Vraag & Antwoord

Beveiliging & privacy

[HJT] Logje

8 antwoorden
  • Vriend van me heeft een probleem: zolang hij een internetverbinding heeft, blijft IEXPLORE.exe zich oneindig lang openen. Gevolg is natuurlijk dat IE crasht en steeds vraagt een foutenrapport te sturen en ook komt er een Runtime Error schermpje in beeld. Soms popt er ook een stop-error op, maar ik kan me de code niet meer herinneren. Diverse anti-spywareprogramma's gedraaid(o.a. Ad-Aware, Spybot S&D, AVG Anti-Spyware en Windows Defender). Verscheidene dingen gevonden, maar probleem niet oplost. Laatste redmiddel leek me een HJT-logje maken, ik zie niks vreemds, maar wellicht kunnen jullie iets vinden? [list:d7a72259d4]Logfile of HijackThis v1.99.1 Scan saved at 16:31:27, on 2-1-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\foobar2000\foobar2000.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsex.dll O2 - BHO: (no name) - {25C7CE21-E543-46A9-B4B3-01B845B28A6D} - C:\WINDOWS\system32\admparsex.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00403} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00404} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00405} - C:\WINDOWS\system32\fontexte.dll O2 - BHO: (no name) - {DDEC2387-6435-46B6-AF8C-1075F6EBF08B} - C:\WINDOWS\system32\admparsez.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: h618 - C:\WINDOWS\g28351796.dll (file missing) O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Unknown owner - D:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (file missing) O23 - Service: Sophos Anti-Virus (SAVService) - Unknown owner - D:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Sophos AutoUpdate Service - Unknown owner - D:\Program Files\Sophos\AutoUpdate\ALsvc.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe (file missing) [/list:u:d7a72259d4] Bij voorbaat dank!
  • ff kijken
  • Als eerste, uninstal hitmanpro want die zit de fix zo in de weg. Start HJT opnieuw en doe een systemscan only vink onderstaande regels aan sluit alle vensters behalve HJT en klik dan op fix checked. [b:c4f7ba30fb] O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsex.dll O2 - BHO: (no name) - {25C7CE21-E543-46A9-B4B3-01B845B28A6D} - C:\WINDOWS\system32\admparsex.dll O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00403} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00404} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00405} - C:\WINDOWS\system32\fontexte.dll O2 - BHO: (no name) - {DDEC2387-6435-46B6-AF8C-1075F6EBF08B} - C:\WINDOWS\system32\admparsez.dll (file missing) O20 - Winlogon Notify: h618 - C:\WINDOWS\g28351796.dll (file missing) O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)[/b:c4f7ba30fb] Download [url=http://users.telenet.be/marcvn/tools/win32delfkil.exe]win32delfkil.exe[/url]. Plaats het op je bureaublad. Sluit alle open vensters want de computer zal herstarten. Dubbelklik op win32delfkil.exe om het tooltje te starten. Na reboot opent er een kladblokbestand. Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • Ik zal morgen het nieuwe logje plaatsen, dan ga ik weer naar 'm toe. Alvast bedankt!
  • Windelf: WIN32DELFKIL LOGFILE - by Marckie version 3.117 vr 05-01-2007 12:24:10,60 running from: "C:\Documents and Settings\Stijn Mulder\Bureaublad" --- File(s) found in Windows directory --- g17560000.dll g1838390.dll g20201859.dll g21522218.dll g26555796.dll g3161171.dll g506640.dll g5558781.dll g6270171.dll fontexte.dll gc403.cnf gc404.cnf gc405.cnf gsc405.cnf --- File(s) found in system32 folder --- --- Services --- service SXServ is present! [SWSC] DeleteService SUCCESS --- Export SharedTaskScheduler key --- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}"="z" "{259BA022-2005-45E9-A965-10EDB9C00618}"="Windowz Updater" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00402}"="z" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00403}"="z" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00404}"="z" "{25C7CE21-E543-46A9-B4B3-01B845B28A6D}"="Master Browseui" "{DDEC2387-6435-46B6-AF8C-1075F6EBF08B}"="Master Browseui" --- sharedtaskkey (1): A4F94C0C-54A7-4DB1-9AF3-B22E63D00401 --- no keys found --- sharedtaskkey (2): 259BA022-2005-45E9-A965-10EDB9C00618 --- no keys found --- sharedtaskkey (3): A4F94C0C-54A7-4DB1-9AF3-B22E63D00402 --- no keys found --- sharedtaskkey (4): A4F94C0C-54A7-4DB1-9AF3-B22E63D00403 --- no keys found --- sharedtaskkey (5): A4F94C0C-54A7-4DB1-9AF3-B22E63D00404 --- no keys found --- sharedtaskkey (6): 25C7CE21-E543-46A9-B4B3-01B845B28A6D --- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25C7CE21-E543-46A9-B4B3-01B845B28A6D}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25C7CE21-E543-46A9-B4B3-01B845B28A6D}\InprocServer32] @="C:\\WINDOWS\\system32\\admparsex.dll" "ThreadingModel"="Apartment" checking for file: admparsex.dll found admparsex.dll deleted! --- sharedtaskkey (7): DDEC2387-6435-46B6-AF8C-1075F6EBF08B --- no keys found --- Notify key --- --- rebooting the computer --- --- File(s) found in Windows directory --- --- File(s) found in system32 folder --- --- Services --- --- Export SharedTaskSchedulerkey --- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën" --- Notify key --- Finished! Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 12:27:18, on 5-1-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe D:\Program Files\Eset\nod32kui.exe D:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {25C7CE21-E543-46A9-B4B3-01B845B28A6D} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {DDEC2387-6435-46B6-AF8C-1075F6EBF08B} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Unknown owner - D:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (file missing) O23 - Service: Sophos Anti-Virus (SAVService) - Unknown owner - D:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Sophos AutoUpdate Service - Unknown owner - D:\Program Files\Sophos\AutoUpdate\ALsvc.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • wil je deze fix ook uitvoeren aub. Download [url=http://download.bleepingcomputer.com/sUBs/combofix.exe][b:cbdfc73a5e]Combofix[/b:cbdfc73a5e][/url] naar je Bureaublad.[list:cbdfc73a5e] Dubbelklik [b:cbdfc73a5e]Combofix.exe[/b:cbdfc73a5e] Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen. Tijdens het runnen van de fix, [b:cbdfc73a5e]NIET[/b:cbdfc73a5e] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:cbdfc73a5e] Wanneer de fix voltooid is en na herstart, zal de log [b:cbdfc73a5e]combofix.txt[/b:cbdfc73a5e] openen. [i:cbdfc73a5e]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:cbdfc73a5e] NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • [b:30dd48aaa6][size=18:30dd48aaa6]Combofix:[/size:30dd48aaa6][/b:30dd48aaa6] [list:30dd48aaa6]Stijn Mulder - 07-01-05 20:50:20,64 Service Pack 2 ComboFix 06.11.27 - Running from: "C:\Program Files\Mozilla Firefox" ((((((((((((((((((((((((((((((( Files Created from 2006-12-05 to 2007-01-05 )))))))))))))))))))))))))))))))))) 2007-01-05 16:31 90,112 --a------ C:\RegDACL.exe 2007-01-05 16:31 53,248 --a------ C:\Process.exe 2007-01-05 16:31 42,496 --a------ C:\swreg.exe 2007-01-05 16:31 40,960 --a------ C:\swsc.exe 2007-01-05 16:31 4,175 --a------ C:\SMWNCV.cmd 2007-01-05 16:31 4,096 --a------ C:\REBOOT.EXE 2007-01-05 16:31 16,384 --a------ C:\restart.exe 2007-01-05 13:05 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs 2007-01-05 13:04 <DIR> d-------- C:\WINDOWS\Internet Logs 2007-01-05 12:24 90,112 --a------ C:\WINDOWS\system32\regdacl.exe 2007-01-05 12:24 53,248 --a------ C:\WINDOWS\system32\process.exe 2007-01-05 12:24 42,496 --a------ C:\WINDOWS\system32\swreg.exe 2007-01-05 12:24 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2007-01-05 12:24 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-01-05 12:24 276,358 --a------ C:\win32delfkil.exe 2007-01-05 12:24 16,384 --a------ C:\WINDOWS\system32\restart.exe 2007-01-05 12:24 <DIR> d-------- C:\WINDOWS\system32\regdacl 2007-01-05 12:24 <DIR> d-------- C:\_backupD 2007-01-05 12:23 <DIR> d-------- C:\Program Files\backups 2007-01-02 21:25 <DIR> dr-h----- C:\Documents and Settings\Stijn Mulder\Onlangs geopend 2007-01-02 16:31 218,112 --a------ C:\Program Files\HijackThis.exe 2007-01-02 16:08 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-01-02 16:08 299,392 --a------ C:\WINDOWS\system32\imon.dll 2007-01-02 16:08 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-01-02 15:33 13 --a------ C:\taskmen32.pif 2007-01-02 15:00 80,128 --a------ C:\WINDOWS\system32\drivers\savonaccesscontrol.sys 2007-01-02 15:00 24,064 --a------ C:\WINDOWS\system32\drivers\savonaccessfilter.sys 2007-01-02 14:48 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-01-02 13:44 <DIR> d-------- C:\Documents and Settings\Stijn Mulder\Application Data\Lavasoft 2007-01-02 13:35 78,336 --a------ C:\WINDOWS\system32\drivers\ssi.sys 2007-01-02 13:35 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-01-02 13:35 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-01-02 13:35 102,912 --a------ C:\WINDOWS\system32\islzma.dll 2007-01-02 13:35 <DIR> d-------- C:\Documents and Settings\Stijn Mulder\Application Data\Webroot 2007-01-02 13:35 <DIR> d-------- C:\Documents and Settings\Stijn Mulder\Application Data\PC Tools 2006-12-29 22:58 99 --a------ C:\WINDOWS\ztaskmen32.pif 2006-12-26 16:33 25 --a------ C:\WINDOWS\taskmen32.pif 2006-12-13 17:54 <DIR> d-------- C:\Program Files\Mozilla Firefox 2006-12-11 07:33 <DIR> d-------- C:\WINDOWS\Start Menu 2006-12-11 07:33 <DIR> d-------- C:\WINDOWS\Application Data (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-05 14:03 -------- d-------- C:\Documents and Settings\Stijn Mulder\Application Data\foobar2000 2007-01-05 12:27 4267 --a------ C:\Program Files\hijackthis.log 2007-01-02 15:00 -------- d-------- C:\Program Files\Common Files 2007-01-02 14:31 -------- d-------- C:\Documents and Settings\Stijn Mulder\Application Data\Google 2006-12-30 22:53 -------- d-------- C:\Program Files\Google 2006-12-30 19:21 -------- d-------- C:\Documents and Settings\Stijn Mulder\Application Data\Xfire 2006-12-22 20:00 -------- d-------- C:\Program Files\Fire Fox 2006-12-22 17:14 -------- d-------- C:\Program Files\Internet Explorer 2006-12-21 21:34 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-12-17 13:12 -------- d-------- C:\Program Files\MSN Messenger 2006-12-13 10:06 -------- d-------- C:\Documents and Settings\Stijn Mulder\Application Data\LimeWire 2006-12-13 09:31 -------- d-------- C:\Program Files\Outlook Express 2006-12-13 09:31 -------- d-------- C:\Program Files\Common Files\System 2006-12-03 19:12 -------- d-------- C:\Program Files\foobar2000 2006-12-03 14:25 -------- d---s---- C:\Documents and Settings\Stijn Mulder\Application Data\Microsoft 2006-12-02 14:27 -------- d-------- C:\Program Files\Windows Media Player 2006-12-02 14:27 -------- d-------- C:\Program Files\Windows Media Connect 2 2006-11-14 13:50 -------- d-------- C:\Program Files\Java 2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-06 18:38 -------- d-------- C:\Program Files\ESET 2006-11-02 23:35 8271872 --a------ C:\WINDOWS\system32\wmploc.dll 2006-11-02 22:53 99840 --a------ C:\WINDOWS\system32\wmpshell.dll 2006-11-02 22:52 257536 --a------ C:\WINDOWS\system32\wmerror.dll 2006-11-02 22:50 7680 --a------ C:\WINDOWS\system32\asferror.dll 2006-11-02 11:52 42496 --------- C:\WINDOWS\system32\wpdshextres.dll 2006-10-20 02:39 714752 --a------ C:\WINDOWS\system32\sxs.dll 2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe 2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe 2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll 2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll 2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll 2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll 2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll 2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll 2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll 2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll 2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll 2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll 2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll 2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll 2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll 2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll 2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll 2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll 2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll 2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll 2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll 2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll 2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll 2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll 2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll 2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll 2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll 2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll 2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll 2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll 2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll 2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll 2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll 2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll 2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll 2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll 2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll 2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll 2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll 2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll 2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll 2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll 2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll 2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll 2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll 2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll 2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll 2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll 2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll 2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll 2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll 2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll 2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll 2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe 2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe 2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe 2006-10-13 13:41 65536 --a------ C:\WINDOWS\system32\nwwks.dll 2006-10-13 13:41 64000 --a------ C:\WINDOWS\system32\nwapi32.dll 2006-10-13 13:41 144384 --a------ C:\WINDOWS\system32\nwprovau.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "!AVG Anti-Spyware"="\"D:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "nod32kui"="\"D:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE" "Windows Defender"="\"D:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide" "Zone Labs Client"="\"d:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Mijn huidige introductiepagina" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "Spyware Doctor"="" "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "Spyware Doctor"="" "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Adobe Reader Snelle start.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Snelle start.lnkCommon Startup" "location"="Common Startup" "command"="D:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Snelle start" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="avgas" "hkey"="HKLM" "command"="\"D:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ADeck" "hkey"="HKLM" "command"="C:\\Program Files\\VIAudioi\\SBADeck\\ADeck.exe 1 " "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="daemon" "hkey"="HKLM" "command"="\"d:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" "inimapping"="0" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhdn32 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SAVService Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Scan.job Completion time: 07-01-05 20:51:47.70 C:\ComboFix.txt ... 07-01-05 20:51[/list:u:30dd48aaa6] [b:30dd48aaa6][size=18:30dd48aaa6]HijackThis[/size:30dd48aaa6][/b:30dd48aaa6] [list:30dd48aaa6]Logfile of HijackThis v1.99.1 Scan saved at 21:27:16, on 5-1-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe D:\Program Files\Eset\nod32kui.exe D:\Program Files\Windows Defender\MSASCui.exe D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {25C7CE21-E543-46A9-B4B3-01B845B28A6D} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {DDEC2387-6435-46B6-AF8C-1075F6EBF08B} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - d:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Unknown owner - D:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (file missing) O23 - Service: Sophos Anti-Virus (SAVService) - Unknown owner - D:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Sophos AutoUpdate Service - Unknown owner - D:\Program Files\Sophos\AutoUpdate\ALsvc.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe [/list:u:30dd48aaa6]
  • [b:13a0f32994]1. Verplaats Combofix[/b:13a0f32994] naar je Bureaublad (dit is heel belangrijk !). <<<<<<<<< Ga naar Start > Uitvoeren en kopieer en plak het volgende in het veld: [b:13a0f32994]"%userprofile%\Bureaublad\Combofix.exe" /v winhdn32 [/b:13a0f32994] Klik daarna op Enter. Dit zal de Combofix starten. Wanneer de fix voltooid is en na herstart, zal de log [b:13a0f32994]combofix.txt[/b:13a0f32994] openen. Bewaar dit logje. 2. Zet in configuratiescherm > mapoptie's een vinkje bij verborgen bestanden en mappen weergeven. Haal daarna ook het vinkje weg bij extensie's voor bekende bestandstypen verbergen. Klik vervolgens op toepassen en ok. 3. Print nu onderstaande instructies uit of kopieer ze naar een .txt bestand. Dit, omdat de rest van de fix in veilige modus is en je hier dus niet meer kan terugzoeken. 4. Start op in Veilige modus http://users.telenet.be/marcvn/spyware/1378056.htm 5. Start nu alléén HijackThis op. Klik op Scan en vink ALLEEN de onderstaande, eventueel aanwezige, regels aan. [b:13a0f32994] O2 - BHO: (no name) - {25C7CE21-E543-46A9-B4B3-01B845B28A6D} - (no file) O2 - BHO: (no name) - {DDEC2387-6435-46B6-AF8C-1075F6EBF08B} - (no file) O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)[/b:13a0f32994] Sluit alle vensters! Klik vervolgens op fix checked en ok. 6. Verwijder de volgende eventueel aanwezige bestanden: C:\WINDOWS\SYSTEM32\[b:13a0f32994]winhdn32.dll[/b:13a0f32994] Start opnieuw op en plaats de logjes aub. J

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.