dan gelijk in een eigen map, zoals C:\HiJackThis of C:\Program Files\HiJackThis
  • [quote:ee1077f47f="Lodyx"]En plaats HiJackThis dan gelijk in een eigen map, zoals C:\HiJackThis of C:\Program Files\HiJackThis[/quote:ee1077f47f] maakt die eigen map eigenlijk nog iets uit, en maakt de directory-naamlengte nog uit. Heb hem zelf wel in een eigen map staan, maar in een directory die toch flink lange mapstructuur heeft (iets van 8 mappen). Maakt dat nog uit of niet.
  • Hijackthis staat hier in de Temp-map. Daar speel je de backups gemaakt door Hijackthis zo kwijt. Daarom Hijackthis best in een eigen map...zoals Lodyx aangeeft.
  • maar het maakt niet uit of die in D:\hijackthis ofdat hij helemaal in D:\map\map\map\map\map\map\map\hijackthis staat?
  • [quote:bfbd8beeb2="kid jansen"]maar het maakt niet uit of die in D:\hijackthis ofdat hij helemaal in D:\map\map\map\map\map\map\map\hijackthis staat?[/quote:bfbd8beeb2]Neen. Als hij maar niet in de Temp-map staat of op je buroblad. Dit is enkel voor het backup-verhaal. Je weet immers nooit of je de backups nodig hebt.
  • hallo, Van bovebstaande log, is de messenger+ verwijderd. Wil je deze nog ff checkke en wens ik je alvast een gloedvol 2005. Logfile of HijackThis v1.99.0 Scan saved at 20:54:31, on 30-12-2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\PROGRA~1\NORTON~3\NORTON~4\GHOSTS~2.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~3\NORTON~2\NPROTECT.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\PROGRA~1\NORTON~3\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\ssoftsrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\ATI Technologies\ATI-configuratiescherm\atiptaxx.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qvdnhhmcfrrvgrmyjldcimzxt.net/ma48OgR3EAzEce07xMnOeLVCGQJiz2fZfJs1ALqZeTJDgLncmBfEa9uyfVXkbX5P.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qpccsrhlsfs.com/ma48OgR3EAwUKLW_UaK/D1XHrOi1aT9vqOKr1vTPKZA.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ne6.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ne6.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.kwgyxfqqhmlwlugmumitby.net/73NoMXLVdNsMmy_uDayim6AAqfeyfqvio1dZOkjItIWnOCC__5aPG3HkY5yfmoiZ.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {8E876C8E-27CB-8885-6CC6-DB81A1BFD3DE} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {D5449928-BA15-8CDD-3AFF-C067656A4B12} - C:\DOCUME~1\Eigenaar\APPLIC~1\Bibitch\wma one.exe O3 - Toolbar: (no name) - {E1DDB8B6-1CB1-FCF8-5787-E3FC5AB202FF} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [lesswaywindowsect] C:\Documents and Settings\All Users\Application Data\intra for less way\Bolt New.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SiteLoad] C:\DOCUME~1\Eigenaar\APPLIC~1\BENDBU~1\BalmFrag.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{24E723C1-1606-4D88-ABA9-6A9478EB2760}: NameServer = 195.121.1.34 195.121.1.66 O17 - HKLM\System\CS1\Services\Tcpip\..\{24E723C1-1606-4D88-ABA9-6A9478EB2760}: NameServer = 195.121.1.34 195.121.1.66 O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~4\GHOSTS~2.EXE O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~2\NPROTECT.EXE O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Cryptainer service - Unknown - ssoftsrv.exe (file missing) O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Wederom alvast bedankt Jacques van Zaalen
  • Jacques, Is dit van dezelfde computer? Met dezelfde account? Want dit ziet er niet goed uit.
  • Ja Marc is van dezelfde pc. kan je er nog iets mee? hoop van wel Gr. Jacques
  • Start HijackThis. Ga naar Config – Misc Tools. Plaats een vinkje bij: - List also Minor sections (full) - List Empty sections (complete) Klik op de knop ”Generate Startuplist log”. Er wordt een bestand aangemaakt: startuplist.txt Post even de inhoud van dit bestandje.
  • En nogmaals, zet HJT in een [i:f4feeb5809]eigen[/i:f4feeb5809] map, je hebt nu een submap van een tempmap: C:\DOCUME~1\Eigenaar\LOCALS~1\[b:f4feeb5809]Temp[/b:f4feeb5809]\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe Maak anders een 'Tijdelijke map voor hjt' op je bureaublad aan en zet HJT daarin ofzo...
  • Ha die Marc en anderen, Allereerst hartelijk dank voor jullie behulpzaamheid. De betreffende pc is niet van mij maar van een vriendin die in Brabant woont, vandaar dat ik niet direct kan reageren, want zelf woon ik in Blaricum. Ik hoop haar a.s. week te bezoeken en zal de raadgevingen van Marc opvolgen. Zodra dat gebeurd is zal ik een logje hier neerzetten. Tevens zal ik bij mijn bezoek aan haar de HJT in een aparte map zetten. Nogmaals mijn dank voor zover en ik wens jullie een prettige, sterker nog een Hele Prettige Jaarwisseling. Met vriendelijke groet, een dankbare Jacques van Zaalen
  • Ha die Marc, Hierbij de startuplist van mijn Brabantse vriendin. Ik hoop dat je ons verder kan helpen. StartupList report, 5-1-2005, 20:34:53 StartupList version: 1.52.2 Started from : C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\Tijdelijke map 4 voor hijackthis.zip\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\PROGRA~1\NORTON~3\NORTON~4\GHOSTS~2.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~3\NORTON~2\NPROTECT.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\PROGRA~1\NORTON~3\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\ssoftsrv.exe C:\WINDOWS\System32\svchost.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\ATI Technologies\ATI-configuratiescherm\atiptaxx.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Shareaza\Shareaza.exe C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\Tijdelijke map 4 voor hijackthis.zip\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Opstarten] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten] hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe hpoddt01.exe.lnk = ? Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run hpsysdrv = c:\windows\system\hpsysdrv.exe IgfxTray = C:\WINDOWS\System32\igfxtray.exe HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe KBD = C:\HP\KBD\KBD.EXE StorageGuard = "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r dla = C:\WINDOWS\system32\dla\tfswctrl.exe Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize nwiz = nwiz.exe /install PS2 = C:\WINDOWS\system32\ps2.exe ATIModeChange = Ati2mdxx.exe ATIPTA = atiptaxx.exe LVCOMS = C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE SpeedTouch USB Diagnostics = "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" GhostStartTrayApp = C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe AcctMgr = C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe lesswaywindowsect = C:\Documents and Settings\All Users\Application Data\intra for less way\Bolt New.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background Symantec NetDriver Monitor = C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE Microsoft Works Update Detection = c:\Program Files\Microsoft Works\WkDetect.exe SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized SiteLoad = C:\DOCUME~1\Eigenaar\APPLIC~1\BENDBU~1\BalmFrag.exe msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{8b15971b-5355-4c82-8c07-7e181ea07608}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\ssflwbox.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Register-editor' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - (no file) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - (no file) - {8E876C8E-27CB-8885-6CC6-DB81A1BFD3DE} NAV Helper - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} (no name) - C:\DOCUME~1\Eigenaar\APPLIC~1\Bibitch\wma one.exe - {D5449928-BA15-8CDD-3AFF-C067656A4B12} -------------------------------------------------- Enumerating Task Scheduler jobs: A56D9170918E03D8.job A84C01AC918BB320.job AE97AEE291805F5A.job eenvoudige internetaanmelding.job FRU Task #Hewlett-Packard#hp psc 2170 series#1077722069.job Norton AntiVirus - Mijn computer scannen.job One Button Checkup van Norton SystemWorks.job Symantec Drmc.job Symantec NetDetect.job -------------------------------------------------- Enumerating Download Program Files: [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [MSSecurityAdvisor Class] InProcServer32 = C:\WINDOWS\System32\mssecadv.dll CODEBASE = http://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1096539721734 [{33564D57-9980-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab [Office Update Installation Engine] InProcServer32 = C:\WINDOWS\opuc.dll CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab [{9F1C11AA-197B-4942-BA54-47A8489BB47F}] CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38035.3454513889 [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Microsoft ACPI-stuurprogramma: System32\DRIVERS\ACPI.sys (system) Microsoft Kernel akoestische echo-opheffing: system32\drivers\aec.sys (manual start) Omgeving voor AFD-netwerkondersteuning: \SystemRoot\System32\drivers\afd.sys (system) Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system) Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN): System32\DRIVERS\alcan5wn.sys (manual start) Alcatel Speed Touch ADSL Modem ATM Transport: System32\DRIVERS\alcaudsl.sys (manual start) Service for Avance AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start) Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Application Layer Gateway-service: %SystemRoot%\System32\alg.exe (manual start) Stuurprogramma voor AMD K7-processor: System32\DRIVERS\amdk7.sys (system) Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) 1394 ARP-clientprotocol: System32\DRIVERS\arp1394.sys (manual start) Stuurprogramma voor RAS asyncrone media: System32\DRIVERS\asyncmac.sys (manual start) Standaard IDE/ESDI-vasteschijfcontroller: System32\DRIVERS\atapi.sys (system) ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start) ATM ARP-client-protocol: System32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audiostub-stuurprogramma: System32\DRIVERS\audstub.sys (manual start) Intelligente achtergrondsoverdrachtservice: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Closed Caption-decoder: System32\DRIVERS\CCDECODE.sys (manual start) Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart) Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start) Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart) CD-ROM Driver: System32\DRIVERS\cdrom.sys (system) Indexing-service: C:\WINDOWS\System32\cisvc.exe (manual start) ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled) COM+-systeemtoepassing: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Services voor cryptografie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Stuurprogramma voor schijfstations: System32\DRIVERS\disk.sys (system) Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start) DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) Microsoft Kernel DRM-audiodecoder: system32\drivers\drmkaud.sys (manual start) drvmcdb: system32\drivers\drvmcdb.sys (system) drvnddm: system32\drivers\drvnddm.sys (autostart) Service voor het rapporteren van fouten: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Event Log: %SystemRoot%\system32\services.exe (autostart) COM+-gebeurtenissysteem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) Compatibiliteit voor Snelle gebruikerswisseling: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fax: %systemroot%\system32\fxssvc.exe (autostart) Stuurprogramma voor diskettestationcontroller: System32\DRIVERS\fdc.sys (manual start) Stuurprogramma voor diskettestation: System32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) Stuurprogramma voor Volumebeheer: System32\DRIVERS\ftdisk.sys (system) GhostStartService: C:\PROGRA~1\NORTON~3\NORTON~4\GHOSTS~2.EXE (autostart) GhostPciScanner: \??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys (system) Algemene pakketclassificeerder: System32\DRIVERS\msgpc.sys (manual start) Help en ondersteuning: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Apparaattoegang via menselijke interface: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start) Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start) USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: System32\DRIVERS\i8042prt.sys (system) i81x: System32\DRIVERS\i81xnt5.sys (manual start) iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start) iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start) iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start) iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start) iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start) iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start) iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start) iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start) iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start) iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start) ialm: System32\DRIVERS\ialmnt5.sys (manual start) %imapi_ServiceDesc%: System32\DRIVERS\imapi.sys (system) COM-service voor IMAPI cd-branders: C:\WINDOWS\System32\imapi.exe (manual start) IntelIde: System32\DRIVERS\intelide.sys (system) Intel GV3-processorstuurprogramma: System32\DRIVERS\intelppm.sys (system) IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start) IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start) IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start) IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start) IPSEC-stuurprogramma: System32\DRIVERS\ipsec.sys (system) IR Enumerator-service: System32\DRIVERS\irenum.sys (manual start) PnP ISA/EISA Bus-stuurprogramma: System32\DRIVERS\isapnp.sys (system) Stuurprogramma voor verschillende toetsenbordtypen: System32\DRIVERS\kbdclass.sys (system) Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sys (manual start) Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Stuurprogramma voor muistypen: System32\DRIVERS\mouclass.sys (system) WebDav-client-redirector: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start) Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.sys (manual start) Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys (manual start) BIOS-stuurprogramma voor Microsoft Systeembeheer: System32\DRIVERS\mssmbios.sys (manual start) Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma: system32\drivers\MSTEE.sys (manual start) NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start) Norton AntiVirus Auto-Protect: "C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe" (autostart) NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041230.008\NAVENG.Sys (manual start) NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041230.008\NavEx15.Sys (manual start) Microsoft TV/Video-verbinding: System32\DRIVERS\NdisIP.sys (manual start) RAS NDIS TAPI-stuurprogramma: System32\DRIVERS\ndistapi.sys (manual start) I/O-protocol van NDIS-gebruikermodus: System32\DRIVERS\ndisuio.sys (manual start) RAS NDIS WAN-stuurprogramma: System32\DRIVERS\ndiswan.sys (manual start) NetBIOS-interface: System32\DRIVERS\netbios.sys (system) NetBT: System32\DRIVERS\netbt.sys (system) Network DDE: %SystemRoot%\system32\netdde.exe (disabled) Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled) Net Logon: %SystemRoot%\System32\lsass.exe (manual start) Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) 1394-stuurprogramma: System32\DRIVERS\nic1394.sys (manual start) Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Norton Unerase Protection Driver: \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS (manual start) Norton Unerase Protection: C:\PROGRA~1\NORTON~3\NORTON~2\NPROTECT.EXE (autostart) NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start) Verwisselbare opslag: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nv: System32\DRIVERS\nv4_mini.sys (manual start) NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart) NVIDIA nForce AGP Bus Filter: System32\DRIVERS\nv_agp.sys (system) IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start) IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start) Texas Instruments OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system) Stuurprogramma voor parallelle poort: System32\DRIVERS\parport.sys (manual start) PCI Bus-stuurprogramma: System32\DRIVERS\pci.sys (system) PCIIde: System32\DRIVERS\pciide.sys (system) Padus ASPI Shell: system32\drivers\pfc.sys (manual start) Plug and Play: %SystemRoot%\system32\services.exe (autostart) Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (manual start) IPSEC-services: %SystemRoot%\System32\lsass.exe (autostart) WAN-minipoort (PPTP): System32\DRIVERS\raspptp.sys (manual start) Stuurprogramma voor processor: System32\DRIVERS\processr.sys (system) Protected Storage: %SystemRoot%\system32\lsass.exe (autostart) PS2: System32\DRIVERS\PS2.sys (manual start) QoS-pakketplanner: System32\DRIVERS\psched.sys (manual start) Stuurprogramma voor Directe parallelle verbinding: System32\DRIVERS\ptilink.sys (manual start) W2K Pctel Serial Device Driver: System32\DRIVERS\ptserial.sys (manual start) PxHelp20: System32\DRIVERS\PxHelp20.sys (system) Logitech QuickCam Express(PID_0840): System32\DRIVERS\LVCD.sys (manual start) Stuurprogramma voor Automatische verbinding voor RAS: System32\DRIVERS\rasacd.sys (system) Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) WAN-minipoort (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Verbindingsbeheer voor RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) PPPOE-RAS-stuurprogramma: System32\DRIVERS\raspppoe.sys (manual start) Direct Parallel: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Helpsessiebeheer voor Extern bureaublad: C:\WINDOWS\system32\sessmgr.exe (manual start) Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system) Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start) Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter: System32\DRIVERS\RTL8139.SYS (manual start) S3Psddr: System32\DRIVERS\s3gnbm.sys (manual start) Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart) SAVRT: \??\C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRT.SYS (system) SAVRTPEL: \??\C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRTPEL.SYS (system) SAVScan: C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe (autostart) ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart) Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start) Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SDdriver: \??\C:\WINDOWS\System32\Drivers\sddriver.sys (manual start) Secdrv: System32\DRIVERS\secdrv.sys (manual start) Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum Filter-stuurprogramma: System32\DRIVERS\serenum.sys (manual start) Stuurprogramma voor seriële poort: System32\DRIVERS\serial.sys (system) Windows Firewall (WF) / Internet-verbinding delen (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SiS315: System32\DRIVERS\sisgrp.sys (manual start) SiS AGP Filter: System32\DRIVERS\SISAGP.sys (system) BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start) Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (manual start) Speed Disk service: C:\PROGRA~1\NORTON~3\NORTON~2\SPEEDD~1\NOPDB.EXE (autostart) Microsoft Kernel-audiosplitsing: system32\drivers\splitter.sys (manual start) Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart) Stuurprogramma voor systeemherstelfilter: System32\DRIVERS\sr.sys (system) System Restore-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SRV: System32\DRIVERS\srv.sys (manual start) sscdbhk5: system32\drivers\sscdbhk5.sys (system) SSDP Discovery-service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) ssoftnt4: \??\C:\WINDOWS\system32\Drivers\ssoftnt4.sys (autostart) Cryptainer service: ssoftsrv.exe (autostart) ssrtln: system32\drivers\ssrtln.sys (system) Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start) Software Bus-stuurprogramma: System32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{CFB3D3D1-C9A3-42C3-A773-529A67574C62} (manual start) SYMDNS: \??\C:\WINDOWS\System32\Drivers\SYMDNS.SYS (manual start) SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start) SYMFW: \??\C:\WINDOWS\System32\Drivers\SYMFW.SYS (manual start) SYMIDS: \??\C:\WINDOWS\System32\Drivers\SYMIDS.SYS (manual start) SYMIDSCO: \??\C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS (manual start) SYMNDIS: \??\C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (manual start) SYMREDRV: \??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (manual start) SYMTDI: \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS (autostart) SymWMI Service: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (autostart) Microsoft Kernel-systeemaudioapparaat: system32\drivers\sysaudio.sys (manual start) Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start) Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Stuurprogramma voor TCP/IP-protocol: System32\DRIVERS\tcpip.sys (system) Stuurprogramma voor terminal-apparaat: System32\DRIVERS\termdd.sys (system) Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start) tfsnboio: system32\dla\tfsnboio.sys (autostart) tfsncofs: system32\dla\tfsncofs.sys (autostart) tfsndrct: system32\dla\tfsndrct.sys (autostart) tfsndres: system32\dla\tfsndres.sys (autostart) tfsnifs: system32\dla\tfsnifs.sys (autostart) tfsnopio: system32\dla\tfsnopio.sys (autostart) tfsnpool: system32\dla\tfsnpool.sys (autostart) tfsnudf: system32\dla\tfsnudf.sys (autostart) tfsnudfa: system32\dla\tfsnudfa.sys (autostart) Thema's: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart) Microcode Update-stuurprogramma: System32\DRIVERS\update.sys (manual start) Universele Plug en Play-apparaathost: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start) Microsoft generiek hoofd-USB-stuurprogramma: System32\DRIVERS\usbccgp.sys (manual start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start) USB Root Hub (usbport): System32\DRIVERS\usbhub.sys (manual start) Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start) Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start) Stuurprogramma voor USB-scanner: System32\DRIVERS\usbscan.sys (manual start) Stuurprogramma voor USB-massaopslag: System32\DRIVERS\USBSTOR.SYS (manual start) Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start) Grafische VGA-adapter.: \SystemRoot\System32\drivers\vga.sys (system) VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system) ViaIde: System32\DRIVERS\viaide.sys (system) W2K Vmodem: System32\DRIVERS\vmodem.sys (system) W2K Vpctcom: System32\DRIVERS\vpctcom.sys (system) Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start) W2K Vvoice: System32\DRIVERS\vvoice.sys (system) Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) RAS IP ARP-stuurprogramma: System32\DRIVERS\wanarp.sys (manual start) Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Serienummerservice voor draagbare media: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WMI-prestatieadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) World Standard Teletext-codec: System32\DRIVERS\WSTCODEC.SYS (manual start) Automatische updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Wireless Zero Configuration-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Intel(R) Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (system) Intel(R) Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 39.741 bytes Report generated in 1,016 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Ik hoor graag van je, Met vriendelijke groet, Jacques van Zaalen
  • Hallo Jacques, Download [url=http://www.bleepingcomputer.com/files/spyware/KillBox.zip]Pocket KillBox[/url] Unzip het programma naar je bureaublad. Klik op killbox.exe. Selecteer de optie “Delete on reboot”. In het veld “Full path of file to delete" Kopieer en plak je het volgende: [code:1:7a04f6323b] c:\windows\tasks\A56D9170918E03D8.job [/code:1:7a04f6323b] Klik op de knop met de rode cirkel en het witte kruis. Wanneer het programma vraagt om nu te rebooten, geef je hier GEEN toestemming voor. (klik op de knop NO) In het veld “Full path of file to delete" Kopieer en plak je het volgende: [code:1:7a04f6323b] c:\windows\tasks\A84C01AC918BB320.job [/code:1:7a04f6323b] Klik op de knop met de rode cirkel en het witte kruis. Wanneer het programma vraagt om nu te rebooten, geef je hier GEEN toestemming voor. (klik op de knop NO) In het veld “Full path of file to delete" Kopieer en plak je het volgende: [code:1:7a04f6323b] c:\windows\tasks\AE97AEE291805F5A.job [/code:1:7a04f6323b] Wanneer het programma vraagt om nu te rebooten, geef je hier toestemming voor. (klik op de knop YES) Na de reboot, start je Hijackthis en laat je volgende fixen: [b:7a04f6323b] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qvdnhhmcfrrvgrmyjldcimzxt.net/ma48OgR3EAzEce07xMnOeLVCGQJiz2fZfJs1ALqZeTJDgLncmBfEa9uyfVXkbX5P.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qpccsrhlsfs.com/ma48OgR3EAwUKLW_UaK/D1XHrOi1aT9vqOKr1vTPKZA.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.kwgyxfqqhmlwlugmumitby.net/73NoMXLVdNsMmy_uDayim6AAqfeyfqvio1dZOkjItIWnOCC__5aPG3HkY5yfmoiZ.html O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file) O2 - BHO: (no name) - {8E876C8E-27CB-8885-6CC6-DB81A1BFD3DE} - (no file) O2 - BHO: (no name) - {D5449928-BA15-8CDD-3AFF-C067656A4B12} - C:\DOCUME~1\Eigenaar\APPLIC~1\Bibitch\wma one.exe O3 - Toolbar: (no name) - {E1DDB8B6-1CB1-FCF8-5787-E3FC5AB202FF} - (no file) O4 - HKCU\..\Run: [SiteLoad] C:\DOCUME~1\Eigenaar\APPLIC~1\bendburnhelp\BalmFrag.exe O4 - HKLM\..\Run: [lesswaywindowsect] C:\Documents and Settings\All Users\Application Data\intra for less way\Bolt New.exe O23 - Service: Cryptainer service - Unknown - ssoftsrv.exe (file missing) [/b:7a04f6323b] Verwijder nadien deze mappen: C:\Documents and Settings\All Users\Application Data\intra for less way C:\DOCUME~1\Eigenaar\APPLIC~1\bendburnhelp C:\DOCUME~1\Eigenaar\APPLIC~1\Bibitch Reboot de computer en plaats een nieuwe hijackthislog. Succes. Marc
  • Ha die Marc, Bedankt voor jr reactie. Jij hebt vast wel een idee waar ik die Pocket Killbox kan downloaden. Bedankt alvast met vriendelijke groeten, Jacques
  • [quote:89fe893d0d="M@rc"].... Download [url=http://www.bleepingcomputer.com/files/spyware/KillBox.zip]Pocket KillBox[/url] .... [/quote:89fe893d0d] Klik eens op "Pocket Killbox"..... :wink:
  • Bedank Marc, Ik meld me weer zo spoedig mogelijk. Met vriendelijke groet, Jacques
  • Ha die Marc. Precies volgens jouw instructies heb ik op de bewuste pc het een en ander uitgevoerd en het resultaat vind je hieronder. Gaarne verneem ik enig commentaar van je. Logfile of HijackThis v1.99.0 Scan saved at 12:32:22, on 11-1-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\PROGRA~1\NORTON~3\NORTON~4\GHOSTS~2.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~3\NORTON~2\NPROTECT.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\PROGRA~1\NORTON~3\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\VERITAS Software\Update Manager\sgtray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\ATI Technologies\ATI-configuratiescherm\atiptaxx.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\Tijdelijke map 3 voor hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ne6.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ne6.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{24E723C1-1606-4D88-ABA9-6A9478EB2760}: NameServer = 195.121.1.34 195.121.1.66 O17 - HKLM\System\CS1\Services\Tcpip\..\{24E723C1-1606-4D88-ABA9-6A9478EB2760}: NameServer = 195.121.1.34 195.121.1.66 O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~4\GHOSTS~2.EXE O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~2\NPROTECT.EXE O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Wederom alvast bedankt, Met vriendelijke groet, Jacques van Zaalen
  • Ziet er weer goed uit. Maak je Temp-map leeg: Start - Uitvoeren tik in: %TEMP%. Selecteer alle bestanden in deze map en verwijder ze. Ledig de map met tijdelijke internetbestanden: Configuratiescherm - Internetopties - tabblad Algemeen - klik bij Tijdelijke internetbestanden op Bestanden Verwijderen. Maak je Prullenbak leeg. Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in. [url=http://users.pandora.be/marcvn/spyware/1852808.htm]Systeemherstel uitschakelen[/url]. Bezoek regelmatig de [url=http://www.windowsupdate.com]Windows Update Site[/url]. Alleen zo ben je zeker dat je de nieuwste patches voor je besturingssysteem geïnstalleerd hebt. Als er nieuwe updates beschikbaar zijn, dan dowload en installeer je alle essentiële updates en service packs. Reboot je computer en controleer opnieuw. Herhaal deze procedure tot dat er geen essentiële updates meer zijn. Installeer ook [url=http://www.javacoolsoftware.com/spywareblaster.html]SpywareBlaster[/url] en [url=http://www.javacoolsoftware.com/spywareguard.html]Spywareguard[/url]. Gebruik je de laatste versie van Spybot Search & Destroy, en je maakt gebruik van de realtime protectie TeaTimer, dan moet je Spywareguard niet installeren. Meer info over hoe je een nieuwe infectie kan voorkomen vind je [url=http://users.pandora.be/marcvn/spyware/1564073.htm]hier[/url].

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.