Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Combofix log!

None
10 antwoorden
  • Ik heb combofix gedraaid omdat ik nogal last heb van Casino popups enzo.
    Kan er iemand wijs uit?

    [b:6dd87ef247]"Admin" - 07-01-25 9:01:40 Service Pack 2
    ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Admin\Bureaublad"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\INSTALL.LOG
    C:\WINDOWS\hosts
    C:\WINDOWS\secure32.html


    ((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 ))))))))))))))))))))))))))))))))))


    2007-01-24 09:43 <DIR> d——– C:\Program Files\Windows Live Safety Center
    2007-01-23 17:09 <DIR> dr-h—– C:\DOCUME~1\Admin\Onlangs geopend
    2007-01-23 14:00 <DIR> d——– C:\Program Files\Windows Defender
    2007-01-21 16:36 <DIR> d——– C:\Program Files\Lies City Does
    2007-01-21 16:36 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Filmplatformpartbias
    2007-01-21 16:36 <DIR> d——– C:\DOCUME~1\Admin\Application Data\Lies City Does
    2007-01-10 09:27 <DIR> d——– C:\WINDOWS\ie7updates
    2007-01-02 14:38 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Google
    2006-12-31 17:12 <DIR> d——– C:\Program Files\Shareaza
    2006-12-31 16:43 <DIR> d——– C:\Program Files\eMule


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-25 08:05 ——– d——– C:\Program Files
    orton internet security
    2007-01-25 08:05 ——– d——– C:\Program Files\Common Files\symantec shared
    2007-01-15 12:23 ——– d——– C:\DOCUME~1\Admin\Application Data\adobeum
    2007-01-10 09:45 ——– d——– C:\Program Files\mirc
    2007-01-02 16:18 ——– d——– C:\Program Files\google
    2007-01-02 14:46 ——– d——– C:\DOCUME~1\Admin\Application Data\google
    2006-12-31 17:12 ——– d——– C:\DOCUME~1\Admin\Application Data\shareaza
    2006-12-22 19:45 48776 –a—— C:\WINDOWS\system32\s32evnt1.dll
    2006-12-22 19:45 115000 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2006-12-22 19:45 ——– d——– C:\Program Files\symantec
    2006-12-19 19:14 ——– d——– C:\Program Files\java
    2006-12-15 00:24 ——– d——– C:\Program Files\messenger plus! live
    2006-12-13 10:23 ——– d——– C:\Program Files\filezilla
    2006-12-13 09:46 ——– d——– C:\DOCUME~1\Admin\Application Data\adobe
    2006-12-11 12:08 ——– d——– C:\Program Files\Common Files\adobe
    2006-12-11 12:07 ——– d–h—– C:\Program Files\installshield installation information
    2006-12-11 11:59 210 –a—— C:\WINDOWS\system32\postinstall.cmd
    2006-12-11 11:59 128 –a—— C:\WINDOWS\system32\batch.cmd
    2006-12-06 17:09 ——– d——– C:\Program Files\elaborate bytes
    2006-12-05 17:05 ——– d——– C:\Program Files\windows media connect 2
    2006-11-29 08:47 73216 –a—— C:\WINDOWS\st6unst.exe
    2006-11-29 08:47 249856 ——— C:\WINDOWS\setup1.exe
    2006-11-29 08:47 ——– d——– C:\Program Files\easytorrent
    2006-11-18 19:59 3489238 –a—— C:\FileZilla_2_2_25_setup.exe
    2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 21:03 6049280 ——— C:\WINDOWS\system32\ieframe.dll
    2006-11-07 21:03 50688 ——— C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-07 21:03 458752 ——— C:\WINDOWS\system32\msfeeds.dll
    2006-11-07 21:03 413696 –a—— C:\WINDOWS\system32\vbscript.dll
    2006-11-07 21:03 231424 –a—— C:\WINDOWS\system32\webcheck.dll
    2006-11-07 21:03 180736 ——— C:\WINDOWS\system32\ieui.dll
    2006-11-07 21:03 156160 –a—— C:\WINDOWS\system32\msls31.dll
    2006-11-07 03:27 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
    2006-11-07 03:27 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
    2006-11-07 03:26 71680 –a—— C:\WINDOWS\system32\admparse.dll
    2006-11-07 03:26 55296 –a—— C:\WINDOWS\system32\iesetup.dll
    2006-11-07 03:26 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
    2006-11-07 03:26 43008 –a—— C:\WINDOWS\system32\iernonce.dll
    2006-11-07 03:26 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
    2006-11-07 03:26 13312 –a—— C:\WINDOWS\system32\ieudinit.exe
    2006-11-07 03:26 123904 –a—— C:\WINDOWS\system32\advpack.dll
    2006-11-07 03:25 161792 –a—— C:\WINDOWS\system32\ieakui.dll
    2006-11-06 11:35 531568 –a—— C:\WINDOWS\system32\rmactivate_isv.exe
    2006-11-06 11:35 523376 –a—— C:\WINDOWS\system32\rmactivate.exe
    2006-11-06 11:35 519280 –a—— C:\WINDOWS\system32\secproc_isv.dll
    2006-11-06 11:35 518768 –a—— C:\WINDOWS\system32\secproc.dll
    2006-11-06 11:35 358000 –a—— C:\WINDOWS\system32\rmactivate_ssp.exe
    2006-11-06 11:35 354416 –a—— C:\WINDOWS\system32\rmactivate_ssp_isv.exe
    2006-11-06 11:35 323696 –a—— C:\WINDOWS\system32\msdrm.dll
    2006-11-06 11:35 192624 –a—— C:\WINDOWS\system32\secproc_ssp_isv.dll
    2006-11-06 11:35 192624 –a—— C:\WINDOWS\system32\secproc_ssp.dll
    2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
    2006-11-02 23:35 8271872 –a—— C:\WINDOWS\system32\wmploc.dll
    2006-11-02 22:53 99840 –a—— C:\WINDOWS\system32\wmpshell.dll
    2006-11-02 22:52 257536 –a—— C:\WINDOWS\system32\wmerror.dll
    2006-11-02 22:50 7680 –a—— C:\WINDOWS\system32\asferror.dll
    2006-11-02 11:52 42496 ——— C:\WINDOWS\system32\wpdshextres.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
    "Stop pure"="C:\\DOCUME~1\\Admin\\APPLIC~1\\LIESCI~1\\BURN MP3.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.EXE"
    "Logitech Utility"="Logi_MwX.Exe"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "SRUUninstall"="\"C:\\WINDOWS\\System32\\msiexec.exe\" /L*v C:\\WINDOWS\\TEMP\\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
    "SRUUninstall"="\"C:\\WINDOWS\\System32\\msiexec.exe\" /L*v C:\\WINDOWS\\TEMP\\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Adobe Reader Snelle start.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Reader Snelle start.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
    "item"="Adobe Reader Snelle start"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CloneCDTray"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"
    "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoColorChoice"=dword:00000000
    "NoSizeChoice"=dword:00000000
    "NoDispScrSavPage"=dword:00000000
    "NoDispCPL"=dword:00000000
    "NoVisualStyleChoice"=dword:00000000
    "NoDispSettingsPage"=dword:00000000
    "NoDispBackgroundPage"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSaveSettings"=dword:00000000
    "NoThemesTab"=dword:00000000
    "NoActiveDesktopChanges"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    Usnsvc REG_MULTI_SZ usnsvc\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AA19E42B918A980F.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job
    C:\WINDOWS\tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Admin.job

    Completion time: 07-01-25 9:07:58[/b:6dd87ef247]
  • Download dit bestand: [b:e84cc056d4]Deljob.exe[/b:e84cc056d4]
    Plaats het op je bureaublad.
    Dubbelklik Deljob.exe.
    Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad.
    Post de inhoud van [b:e84cc056d4]logit.txt[/b:e84cc056d4] in je volgende bericht.

    plaats een HJT logje aub en niet een combofix.
  • Zoals je vroeg de inhoud van [b:49e9c2c649]Logit.txt[/b:49e9c2c649]

    ——————————————————–
    BACKUPS CREATED in C:\DELJOB

    AA19E42B918A980F.job
    ——————————————————–
    FILES IN TASKS FOLDER

    MP Scheduled Scan.job
    Norton AntiVirus - Volledige systeemscan uitvoeren - Admin.job
    ——————————————————–
    EXPORT APP DATA FOLDERS
    ——————————————————–
    De volumenaam van station C is Systeem
    Het volumenummer is E80C-EF7E

    Map van C:\Documents and Settings\Admin\Application Data

    13-12-2006 09:46 <DIR> Adobe
    15-01-2007 12:23 <DIR> AdobeUM
    04-11-2004 02:08 <DIR> Ahead
    31-10-2003 01:09 <DIR> ALADDI~1 Aladdin Systems
    19-03-2004 21:41 <DIR> AP
    13-03-2006 20:37 <DIR> APPLEC~1 Apple Computer
    01-04-2006 14:05 <DIR> Azureus
    23-08-2006 02:05 <DIR> CHESSB~1 ChessBase
    22-06-2005 21:05 <DIR> COMMON~1 Common Files
    09-11-2006 22:10 <DIR> DivX
    04-11-2006 19:01 <DIR> DOWNLO~1 Download Manager
    23-06-2003 22:14 19.944 GDIPFO~1.DAT GDIPFONTCACHEV1.DAT
    03-12-2003 08:59 <DIR> GLOBAL~1 GlobalSCAPE
    02-01-2007 14:46 <DIR> Google
    15-02-2003 02:54 <DIR> Help
    17-06-2005 13:06 <DIR> HP
    25-01-2005 01:27 <DIR> ICQ
    16-02-2006 14:28 <DIR> IDENTI~1 Identities
    02-11-2004 01:37 <DIR> Ipswitch
    10-02-2003 08:10 <DIR> Jasc
    12-08-2003 00:21 <DIR> KAZAAL~1 Kazaa Lite
    09-07-2006 21:05 <DIR> Lavasoft
    25-08-2004 23:14 <DIR> LEADER~1 Leadertech
    21-01-2007 16:42 <DIR> LIESCI~1 Lies City Does
    26-12-2003 14:18 <DIR> Lycos
    22-03-2005 09:26 <DIR> MACROM~1 Macromedia
    28-01-2003 11:23 <DIR> MICROS~2 Microsoft Web Folders
    31-08-2003 07:01 <DIR> NEROVI~1 NeroVision
    11-10-2006 20:25 <DIR> Real
    03-12-2003 00:13 <DIR> RHINOS~1.COM RhinoSoft.com
    31-12-2006 17:12 <DIR> Shareaza
    13-09-2003 17:06 <DIR> SmartFTP
    23-11-2003 17:29 <DIR> SSH
    15-03-2006 17:15 <DIR> Sun
    06-04-2006 10:14 <DIR> Symantec
    12-10-2005 18:12 <DIR> TEAMSP~1 teamspeak2
    01-09-2003 15:24 <DIR> Tenebril
    20-11-2005 20:21 <DIR> TRENDM~1 Trend Micro
    16-02-2006 14:28 <DIR> Zylom
    1 bestand(en) 19.944 bytes
    38 map(pen) 49.204.441.088 bytes beschikbaar
    De volumenaam van station C is Systeem
    Het volumenummer is E80C-EF7E

    Map van C:\Documents and Settings\All Users\Application Data

    13-12-2006 09:49 <DIR> Adobe
    13-03-2006 20:33 <DIR> APPLEC~1 Apple Computer
    30-11-2003 12:44 <DIR> CYBERL~1 CyberLink
    21-01-2007 16:36 <DIR> FILMPL~1 Filmplatformpartbias
    02-01-2007 16:18 <DIR> Google
    19-06-2005 09:10 2.192 HPZINS~1.LOG hpzinstall.log
    03-07-2005 10:37 <DIR> Ipswitch
    28-11-2005 10:00 <DIR> MESSEN~1 Messenger Plus!
    28-11-2006 08:32 <DIR> NVIDIA
    27-11-2006 09:41 <DIR> NVIEW_~1 nView_Profiles
    27-08-2006 09:27 1.359 QTSBAN~1 QTSBandwidthCache
    05-11-2003 02:47 <DIR> QUICKT~1 QuickTime
    17-02-2003 18:56 <DIR> Raxco
    06-03-2006 11:04 <DIR> SECTAS~1 SecTaskMan
    23-11-2005 17:24 <DIR> SPYBOT~1 Spybot - Search & Destroy
    06-04-2006 10:31 <DIR> Symantec
    28-07-2005 12:22 <DIR> WINDOW~1 Windows Genuine Advantage
    11-02-2006 23:10 <DIR> Zylom
    2 bestand(en) 3.551 bytes
    16 map(pen) 49.204.436.992 bytes beschikbaar
    ——————————————————–
  • mag ik een Hijackthis logje van je zien en vertel gelijk of je probleem al minder is.
  • Ik heb sinds gisteren dat probleem niet meer gehad. Hieronder het hijack log…………….

    Logfile of HijackThis v1.99.1
    Scan saved at 9:23:13, on 27-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Admin\Bureaublad\antispy\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.donvanvlietweb.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.donvanvlietweb.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.rott.chello.nl:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Stop pure] C:\DOCUME~1\Admin\APPLIC~1\LIESCI~1\BURN MP3.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: messenger.hotmail.com
    O15 - Trusted Zone: loginnet.passport.com
    O15 - Trusted Zone: memberservicesnet.passport.com
    O15 - Trusted Zone: login.passport.net
    O15 - Trusted Zone: memberservicesnet.passport.net
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com
    esource/download/scanner/wlscbase9602.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132684752187
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142360216609
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://69.213.66.54/TSWEB/msrdp.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[/color:f061ed2362]
  • Klik op Start -> (Settings) -> Configuratiescherm -> Software en verwijder het volgende programma:
    [b:01a7d26a6e]Messenger Plus[/b:01a7d26a6e] indien aanwezig.
    Deze mag later weer zonder sponsors worden geïnstalleerd




    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:01a7d26a6e]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKCU\..\Run: [Stop pure] C:\DOCUME~1\Admin\APPLIC~1\LIESCI~1\BURN MP3.exe
    [/b:01a7d26a6e]



    Klik op 'Fix checked' om de items te verwijderen.

    Open de verkenner ("Mijn Computer") en kies [b:01a7d26a6e]Extra[/b:01a7d26a6e] -> [b:01a7d26a6e]Mapopties…[/b:01a7d26a6e]
    Controleer onder [b:01a7d26a6e]Weergave[/b:01a7d26a6e] de volgende instellingen:

    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
    Uitzetten: Extensies voor bekende bestandstypen verbergen

    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
    Selecteer: Verborgen bestanden en mappen weergeven

    Verwijder de volgende directories:
    C:\DOCUME~1\Admin\APPLIC~1\[b:01a7d26a6e]LIESCI~1[/b:01a7d26a6e]\
    C:\Documents and Settings\All Users\Application Data\[b:01a7d26a6e]Filmplatformpartbias[/b:01a7d26a6e]
    C:\Documents and Settings\Admin\Application Data\[b:01a7d26a6e]Lies City Does[/b:01a7d26a6e]

    Download dit bestand: (dit heb je al gedaan maar voor onderstaande nogmaals aub)
    [b:01a7d26a6e]Deljob.exe[/b:01a7d26a6e]
    Plaats het op je bureaublad.
    Dubbelklik Deljob.exe.
    Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden
    op je bureaublad.
    Post de inhoud van [b:01a7d26a6e]logit.txt[/b:01a7d26a6e] in je volgende bericht.

    Het mapje C:\[b:01a7d26a6e]deljob [/b:01a7d26a6e]mag nu ook weg

    maak ook een nieuw HJT logje
  • Voor elkaar alleen het vreemde is dat ik messenger plus zonder sponsors heb geinstalleerd want dat doe doe ik altijd. De kat zal er wel weer aan gezeten hebben hahaha.
    Het logit textje……..

    ——————————————————–
    BACKUPS CREATED in C:\DELJOB

    AA19E42B918A980F.job
    ——————————————————–
    FILES IN TASKS FOLDER

    MP Scheduled Scan.job
    Norton AntiVirus - Volledige systeemscan uitvoeren - Admin.job
    ——————————————————–
    EXPORT APP DATA FOLDERS
    ——————————————————–
    De volumenaam van station C is Systeem
    Het volumenummer is E80C-EF7E

    Map van C:\Documents and Settings\Admin\Application Data

    13-12-2006 09:46 <DIR> Adobe
    15-01-2007 12:23 <DIR> AdobeUM
    04-11-2004 02:08 <DIR> Ahead
    31-10-2003 01:09 <DIR> ALADDI~1 Aladdin Systems
    19-03-2004 21:41 <DIR> AP
    13-03-2006 20:37 <DIR> APPLEC~1 Apple Computer
    01-04-2006 14:05 <DIR> Azureus
    23-08-2006 02:05 <DIR> CHESSB~1 ChessBase
    22-06-2005 21:05 <DIR> COMMON~1 Common Files
    09-11-2006 22:10 <DIR> DivX
    04-11-2006 19:01 <DIR> DOWNLO~1 Download Manager
    23-06-2003 22:14 19.944 GDIPFO~1.DAT GDIPFONTCACHEV1.DAT
    03-12-2003 08:59 <DIR> GLOBAL~1 GlobalSCAPE
    02-01-2007 14:46 <DIR> Google
    15-02-2003 02:54 <DIR> Help
    17-06-2005 13:06 <DIR> HP
    25-01-2005 01:27 <DIR> ICQ
    16-02-2006 14:28 <DIR> IDENTI~1 Identities
    02-11-2004 01:37 <DIR> Ipswitch
    10-02-2003 08:10 <DIR> Jasc
    12-08-2003 00:21 <DIR> KAZAAL~1 Kazaa Lite
    09-07-2006 21:05 <DIR> Lavasoft
    25-08-2004 23:14 <DIR> LEADER~1 Leadertech
    26-12-2003 14:18 <DIR> Lycos
    22-03-2005 09:26 <DIR> MACROM~1 Macromedia
    28-01-2003 11:23 <DIR> MICROS~2 Microsoft Web Folders
    31-08-2003 07:01 <DIR> NEROVI~1 NeroVision
    11-10-2006 20:25 <DIR> Real
    03-12-2003 00:13 <DIR> RHINOS~1.COM RhinoSoft.com
    31-12-2006 17:12 <DIR> Shareaza
    13-09-2003 17:06 <DIR> SmartFTP
    23-11-2003 17:29 <DIR> SSH
    15-03-2006 17:15 <DIR> Sun
    06-04-2006 10:14 <DIR> Symantec
    12-10-2005 18:12 <DIR> TEAMSP~1 teamspeak2
    01-09-2003 15:24 <DIR> Tenebril
    20-11-2005 20:21 <DIR> TRENDM~1 Trend Micro
    16-02-2006 14:28 <DIR> Zylom
    1 bestand(en) 19.944 bytes
    37 map(pen) 49.048.850.432 bytes beschikbaar
    De volumenaam van station C is Systeem
    Het volumenummer is E80C-EF7E

    Map van C:\Documents and Settings\All Users\Application Data

    13-12-2006 09:49 <DIR> Adobe
    13-03-2006 20:33 <DIR> APPLEC~1 Apple Computer
    30-11-2003 12:44 <DIR> CYBERL~1 CyberLink
    02-01-2007 16:18 <DIR> Google
    19-06-2005 09:10 2.192 HPZINS~1.LOG hpzinstall.log
    03-07-2005 10:37 <DIR> Ipswitch
    28-11-2006 08:32 <DIR> NVIDIA
    27-11-2006 09:41 <DIR> NVIEW_~1 nView_Profiles
    27-08-2006 09:27 1.359 QTSBAN~1 QTSBandwidthCache
    05-11-2003 02:47 <DIR> QUICKT~1 QuickTime
    17-02-2003 18:56 <DIR> Raxco
    06-03-2006 11:04 <DIR> SECTAS~1 SecTaskMan
    23-11-2005 17:24 <DIR> SPYBOT~1 Spybot - Search & Destroy
    06-04-2006 10:31 <DIR> Symantec
    28-07-2005 12:22 <DIR> WINDOW~1 Windows Genuine Advantage
    2 bestand(en) 3.551 bytes
    13 map(pen) 49.048.850.432 bytes beschikbaar
    ——————————————————– [/color:1dd34a1f4f]

    Het hjt logje………….

    Logfile of HijackThis v1.99.1
    Scan saved at 19:55:08, on 27-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Admin\Bureaublad\antispy\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.donvanvlietweb.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.donvanvlietweb.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.rott.chello.nl:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\Admin\LOCALS~1\Temp\MsgPlusUninst.bat"
    O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\Admin\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: messenger.hotmail.com
    O15 - Trusted Zone: loginnet.passport.com
    O15 - Trusted Zone: memberservicesnet.passport.com
    O15 - Trusted Zone: login.passport.net
    O15 - Trusted Zone: memberservicesnet.passport.net
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com
    esource/download/scanner/wlscbase9602.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132684752187
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142360216609
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://69.213.66.54/TSWEB/msrdp.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[/color:1dd34a1f4f]
  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:57b8a2103c]
    O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\Admin\LOCALS~1\Temp\MsgPlusUninst.bat"
    [/b:57b8a2103c]
    Klik op 'Fix checked' om de items te verwijderen.

    Alle gebruikte tools kan je in principe verwijderen.
    Als het goed is ben je van de infectie verlost.

    Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt

    Hier nog wat tips. tips



    Hier zijn wat tips. tips
  • Voor mekaar. Mijn dank is groot. :lol: :lol:
  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:97c378887f]
    O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\Admin\LOCALS~1\Temp\MsgPlusUninst.bat"
    [/b:97c378887f]
    Klik op 'Fix checked' om de items te verwijderen.

    Alle gebruikte tools kan je in principe verwijderen.
    Als het goed is ben je van de infectie verlost.

    Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt

    Hier nog wat tips. tips

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.