Vraag & Antwoord

Beveiliging & privacy

Combofix log!

10 antwoorden
  • Ik heb combofix gedraaid omdat ik nogal last heb van Casino popups enzo. Kan er iemand wijs uit? [b:6dd87ef247]"Admin" - 07-01-25 9:01:40 Service Pack 2 ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Admin\Bureaublad" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\INSTALL.LOG C:\WINDOWS\hosts C:\WINDOWS\secure32.html ((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 )))))))))))))))))))))))))))))))))) 2007-01-24 09:43 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2007-01-23 17:09 <DIR> dr-h----- C:\DOCUME~1\Admin\Onlangs geopend 2007-01-23 14:00 <DIR> d-------- C:\Program Files\Windows Defender 2007-01-21 16:36 <DIR> d-------- C:\Program Files\Lies City Does 2007-01-21 16:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Filmplatformpartbias 2007-01-21 16:36 <DIR> d-------- C:\DOCUME~1\Admin\Application Data\Lies City Does 2007-01-10 09:27 <DIR> d-------- C:\WINDOWS\ie7updates 2007-01-02 14:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google 2006-12-31 17:12 <DIR> d-------- C:\Program Files\Shareaza 2006-12-31 16:43 <DIR> d-------- C:\Program Files\eMule (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-25 08:05 -------- d-------- C:\Program Files\norton internet security 2007-01-25 08:05 -------- d-------- C:\Program Files\Common Files\symantec shared 2007-01-15 12:23 -------- d-------- C:\DOCUME~1\Admin\Application Data\adobeum 2007-01-10 09:45 -------- d-------- C:\Program Files\mirc 2007-01-02 16:18 -------- d-------- C:\Program Files\google 2007-01-02 14:46 -------- d-------- C:\DOCUME~1\Admin\Application Data\google 2006-12-31 17:12 -------- d-------- C:\DOCUME~1\Admin\Application Data\shareaza 2006-12-22 19:45 48776 --a------ C:\WINDOWS\system32\s32evnt1.dll 2006-12-22 19:45 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2006-12-22 19:45 -------- d-------- C:\Program Files\symantec 2006-12-19 19:14 -------- d-------- C:\Program Files\java 2006-12-15 00:24 -------- d-------- C:\Program Files\messenger plus! live 2006-12-13 10:23 -------- d-------- C:\Program Files\filezilla 2006-12-13 09:46 -------- d-------- C:\DOCUME~1\Admin\Application Data\adobe 2006-12-11 12:08 -------- d-------- C:\Program Files\Common Files\adobe 2006-12-11 12:07 -------- d--h----- C:\Program Files\installshield installation information 2006-12-11 11:59 210 --a------ C:\WINDOWS\system32\postinstall.cmd 2006-12-11 11:59 128 --a------ C:\WINDOWS\system32\batch.cmd 2006-12-06 17:09 -------- d-------- C:\Program Files\elaborate bytes 2006-12-05 17:05 -------- d-------- C:\Program Files\windows media connect 2 2006-11-29 08:47 73216 --a------ C:\WINDOWS\st6unst.exe 2006-11-29 08:47 249856 --------- C:\WINDOWS\setup1.exe 2006-11-29 08:47 -------- d-------- C:\Program Files\easytorrent 2006-11-18 19:59 3489238 --a------ C:\FileZilla_2_2_25_setup.exe 2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll 2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll 2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll 2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll 2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll 2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll 2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll 2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll 2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll 2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll 2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll 2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe 2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll 2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll 2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll 2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2006-11-06 11:35 531568 --a------ C:\WINDOWS\system32\rmactivate_isv.exe 2006-11-06 11:35 523376 --a------ C:\WINDOWS\system32\rmactivate.exe 2006-11-06 11:35 519280 --a------ C:\WINDOWS\system32\secproc_isv.dll 2006-11-06 11:35 518768 --a------ C:\WINDOWS\system32\secproc.dll 2006-11-06 11:35 358000 --a------ C:\WINDOWS\system32\rmactivate_ssp.exe 2006-11-06 11:35 354416 --a------ C:\WINDOWS\system32\rmactivate_ssp_isv.exe 2006-11-06 11:35 323696 --a------ C:\WINDOWS\system32\msdrm.dll 2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\secproc_ssp_isv.dll 2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\secproc_ssp.dll 2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll 2006-11-02 23:35 8271872 --a------ C:\WINDOWS\system32\wmploc.dll 2006-11-02 22:53 99840 --a------ C:\WINDOWS\system32\wmpshell.dll 2006-11-02 22:52 257536 --a------ C:\WINDOWS\system32\wmerror.dll 2006-11-02 22:50 7680 --a------ C:\WINDOWS\system32\asferror.dll 2006-11-02 11:52 42496 --------- C:\WINDOWS\system32\wpdshextres.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" "Stop pure"="C:\\DOCUME~1\\Admin\\APPLIC~1\\LIESCI~1\\BURN MP3.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.EXE" "Logitech Utility"="Logi_MwX.Exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "SRUUninstall"="\"C:\\WINDOWS\\System32\\msiexec.exe\" /L*v C:\\WINDOWS\\TEMP\\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce] "SRUUninstall"="\"C:\\WINDOWS\\System32\\msiexec.exe\" /L*v C:\\WINDOWS\\TEMP\\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Adobe Reader Snelle start.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Snelle start.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Snelle start" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CloneCDTray" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook" "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard" "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoColorChoice"=dword:00000000 "NoSizeChoice"=dword:00000000 "NoDispScrSavPage"=dword:00000000 "NoDispCPL"=dword:00000000 "NoVisualStyleChoice"=dword:00000000 "NoDispSettingsPage"=dword:00000000 "NoDispBackgroundPage"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSaveSettings"=dword:00000000 "NoThemesTab"=dword:00000000 "NoActiveDesktopChanges"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AA19E42B918A980F.job C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Admin.job Completion time: 07-01-25 9:07:58[/b:6dd87ef247]
  • Download dit bestand: [url=http://members.lycos.nl/deljob/][b:e84cc056d4]Deljob.exe[/b:e84cc056d4][/url] Plaats het op je bureaublad. Dubbelklik Deljob.exe. Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad. Post de inhoud van [b:e84cc056d4]logit.txt[/b:e84cc056d4] in je volgende bericht. plaats een HJT logje aub en niet een combofix.
  • Zoals je vroeg de inhoud van [b:49e9c2c649]Logit.txt[/b:49e9c2c649] -------------------------------------------------------- BACKUPS CREATED in C:\DELJOB AA19E42B918A980F.job -------------------------------------------------------- FILES IN TASKS FOLDER MP Scheduled Scan.job Norton AntiVirus - Volledige systeemscan uitvoeren - Admin.job -------------------------------------------------------- EXPORT APP DATA FOLDERS -------------------------------------------------------- De volumenaam van station C is Systeem Het volumenummer is E80C-EF7E Map van C:\Documents and Settings\Admin\Application Data 13-12-2006 09:46 <DIR> Adobe 15-01-2007 12:23 <DIR> AdobeUM 04-11-2004 02:08 <DIR> Ahead 31-10-2003 01:09 <DIR> ALADDI~1 Aladdin Systems 19-03-2004 21:41 <DIR> AP 13-03-2006 20:37 <DIR> APPLEC~1 Apple Computer 01-04-2006 14:05 <DIR> Azureus 23-08-2006 02:05 <DIR> CHESSB~1 ChessBase 22-06-2005 21:05 <DIR> COMMON~1 Common Files 09-11-2006 22:10 <DIR> DivX 04-11-2006 19:01 <DIR> DOWNLO~1 Download Manager 23-06-2003 22:14 19.944 GDIPFO~1.DAT GDIPFONTCACHEV1.DAT 03-12-2003 08:59 <DIR> GLOBAL~1 GlobalSCAPE 02-01-2007 14:46 <DIR> Google 15-02-2003 02:54 <DIR> Help 17-06-2005 13:06 <DIR> HP 25-01-2005 01:27 <DIR> ICQ 16-02-2006 14:28 <DIR> IDENTI~1 Identities 02-11-2004 01:37 <DIR> Ipswitch 10-02-2003 08:10 <DIR> Jasc 12-08-2003 00:21 <DIR> KAZAAL~1 Kazaa Lite 09-07-2006 21:05 <DIR> Lavasoft 25-08-2004 23:14 <DIR> LEADER~1 Leadertech 21-01-2007 16:42 <DIR> LIESCI~1 Lies City Does 26-12-2003 14:18 <DIR> Lycos 22-03-2005 09:26 <DIR> MACROM~1 Macromedia 28-01-2003 11:23 <DIR> MICROS~2 Microsoft Web Folders 31-08-2003 07:01 <DIR> NEROVI~1 NeroVision 11-10-2006 20:25 <DIR> Real 03-12-2003 00:13 <DIR> RHINOS~1.COM RhinoSoft.com 31-12-2006 17:12 <DIR> Shareaza 13-09-2003 17:06 <DIR> SmartFTP 23-11-2003 17:29 <DIR> SSH 15-03-2006 17:15 <DIR> Sun 06-04-2006 10:14 <DIR> Symantec 12-10-2005 18:12 <DIR> TEAMSP~1 teamspeak2 01-09-2003 15:24 <DIR> Tenebril 20-11-2005 20:21 <DIR> TRENDM~1 Trend Micro 16-02-2006 14:28 <DIR> Zylom 1 bestand(en) 19.944 bytes 38 map(pen) 49.204.441.088 bytes beschikbaar De volumenaam van station C is Systeem Het volumenummer is E80C-EF7E Map van C:\Documents and Settings\All Users\Application Data 13-12-2006 09:49 <DIR> Adobe 13-03-2006 20:33 <DIR> APPLEC~1 Apple Computer 30-11-2003 12:44 <DIR> CYBERL~1 CyberLink 21-01-2007 16:36 <DIR> FILMPL~1 Filmplatformpartbias 02-01-2007 16:18 <DIR> Google 19-06-2005 09:10 2.192 HPZINS~1.LOG hpzinstall.log 03-07-2005 10:37 <DIR> Ipswitch 28-11-2005 10:00 <DIR> MESSEN~1 Messenger Plus! 28-11-2006 08:32 <DIR> NVIDIA 27-11-2006 09:41 <DIR> NVIEW_~1 nView_Profiles 27-08-2006 09:27 1.359 QTSBAN~1 QTSBandwidthCache 05-11-2003 02:47 <DIR> QUICKT~1 QuickTime 17-02-2003 18:56 <DIR> Raxco 06-03-2006 11:04 <DIR> SECTAS~1 SecTaskMan 23-11-2005 17:24 <DIR> SPYBOT~1 Spybot - Search & Destroy 06-04-2006 10:31 <DIR> Symantec 28-07-2005 12:22 <DIR> WINDOW~1 Windows Genuine Advantage 11-02-2006 23:10 <DIR> Zylom 2 bestand(en) 3.551 bytes 16 map(pen) 49.204.436.992 bytes beschikbaar --------------------------------------------------------
  • mag ik een Hijackthis logje van je zien en vertel gelijk of je probleem al minder is.
  • Ik heb sinds gisteren dat probleem niet meer gehad. Hieronder het hijack log................ [color=blue:f061ed2362]Logfile of HijackThis v1.99.1 Scan saved at 9:23:13, on 27-1-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Admin\Bureaublad\antispy\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.donvanvlietweb.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.donvanvlietweb.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.rott.chello.nl:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Stop pure] C:\DOCUME~1\Admin\APPLIC~1\LIESCI~1\BURN MP3.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: messenger.hotmail.com O15 - Trusted Zone: loginnet.passport.com O15 - Trusted Zone: memberservicesnet.passport.com O15 - Trusted Zone: login.passport.net O15 - Trusted Zone: memberservicesnet.passport.net O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132684752187 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142360216609 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://69.213.66.54/TSWEB/msrdp.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[/color:f061ed2362]
  • Klik op Start -> (Settings) -> Configuratiescherm -> Software en verwijder het volgende programma: [b:01a7d26a6e]Messenger Plus[/b:01a7d26a6e] indien aanwezig. Deze mag later weer zonder sponsors worden geïnstalleerd Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:01a7d26a6e] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O4 - HKCU\..\Run: [Stop pure] C:\DOCUME~1\Admin\APPLIC~1\LIESCI~1\BURN MP3.exe [/b:01a7d26a6e] [/b] Klik op 'Fix checked' om de items te verwijderen. Open de verkenner ("Mijn Computer") en kies [b:01a7d26a6e]Extra[/b:01a7d26a6e] -> [b:01a7d26a6e]Mapopties...[/b:01a7d26a6e] Controleer onder [b:01a7d26a6e]Weergave[/b:01a7d26a6e] de volgende instellingen: Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen) Uitzetten: Extensies voor bekende bestandstypen verbergen Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP) Selecteer: Verborgen bestanden en mappen weergeven Verwijder de volgende directories: C:\DOCUME~1\Admin\APPLIC~1\[b:01a7d26a6e]LIESCI~1[/b:01a7d26a6e]\ C:\Documents and Settings\All Users\Application Data\[b:01a7d26a6e]Filmplatformpartbias[/b:01a7d26a6e] C:\Documents and Settings\Admin\Application Data\[b:01a7d26a6e]Lies City Does[/b:01a7d26a6e] Download dit bestand: (dit heb je al gedaan maar voor onderstaande nogmaals aub) [url=http://members.lycos.nl/deljob/][b:01a7d26a6e]Deljob.exe[/b:01a7d26a6e][/url] Plaats het op je bureaublad. Dubbelklik Deljob.exe. Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad. Post de inhoud van [b:01a7d26a6e]logit.txt[/b:01a7d26a6e] in je volgende bericht. Het mapje C:\[b:01a7d26a6e]deljob [/b:01a7d26a6e]mag nu ook weg maak ook een nieuw HJT logje
  • Voor elkaar alleen het vreemde is dat ik messenger plus zonder sponsors heb geinstalleerd want dat doe doe ik altijd. De kat zal er wel weer aan gezeten hebben hahaha. Het logit textje........ [color=blue:1dd34a1f4f]-------------------------------------------------------- BACKUPS CREATED in C:\DELJOB AA19E42B918A980F.job -------------------------------------------------------- FILES IN TASKS FOLDER MP Scheduled Scan.job Norton AntiVirus - Volledige systeemscan uitvoeren - Admin.job -------------------------------------------------------- EXPORT APP DATA FOLDERS -------------------------------------------------------- De volumenaam van station C is Systeem Het volumenummer is E80C-EF7E Map van C:\Documents and Settings\Admin\Application Data 13-12-2006 09:46 <DIR> Adobe 15-01-2007 12:23 <DIR> AdobeUM 04-11-2004 02:08 <DIR> Ahead 31-10-2003 01:09 <DIR> ALADDI~1 Aladdin Systems 19-03-2004 21:41 <DIR> AP 13-03-2006 20:37 <DIR> APPLEC~1 Apple Computer 01-04-2006 14:05 <DIR> Azureus 23-08-2006 02:05 <DIR> CHESSB~1 ChessBase 22-06-2005 21:05 <DIR> COMMON~1 Common Files 09-11-2006 22:10 <DIR> DivX 04-11-2006 19:01 <DIR> DOWNLO~1 Download Manager 23-06-2003 22:14 19.944 GDIPFO~1.DAT GDIPFONTCACHEV1.DAT 03-12-2003 08:59 <DIR> GLOBAL~1 GlobalSCAPE 02-01-2007 14:46 <DIR> Google 15-02-2003 02:54 <DIR> Help 17-06-2005 13:06 <DIR> HP 25-01-2005 01:27 <DIR> ICQ 16-02-2006 14:28 <DIR> IDENTI~1 Identities 02-11-2004 01:37 <DIR> Ipswitch 10-02-2003 08:10 <DIR> Jasc 12-08-2003 00:21 <DIR> KAZAAL~1 Kazaa Lite 09-07-2006 21:05 <DIR> Lavasoft 25-08-2004 23:14 <DIR> LEADER~1 Leadertech 26-12-2003 14:18 <DIR> Lycos 22-03-2005 09:26 <DIR> MACROM~1 Macromedia 28-01-2003 11:23 <DIR> MICROS~2 Microsoft Web Folders 31-08-2003 07:01 <DIR> NEROVI~1 NeroVision 11-10-2006 20:25 <DIR> Real 03-12-2003 00:13 <DIR> RHINOS~1.COM RhinoSoft.com 31-12-2006 17:12 <DIR> Shareaza 13-09-2003 17:06 <DIR> SmartFTP 23-11-2003 17:29 <DIR> SSH 15-03-2006 17:15 <DIR> Sun 06-04-2006 10:14 <DIR> Symantec 12-10-2005 18:12 <DIR> TEAMSP~1 teamspeak2 01-09-2003 15:24 <DIR> Tenebril 20-11-2005 20:21 <DIR> TRENDM~1 Trend Micro 16-02-2006 14:28 <DIR> Zylom 1 bestand(en) 19.944 bytes 37 map(pen) 49.048.850.432 bytes beschikbaar De volumenaam van station C is Systeem Het volumenummer is E80C-EF7E Map van C:\Documents and Settings\All Users\Application Data 13-12-2006 09:49 <DIR> Adobe 13-03-2006 20:33 <DIR> APPLEC~1 Apple Computer 30-11-2003 12:44 <DIR> CYBERL~1 CyberLink 02-01-2007 16:18 <DIR> Google 19-06-2005 09:10 2.192 HPZINS~1.LOG hpzinstall.log 03-07-2005 10:37 <DIR> Ipswitch 28-11-2006 08:32 <DIR> NVIDIA 27-11-2006 09:41 <DIR> NVIEW_~1 nView_Profiles 27-08-2006 09:27 1.359 QTSBAN~1 QTSBandwidthCache 05-11-2003 02:47 <DIR> QUICKT~1 QuickTime 17-02-2003 18:56 <DIR> Raxco 06-03-2006 11:04 <DIR> SECTAS~1 SecTaskMan 23-11-2005 17:24 <DIR> SPYBOT~1 Spybot - Search & Destroy 06-04-2006 10:31 <DIR> Symantec 28-07-2005 12:22 <DIR> WINDOW~1 Windows Genuine Advantage 2 bestand(en) 3.551 bytes 13 map(pen) 49.048.850.432 bytes beschikbaar -------------------------------------------------------- [/color:1dd34a1f4f] Het hjt logje............. [color=blue:1dd34a1f4f]Logfile of HijackThis v1.99.1 Scan saved at 19:55:08, on 27-1-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\notepad.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Admin\Bureaublad\antispy\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.donvanvlietweb.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.donvanvlietweb.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.rott.chello.nl:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\Admin\LOCALS~1\Temp\MsgPlusUninst.bat" O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\Admin\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: messenger.hotmail.com O15 - Trusted Zone: loginnet.passport.com O15 - Trusted Zone: memberservicesnet.passport.com O15 - Trusted Zone: login.passport.net O15 - Trusted Zone: memberservicesnet.passport.net O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132684752187 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142360216609 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://69.213.66.54/TSWEB/msrdp.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[/color:1dd34a1f4f]
  • Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:57b8a2103c] O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\Admin\LOCALS~1\Temp\MsgPlusUninst.bat" [/b:57b8a2103c] Klik op 'Fix checked' om de items te verwijderen. Alle gebruikte tools kan je in principe verwijderen. Als het goed is ben je van de infectie verlost. Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen. - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel". - Zet een vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Windows vraagt of je dat zeker weet. - Klik "Ja". - Klik "OK". - Start de pc opnieuw op. - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?" - Klik "Ja". - Verwijder het vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Klik "OK". - Start de pc opnieuw op - Er is nu een nieuw schoon herstel punt aangemaakt Hier nog wat tips. [url=http://www.jawwi.nl/tips/beveiligen.html]tips[/url] Hier zijn wat tips. [url="http://www.jawwi.nl/tips/beveiligen.html"]tips[/url]
  • Voor mekaar. Mijn dank is groot. :lol: :lol:
  • [quote="juisterr"]Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:97c378887f] O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\Admin\LOCALS~1\Temp\MsgPlusUninst.bat" [/b:97c378887f] Klik op 'Fix checked' om de items te verwijderen. Alle gebruikte tools kan je in principe verwijderen. Als het goed is ben je van de infectie verlost. Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen. - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel". - Zet een vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Windows vraagt of je dat zeker weet. - Klik "Ja". - Klik "OK". - Start de pc opnieuw op. - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?" - Klik "Ja". - Verwijder het vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Klik "OK". - Start de pc opnieuw op - Er is nu een nieuw schoon herstel punt aangemaakt Hier nog wat tips. [url=http://www.jawwi.nl/tips/beveiligen.html]tips[/url]

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.