Vraag & Antwoord

Beveiliging & privacy

HJT logje..

7 antwoorden
  • hallo deze computer heeft erg last van spyware.. vooral van ad.firstadsolution en adopt.euroclick hier een logje van hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 22:57:53, on 20-12-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\Norman\Bin\Zanda.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\wdfmgr.exe C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\nipsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Norman\bin\ZLH.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\WINDOWS\system32\svchost.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\admin\Bureaublad\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [AutoBackupXe] C:\Program Files\Osirius\Outlook Backup\AutoBackupXe.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [plus obj amok for] C:\Documents and Settings\All Users\Application Data\dash download plus obj\VIEWSUPPORT.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [startthird] C:\DOCUME~1\admin\APPLIC~1\STUPID~1\camp cash.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9EF05386-5948-4C84-80CE-BEB2B784D9DB}: NameServer = 192.168.1.100,192.168.1.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: WPEServ - Unknown owner - C:\Program Files\Common Files\WPE\wpeserv.exe
  • Ik zie twee virusscanners actief, gebruik je HITMANPRO toevallig?? zo ja wil je die dan uninstallen met alle componenten en dan een nieuw HJT logje maken aub. Juisterr
  • hitman en nod32 zijn er beide af.. hier een nieuwe hjt: Logfile of HijackThis v1.99.1 Scan saved at 14:47:08, on 21-12-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Norman\Bin\Zanda.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\BIN\nipsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Norman\bin\ZLH.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\admin\Bureaublad\HijackThis.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b7ebd471f473abd9db624d2006287e7f\update\update.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [AutoBackupXe] C:\Program Files\Osirius\Outlook Backup\AutoBackupXe.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [plus obj amok for] C:\Documents and Settings\All Users\Application Data\dash download plus obj\VIEWSUPPORT.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [startthird] C:\DOCUME~1\admin\APPLIC~1\STUPID~1\camp cash.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9EF05386-5948-4C84-80CE-BEB2B784D9DB}: NameServer = 192.168.1.100,192.168.1.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: WPEServ - Unknown owner - C:\Program Files\Common Files\WPE\wpeserv.exe
  • Hmmm Download [url=http://download.bleepingcomputer.com/sUBs/combofix.exe][b:681b1a988d]Combofix[/b:681b1a988d][/url] naar je Bureaublad.[list:681b1a988d] Dubbelklik [b:681b1a988d]Combofix.exe[/b:681b1a988d] Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen. Tijdens het runnen van de fix, [b:681b1a988d]NIET[/b:681b1a988d] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:681b1a988d] Wanneer de fix voltooid is en na herstart, zal de log [b:681b1a988d]combofix.txt[/b:681b1a988d] openen. [i:681b1a988d]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:681b1a988d] NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. Juisterr
  • ComboFix-logje: admin - 06-12-22 15:57:06,72 Service Pack 2 ComboFix 06.11.27 - Running from: "C:\Documents and Settings\admin\Bureaublad" ((((((((((((((((((((((((((((((( Files Created from 2006-11-22 to 2006-12-22 )))))))))))))))))))))))))))))))))) 2006-12-21 14:47 <DIR> d-------- C:\WINDOWS\LastGood 2006-12-20 20:09 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Lavasoft 2006-12-20 20:06 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Webroot 2006-12-20 20:06 <DIR> d-------- C:\Documents and Settings\admin\Application Data\PC Tools 2006-12-20 20:00 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2006-12-15 16:19 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2006-12-15 16:18 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2006-12-07 10:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2006-12-06 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\dash download plus obj 2006-12-06 16:27 <DIR> d-------- C:\Program Files\STUPIDEGGSFOUR 2006-12-06 16:27 <DIR> d-------- C:\Documents and Settings\admin\Application Data\STUPIDEGGSFOUR 2006-12-06 16:26 <DIR> d-------- C:\Program Files\Messenger Plus! Live 2006-12-06 16:26 <DIR> d-------- C:\Program Files\Adverts 2006-12-06 15:57 <DIR> d-------- C:\Documents and Settings\admin\Contacts 2006-12-06 13:37 <DIR> d-------- C:\Program Files\Bas 2006-12-05 22:51 178,408 --a------ C:\WINDOWS\system32\muweb.dll 2006-12-05 22:51 128,232 --a------ C:\WINDOWS\system32\mucltui.dll 2006-12-05 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2006-12-05 21:49 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2006-12-05 21:48 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2006-11-30 13:49 <DIR> d-------- C:\Documents and Settings\admin\Application Data\AdobeUM 2006-11-30 13:49 <DIR> d-------- C:\Documents and Settings\admin\Application Data\AdobeAUM (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-22 03:04 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-12-21 14:32 -------- d-------- C:\Program Files\Hitman Pro 2006-12-21 14:31 -------- d-------- C:\Program Files\Webroot 2006-12-20 23:05 -------- d-------- C:\Program Files\Mozilla Firefox 2006-12-13 03:03 -------- d-------- C:\Program Files\Internet Explorer 2006-12-13 03:02 -------- d-------- C:\Program Files\Outlook Express 2006-12-13 03:02 -------- d-------- C:\Program Files\Common Files\System 2006-12-07 06:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-12-06 16:26 -------- d-------- C:\Program Files\MSN Messenger 2006-12-06 15:59 -------- d---s---- C:\Documents and Settings\admin\Application Data\Microsoft 2006-11-30 13:49 -------- d-------- C:\Documents and Settings\admin\Application Data\Adobe 2006-11-30 13:47 -------- d-------- C:\Program Files\Common Files\Adobe 2006-11-30 13:46 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-11-30 13:46 -------- d-------- C:\Program Files\Adobe 2006-11-25 18:30 -------- d-------- C:\Program Files\Mozilla Thunderbird 2006-11-18 17:03 -------- d-------- C:\Program Files\Mijn manege 2006-11-18 17:02 12400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2006-11-11 19:59 -------- d-------- C:\Program Files\Kruidvat Fotoboek 2006-11-10 19:30 -------- d-------- C:\Program Files\Common Files\DirectX 2006-11-10 19:30 -------- d-------- C:\Program Files\Common Files 2006-11-10 19:14 -------- d-------- C:\Program Files\EA GAMES 2006-11-10 18:48 -------- d-------- C:\Program Files\Common Files\EasyInfo 2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-06 22:57 -------- d-------- C:\Program Files\Picasa2 2006-10-20 02:39 714752 --a------ C:\WINDOWS\system32\sxs.dll 2006-10-13 13:41 144384 --a------ C:\WINDOWS\system32\nwprovau.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "startthird"="C:\\DOCUME~1\\admin\\APPLIC~1\\STUPID~1\\camp cash.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Norman ZANDA"="C:\\Norman\\bin\\ZLH.EXE /LOAD /SPLASH" "AutoBackupXe"="C:\\Program Files\\Osirius\\Outlook Backup\\AutoBackupXe.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe" "plus obj amok for"="C:\\Documents and Settings\\All Users\\Application Data\\dash download plus obj\\VIEWSUPPORT.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Mijn huidige introductiepagina" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,96,00,00,00,00,00,00,00,6a,04,00,00,e2,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\B6C6BFE992752B3D.job Completion time: 06-12-22 16:00:42.41 C:\ComboFix.txt ... 06-12-22 16:00 hjt-logje: Logfile of HijackThis v1.99.1 Scan saved at 21:48:06, on 27-12-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Norman\Bin\Zanda.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Norman\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Norman\bin\ZLH.EXE C:\Program Files\Osirius\Outlook Backup\AutoBackupXe.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Norman\bin\ZLH.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\BIN\nipsvc.exe C:\Norman\Nvc\bin\cclaw.exe C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Norman\bin\ZLH.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Norman\bin\ZLH.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Program Files\Messenger\msmsgs.exe C:\Norman\Nvc\bin\cclaw.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Norman\bin\ZLH.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Norman\Nvc\BIN\NIP.EXE C:\WINDOWS\system32\ctfmon.exe C:\Norman\Nvc\bin\cclaw.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Norman\bin\ZLH.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Program Files\Messenger\msmsgs.exe C:\Norman\Nvc\bin\cclaw.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Documents and Settings\admin\Bureaublad\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [AutoBackupXe] C:\Program Files\Osirius\Outlook Backup\AutoBackupXe.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [plus obj amok for] C:\Documents and Settings\All Users\Application Data\dash download plus obj\VIEWSUPPORT.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [startthird] C:\DOCUME~1\admin\APPLIC~1\STUPID~1\camp cash.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9EF05386-5948-4C84-80CE-BEB2B784D9DB}: NameServer = 192.168.1.100,192.168.1.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: WPEServ - Unknown owner - C:\Program Files\Common Files\WPE\wpeserv.exe Bedankt weer! Peter
  • Volg onderstaande stappen aub. [b:956a7fd536]Stap 1[/b:956a7fd536] Download [url=http://java.sun.com/javase/downloads/index.jsp][b:956a7fd536][color=blue:956a7fd536]Java Runtime Environment (JRE) 6.0[/color:956a7fd536][/b:956a7fd536][/url]. [list:956a7fd536][*:956a7fd536]Scroll omlaag naar : "[i:956a7fd536]The J2SE Runtime Environment (JRE) allows end-users to run Java applications[/i:956a7fd536]". [*:956a7fd536]Klik op de "[b:956a7fd536]Download[/b:956a7fd536]" knop aan de rechterkant. [*:956a7fd536]Vink aan: "[b:956a7fd536][i:956a7fd536]Accept[/b:956a7fd536] License Agreement[/i:956a7fd536]". [*:956a7fd536]De pagina zal herladen. [*:956a7fd536]Klik op de link om [i:956a7fd536]Windows [b:956a7fd536]Offline[/b:956a7fd536] Installation[/i:956a7fd536] te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad. [*:956a7fd536]Sluit alle programma's die eventueel open zijn - Zeker je web browser! [*:956a7fd536]Ga dan naar [b:956a7fd536]Start[/b:956a7fd536] > [b:956a7fd536]Configuratiescherm[/b:956a7fd536] > [b:956a7fd536]Software[/b:956a7fd536] en verwijder alle oudere versies van Java uit de Softwarelijst. [*:956a7fd536]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. [*:956a7fd536]Klik dan op [b:956a7fd536]Verwijderen[/b:956a7fd536] of op de [b:956a7fd536]Wijzig/Verwijder[/b:956a7fd536] knop. [*:956a7fd536]Herhaal dit tot alle oudere versies verdwenen zijn. [*:956a7fd536]Na het verwijderen van alle oudere versies, [b:956a7fd536]herstart[/b:956a7fd536] je pc. [*:956a7fd536]Dubbelklik vervolgens op [b:956a7fd536]jre-6-windows-i586.exe[/b:956a7fd536] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:956a7fd536] [b:956a7fd536]Stap 2 [/b:956a7fd536] Start HJT opnieuw en doe een systemscan only vink onderstaande regel aan sluit alle vensters behalve HJT en klik op fix checked. [b:956a7fd536]O4 - HKCU\..\Run: [startthird] C:\DOCUME~1\admin\APPLIC~1\STUPID~1\camp cash.exe[/b:956a7fd536] verwijder deze map met behulp van verkenner.(dikgedrukt) C:\DOCUME~1\admin\APPLIC~1\[b:956a7fd536]STUPID~1\camp cash.exe[/b:956a7fd536] ~ ~ jij ziet de hele naam [applicationdata] [b:956a7fd536]Stap 3[/b:956a7fd536] Open Kladblok, en kopieer en plak de vetgedrukte tekst in een leeg venster :[list:956a7fd536][list:956a7fd536][b:956a7fd536]@echo off attrib -h %windir%\tasks\*.job echo Lop Jobs deleted >logit.txt dir /B "%windir%\tasks\????????9???????.job" >>logit.txt del "%windir%\tasks\????????9???????.job" dir /B "%windir%\tasks\????????8???????.job" >>logit.txt del "%windir%\tasks\????????8???????.job" cls exit[/b:956a7fd536][/list:u:956a7fd536] Ga naar Bestand > Opslaan als, en sla het op met als naam [b:956a7fd536]fix.bat[/b:956a7fd536] op je Bureaublad, type: "alle typen", en klik op OK Sluit Kladblok, ga naar je Bureaublad en dubbelklik op [b:956a7fd536]fix.bat[/b:956a7fd536] Op je Bureaublad verschijnt een tekstbestandje (logit.txt) Post de inhoud daarvan straks hier.[/list:u:956a7fd536] Vertel eens of je problemen al over zijn, Succes Juisterr
  • Logit.txt: [code:1:1b72a94bdc]Lop Jobs deleted B6C6BFE992752B3D.job[/code:1:1b72a94bdc] nog steeds last van spyware..

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.