Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

vreemde pop-ups

None
16 antwoorden
  • Hallo,

    Ik krijg de laatste tijd steeds vreemde pop-ups (met XXX materiaal). Ik heb Adaware en Spybot al laten lopen, dat levert niets op. Als ik een HijackThis wil doen, kan ik niet een logje saven. Het verdwijnt meteen weer. Hoe kan dat?
    Heb WinXP Pro met alle updates etc. Wie kan mij helpen?
    Bij voorbaat dank,

    sjouke
  • Download reglooks.exe
    Plaats het op je bureaublad.
    Dubbelklik op reglooks.exe, doe verder niets en wacht tot er een logfile opent. Post de inhoud van deze logfile.
  • Hallo,

    Bedankt voor de hulp. Ik heb dit programmaatje laten lopen en hieronder volgt de lofile. Ik had ondertussen SpySweeper ook laten scannen en die vond enige spyware. Daardoor kan ik ook ineens weer een HijackThis log saven. Die volgt daaronder.
    Ik kan eerst donderdag weer "repareren". Bij voorbaat dank voor het nakijken. De pop-up verschijnt nog steeds.

    Sjouke



    REGLOOKS logfile

    version 0.960
    10.04.2007 20:53:49.93
    running from: "C:\Documents and Settings\Sjouke Hoving\Desktop"

    — SSODL regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    only standard or legit regkeys found


    — STS regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    only standard or legit regkeys found


    — USERINIT regkey —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"


    — SHELL regkey —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    "Shell"="Explorer.exe"


    — SYSTEM regkey —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    "System"=""


    — APPINIT_DLLS regkey —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
    "AppInit_DLLs"=""


    — NOTIFY regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    "jkkjhee" "DllName"="jkkjhee.dll"
    "mlljg" "DllName"="C:\\WINDOWS\\system32\\mlljg.dll"
    "WRNotifier" "DllName"="WRLogonNTF.dll"


    — RUN / LOAD regkeys —

    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
    "load"=""


    — BOOTEXECUTE regkey —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
    BootExecute= autocheck autochk *\0\0


    — SHELLEXECUTEHOOKS regkey —

    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{7F5FFCB8-4838-43CD-80EA-A7EC9C744281}"=""


    — AUTORUN regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
    "AutoRun"=""


    — HKLM\Run regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="\"nwiz.exe\" /installquiet"
    "NVHotkey"="\"rundll32.exe\" nvHotkey.dll,Start"
    "SigmatelSysTrayApp"="stsystra.exe"
    "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
    "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
    "SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
    "Dell QuickSet"="\"C:\\Program Files\\Dell\\QuickSet\\quickset.exe\""
    "SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
    [Run\OptionalComponents]
    [Run\OptionalComponents\IMAIL]
    "Installed"="1"
    [Run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"
    [Run\OptionalComponents\MSFS]
    "Installed"="1"


    — HKLM\RunOnce regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    no HKLM RunOnce keys found


    — HKLM\RunOnceEx regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    no HKLM RunOnceEx keys found


    — HKLM\RunServices regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    no HKLM RunServices keys found


    — HKLM\RunServicesOnce regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
    regkey does not exist


    — HKCU\Run regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""


    — HKCU\RunOnce regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    no HKCU RunOnce keys found


    — HKCU\RunOnceEx regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    no HKCU RunOnceEx keys found


    — HKCU\RunServices regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    no HKCU RunServices keys found


    — HKCU\RunServicesOnce regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
    regkey does not exist


    — HKU\.DEFAULT\Run regkeys —

    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"


    — HKU\S-1-5-18\Run regkeys —

    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"


    — HKU\S-1-5-19\Run regkeys —

    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"


    — HKU\S-1-5-20\Run regkeys —

    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"


    — HKLM\Explorer\Run regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    regkey does not exist


    — HKCU\Explorer\Run regkeys —

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    regkey does not exist


    — Image File Execution regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
    no debuggers found


    — BROWSER HELPER OBJECTS regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" regkey not found (ERROR)
    "{53707962-6F74-2D53-2644-206D7942484F}" FILE ="C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll"
    "{6785976E-2714-4920-9E89-FEC988C606F4}" FILE ="C:\\WINDOWS\\system32\\mlljg.dll"
    "{67C55A8D-E808-4caa-9EA7-F77102DE0BB6}" FILE ="C:\\WINDOWS\\system32\\cibqsecx.dll"
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\ssv.dll"
    "{7F5FFCB8-4838-43CD-80EA-A7EC9C744281}" FILE ="C:\\WINDOWS\\system32\\jkkjhee.dll"
    "{9ECB9560-04F9-4bbc-943D-298DDF1699E1}" FILE ="C:\\Program Files\\Common Files\\Symantec Shared\\AdBlocking\\NISShExt.dll"
    "{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}" FILE ="C:\\Program Files\\Norton Internet Security\\Norton AntiVirus\\NavShExt.dll"


    — TOOLBAR regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
    "{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}" FILE ="C:\\Program Files\\Common Files\\Symantec Shared\\AdBlocking\\NISShExt.dll"
    "{C4069E3A-68F1-403E-B40E-20066696354B}" FILE ="C:\\Program Files\\Norton Internet Security\\Norton AntiVirus\\NavShExt.dll"


    — URLSEARCHHOOKS regkeys —

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
    only standard regkeys found


    — SRCEENSAVER regkey —

    HKEY_CURRENT_USER\Control Panel\Desktop
    "SCRNSAVE.EXE"="C:\\WINDOWS\\System32\\TELETE~1.SCR"


    — CONTEXTMENUHANDLERS regkeys —

    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
    "Cover Designer" CLSID ={73FCA462-9BD5-4065-A73F-A8E5F6904EF7} FILE ="C:\\Program Files\\Nero\\Nero 7\\Nero CoverDesigner\\CoverEdExtension.dll"
    "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
    "Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll
    "Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
    "Symantec.Norton.Antivirus.IEContextMenu" CLSID ={FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} FILE ="C:\\Program Files\\Norton Internet Security\\Norton AntiVirus\\NavShExt.dll"
    "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"
    "{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll

    HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers
    "EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
    "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
    "Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll"
    "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"

    HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers
    "SpySweeper" CLSID ={7C9D5882-CB4A-4090-96C8-430BFE8B795B} FILE ="C:\\PROGRA~1\\Webroot\\SPYSWE~1\\SSCtxMnu.dll"
    "Symantec.Norton.Antivirus.IEContextMenu" CLSID ={FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} FILE ="C:\\Program Files\\Norton Internet Security\\Norton AntiVirus\\NavShExt.dll"
    "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"


    — ALTERNATESHELL regkey —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
    "AlternateShell"="cmd.exe"


    — SAFEBOOT MINIMAL SERVICES —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
    no unknown services found


    — SAFEBOOT NETWORK SERVICES —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
    no unknown services found


    — SERVICES —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdobeActiveFileMonitor5.0
    "DisplayName"="Adobe Active File Monitor V5"
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AegisP
    "DisplayName"="AEGIS Protocol (IEEE 802.1x) v3.6.0.0"
    system32\DRIVERS\AegisP.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AnyDVD
    "DisplayName"="AnyDVD"
    System32\Drivers\AnyDVD.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APPDRV
    "DisplayName"="APPDRV"
    \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Automatisches LiveUpdate - Scheduler
    "DisplayName"="Automatisches LiveUpdate - Scheduler"
    "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BANTExt
    "DisplayName"="Belarc SMBios Access"
    \SystemRoot\System32\Drivers\BANTExt.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bcm4sbxp
    "DisplayName"="Broadcom 440x 10/100 Integrated Controller XP Driver"
    system32\DRIVERS\bcm4sbxp.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btaudio
    "DisplayName"="Bluetooth-Audiogerät"
    system32\drivers\btaudio.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTDriver
    "DisplayName"="Virtueller Bluetooth-Kommunikationstreiber"
    system32\DRIVERS\btport.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTKRNL
    "DisplayName"="Bluetooth-Bus-Enumerator"
    system32\DRIVERS\btkrnl.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTSERIAL
    "DisplayName"="Bluetooth Serial Driver"
    \??\C:\WINDOWS\system32\drivers\btserial.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwdins
    "DisplayName"="Bluetooth Service"
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTWDNDIS
    "DisplayName"="Bluetooth-LAN-Zugangsserver"
    system32\DRIVERS\btwdndis.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwhid
    system32\DRIVERS\btwhid.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwmodem
    "DisplayName"="Bluetooth-Modem"
    system32\DRIVERS\btwmodem.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTWUSB
    "DisplayName"="WIDCOMM USB Bluetooth Driver"
    System32\Drivers\btwusb.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccEvtMgr
    "DisplayName"="Symantec Event Manager"
    "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccISPwdSvc
    "DisplayName"="Symantec Internet Security Password Validation"
    "C:\Program Files\Norton Internet Security\ccPwdSvc.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccProxy
    "DisplayName"="Symantec Network Proxy"
    "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccSetMgr
    "DisplayName"="Symantec Settings Manager"
    "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\comHost
    "DisplayName"="COM Host"
    "C:\Program Files\Norton Internet Security\comHost.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eeCtrl
    "DisplayName"="Symantec Eraser Control driver"
    \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ElbyCDFL
    "DisplayName"="ElbyCDFL"
    System32\Drivers\ElbyCDFL.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ElbyCDIO
    "DisplayName"="ElbyCDIO Driver"
    System32\Drivers\ElbyCDIO.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ElbyDelay
    "DisplayName"="ElbyDelay"
    System32\Drivers\ElbyDelay.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EraserUtilRebootDrv
    "DisplayName"="EraserUtilRebootDrv"
    \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EvtEng
    "DisplayName"="Intel(R) PROSet/Wireless Event Log"
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gusvc
    "DisplayName"="Google Updater Service"
    "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HDAudBus
    "DisplayName"="Microsoft UAA Bus Driver for High Definition Audio"
    system32\DRIVERS\HDAudBus.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidUsb
    "DisplayName"="Microsoft HID Class Driver"
    system32\DRIVERS\hidusb.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HPZid412
    "DisplayName"="IEEE-1284.4 Driver HPZid412"
    system32\DRIVERS\HPZid412.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HPZipr12
    "DisplayName"="Print Class Driver for IEEE-1284.4 HPZipr12"
    system32\DRIVERS\HPZipr12.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HPZius12
    "DisplayName"="USB to IEEE-1284.4 Translation Driver HPZius12"
    system32\DRIVERS\HPZius12.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HSFHWAZL
    system32\DRIVERS\HSFHWAZL.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HSF_DPV
    system32\DRIVERS\HSF_DPV.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelppm
    "DisplayName"="Intel Processor Driver"
    System32\DRIVERS\intelppm.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid
    "DisplayName"="Keyboard HID Driver"
    system32\DRIVERS\kbdhid.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LiveUpdate
    "DisplayName"="LiveUpdate"
    "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid
    "DisplayName"="Mouse HID Driver"
    System32\DRIVERS\mouhid.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    avapsvc
    "DisplayName"="Norton AntiVirus Auto-Protect-Dienst"
    "C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NAVENG
    "DisplayName"="NAVENG"
    \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070410.022\NAVENG.Sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NAVEX15
    "DisplayName"="NAVEX15"
    \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070410.022\NavEx15.Sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NBService
    "DisplayName"="NBService"
    C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETw3x32
    "DisplayName"="Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows XP 32 Bit"
    system32\DRIVERS\NETw3x32.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NMIndexingService
    "DisplayName"="NMIndexingService"
    "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NSCService
    "DisplayName"="Norton Protection Center Service"
    "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Pml Driver HPZ12
    "DisplayName"="Pml Driver HPZ12"
    C:\WINDOWS\system32\HPZipm12.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PxHelp20
    "DisplayName"="PxHelp20"
    System32\Drivers\PxHelp20.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RegSrvc
    "DisplayName"="Intel(R) PROSet/Wireless Registry Service"
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
    "DisplayName"="Remote Registry"
    %SystemRoot%\system32\svchost.exe -k LocalService

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\S24EventMonitor
    "DisplayName"="Intel(R) PROSet/Wireless Service"
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s24trans
    "DisplayName"="WLAN-Transport"
    system32\DRIVERS\s24trans.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVRT
    "DisplayName"="SAVRT"
    \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVRTPEL
    "DisplayName"="SAVRTPEL"
    \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVScan
    "DisplayName"="Symantec AVScan"
    "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ScsiPort
    %SystemRoot%\system32\drivers\scsiport.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sdbus
    System32\DRIVERS\sdbus.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNDSrvc
    "DisplayName"="Symantec Network Drivers Service"
    "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBBCDrv
    "DisplayName"="SPBBCDrv"
    \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBBCSvc
    "DisplayName"="Symantec SPBBCSvc"
    "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSFS0509
    "DisplayName"="Spy Sweeper File System Filer Driver: 0509"
    SYSTEM32\Drivers\SSFS0509.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSHRMD
    "DisplayName"="Spy Sweeper Hookrack MiniDriver"
    SYSTEM32\Drivers\SSHRMD.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSIDRV
    "DisplayName"="Spy Sweeper Interdiction Driver"
    SYSTEM32\Drivers\SSIDRV.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSKBFD
    "DisplayName"="Webroot Spy Sweeper Keylogger Shield Keyboard Filter"
    System32\Drivers\sskbfd.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\STHDA
    "DisplayName"="SigmaTel High Definition Audio CODEC"
    system32\drivers\sthda.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swwd
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Symantec Core LC
    "DisplayName"="Symantec Core LC"
    "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMDNS
    \SystemRoot\System32\Drivers\SYMDNS.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SymEvent
    \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMFW
    \SystemRoot\System32\Drivers\SYMFW.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMIDS
    \SystemRoot\System32\Drivers\SYMIDS.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMIDSCO
    \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20070405.003\symidsco.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\symlcbrd
    "DisplayName"="symlcbrd"
    \??\C:\WINDOWS\system32\drivers\symlcbrd.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMNDIS
    \SystemRoot\System32\Drivers\SYMNDIS.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMREDRV
    \SystemRoot\System32\Drivers\SYMREDRV.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMTDI
    "DisplayName"="SYMTDI"
    \SystemRoot\System32\Drivers\SYMTDI.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SynPS2Enable
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbccgp
    "DisplayName"="Microsoft USB Generic Parent Driver"
    system32\DRIVERS\usbccgp.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbprint
    "DisplayName"="Microsoft USB PRINTER Class"
    system32\DRIVERS\usbprint.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbscan
    "DisplayName"="USB Scanner Driver"
    system32\DRIVERS\usbscan.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VXD
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebrootSpySweeperService
    "DisplayName"="Webroot Spy Sweeper Engine"
    "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winachsf
    system32\DRIVERS\HSF_CNXT.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WLANKEEPER
    "DisplayName"="Intel(R) PROSet/Wireless SSO Service"
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi
    "DisplayName"="Windows Management Instrumentation Driver Extensions"
    %SystemRoot%\System32\svchost.exe -k netsvcs

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiAcpi
    "DisplayName"="Microsoft Windows Management Interface for ACPI"
    System32\DRIVERS\wmiacpi.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WpdUsb
    "DisplayName"="WpdUsb"
    system32\DRIVERS\wpdusb.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{264F368C-E941-46CA-A814-6159726E5C68}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{7FAA19EF-5B8C-4E00-936D-8690A32506FA}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{900A5B8E-9C07-417F-88DD-92639F0FDE8D}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{B920C862-0615-427F-BB7E-C800F8D3925F}
    no imagepath value found


    — SECURITYPROVIDERS regkey —

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    — SVCHOST regkey —

    HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost
    LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService: DnsCache\0\0
    netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0TermService\0wuauserv\0BITS\0ShellHWDetection\0helpsvc\0xmlprov\0wscsvc\0WmdmPmSN\0\0
    rpcss: RpcSs\0\0
    imgsvc: StiSvc\0\0
    termsvcs: TermService\0\0
    HTTPFilter: HTTPFilter\0\0
    DcomLaunch: DcomLaunch\0TermService\0\0
    WudfServiceGroup: WUDFSvc\0\0


    — WOW-CMDLINE regkeys —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
    "cmdline" = %SystemRoot%\system32
    tvdm.exe
    "wowcmdline" = %SystemRoot%\system32
    tvdm.exe -a %SystemRoot%\system32\krnl386


    — STARTUP FOLDERS —

    C:\Documents and Settings\Sjouke Hoving\Start Menu\Programs\Startup\desktop.ini
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini


    — TASK SCHEDULER JOBS —

    C:\WINDOWS\tasks\Norton AntiVirus - Vollst„ndige Systemprfung ausfhren - Sjouke Hoving.job


    — File associations —

    .BAT files: ("%1" %*)
    .COM files: ("%1" %*)
    .EXE files: ("%1" %*)
    .HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
    .INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
    .INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
    .JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
    .PIF files: ("%1" %*)
    .REG files: (regedit.exe "%1";)
    .SCR files: ("%1" /S)
    .TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
    .VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)


    FINISHED

    Logfile of HijackThis v1.99.0
    Scan saved at 20:52:22, on 10.04.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Sjouke Hoving\Desktop\HijackThis\HijackThis.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6785976E-2714-4920-9E89-FEC988C606F4} - C:\WINDOWS\system32\mlljg.dll (file missing)
    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\cibqsecx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7F5FFCB8-4838-43CD-80EA-A7EC9C744281} - C:\WINDOWS\system32\jkkjhee.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
    O4 - HKLM\..\Run: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175759573296
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe Active File Monitor V5 - Unknown - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bluetooth Service - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norton Protection Center Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Symantec AVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe







  • Je gebruikt een oudere versie van HijackThis. Best dat je eerst update naar de nieuwste versie.
    Start HijackThis, Ga naar Config - Misc tools - Check for update online. Download de nieuwste versie, unzip het en plaats het in een eigen map (vb c:\hijackthis).
    (De nieuwste versie van HijackThis kan je ook hier downloaden).

    Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:573c2d5788]O2 - BHO: (no name) - {6785976E-2714-4920-9E89-FEC988C606F4} - C:\WINDOWS\system32\mlljg.dll (file missing)
    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\cibqsecx.dll
    O2 - BHO: (no name) - {7F5FFCB8-4838-43CD-80EA-A7EC9C744281} - C:\WINDOWS\system32\jkkjhee.dll[/b:573c2d5788]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Download [b:573c2d5788]VundoFix.exe[/b:573c2d5788] en plaats het op je bureaublad.
    Dubbelklik VundoFix.exe om het programma te starten.
    Klik op de knop [b:573c2d5788]Scan for Vundo[/b:573c2d5788].
    Als de scan klaar is, klik je op de knop "Remove Vundo".
    Er wordt gevraagd of je de bestanden wil verwijderen. Klik op "YES".
    Nadat je op de "YES" hebt geklikt, zullen de icoontjes op je bureaublad verdwijnen.
    Je krijgt een melding dat je PC zal afsluiten. Klik op "OK".
    Start je pc opnieuw.
    Post de inhoud van C:\vundofix.txt.
    Maak een nieuwe hijackthislog en post deze ook.
    [u:573c2d5788]Note:[/u:573c2d5788] Het is mogelijk dat vundofix een bestand gevonden heeft dat niet kon verwijderd worden.
    In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Klik op de knop "Scan for Vundo".
  • Hallo M@rc,
    Ik had vandaag toch nog even tijd om de aanwijzingen door te voeren. VundoFix heeft inderdaad een paar dingen verwijderd. Hier volgen de logs van VundoFix en een nieuwe HijackThis. Hoe ziet het er nu uit? Alvast bedankt voor alle hulp…

    Sjouke.


    VundoFix V6.3.19

    Checking Java version…

    Java version is 1.5.0.11

    Scan started at 15:44:48 11.04.2007

    Listing files found while scanning….

    C:\WINDOWS\system32\cibqsecx.dll
    C:\WINDOWS\system32\gjllm.bak1
    C:\WINDOWS\system32\gjllm.bak2
    C:\WINDOWS\system32\gjllm.ini
    C:\WINDOWS\system32\gjllm.ini2
    C:\WINDOWS\system32\gjllm.tmp
    C:\WINDOWS\system32\mlljg.dll
    C:\WINDOWS\system32\vtutq.dll

    Beginning removal…

    Attempting to delete C:\WINDOWS\system32\cibqsecx.dll
    C:\WINDOWS\system32\cibqsecx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjllm.bak1
    C:\WINDOWS\system32\gjllm.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjllm.bak2
    C:\WINDOWS\system32\gjllm.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjllm.ini
    C:\WINDOWS\system32\gjllm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjllm.ini2
    C:\WINDOWS\system32\gjllm.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjllm.tmp
    C:\WINDOWS\system32\gjllm.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtutq.dll
    C:\WINDOWS\system32\vtutq.dll Has been deleted!

    Performing Repairs to the registry.
    Done!


    Logfile of HijackThis v1.99.1
    Scan saved at 16:04:10, on 11.04.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Sjouke Hoving\Desktop\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6785976E-2714-4920-9E89-FEC988C606F4} - C:\WINDOWS\system32\mlljg.dll (file missing)
    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\cibqsecx.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7F5FFCB8-4838-43CD-80EA-A7EC9C744281} - C:\WINDOWS\system32\jkkjhee.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {B6D95299-A8CA-44CF-BBCA-E00862C56C46} - C:\WINDOWS\system32\vtutq.dll (file missing)
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
    O4 - HKLM\..\Run: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175759573296
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
    O20 - Winlogon Notify: jkkjhee - C:\WINDOWS\SYSTEM32\jkkjhee.dll
    O20 - Winlogon Notify: mlljg - C:\WINDOWS\system32\mlljg.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe



  • Dubbelklik VundoFix.exe om het programma te starten.
    Klik op de knop [b:29ac2a7db6]Scan for Vundo[/b:29ac2a7db6].
    Eenmaal de tool klaar is met scannen, controleer je of het volgende bestand voorkomt in de lijst van gevonden vundo files: (Indien alle bestanden voorkomen in de lijst, dan ga je verder met de fix vanaf het remove vundo gedeelte)
    [b:29ac2a7db6] C:\WINDOWS\system32\jkkjhee.dll[/b:29ac2a7db6]
    De bestanden die niet voorkomen in deze lijst voeg je op de volgende manier toe
    Rechtsklik je in het witte venster van Vundofix.
    Selecteer “Add More Files?” dat je in het menu zal zien. Dit zal een nieuw venster openen.
    In dat venster: Kopieer en plak je het volgende: [b:29ac2a7db6]C:\WINDOWS\system32\jkkjhee.dll[/b:29ac2a7db6]
    Wanneer je deze toegevoegd hebt, klik je op de knop "Add Files".
    Klik op de knop "Close Window".

    Remove vundo.
    Klik op de knop [b:29ac2a7db6]Remove Vundo[/b:29ac2a7db6].
    Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik nu op [b:29ac2a7db6]YES[/b:29ac2a7db6].
    Nadat je Yes hebt geklikt, zullen de icoontjes op je bureaublad verdwijnen tijdens het verwijderen van Vundo.
    Als de scan klaar is, klik je op de knop "Remove Vundo".
    Je krijgt een melding dat je PC zal afsluiten. Klik op "OK".
    Na de herstart post je de inhoud van C:\vundofix.txt.
    Maak een nieuwe hijackthislog en post deze ook.
    [u:29ac2a7db6]Note:[/u:29ac2a7db6] Het is mogelijk dat vundofix een bestand gevonden heeft dat niet kon verwijderd worden.
    In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Klik op de knop "Scan for Vundo".
  • Okay, ik heb de aanwijzingen gevolgd. Hier volgen de log files.

    sjouke


    VundoFix V6.3.19

    Checking Java version…

    Java version is 1.5.0.11

    Scan started at 16:33:49 12.04.2007

    Listing files found while scanning….

    C:\WINDOWS\system32\cdeeg.bak1
    C:\WINDOWS\system32\cdeeg.bak2
    C:\WINDOWS\system32\cdeeg.ini
    C:\WINDOWS\system32\cdeeg.ini2
    C:\WINDOWS\system32\cdeeg.tmp
    C:\WINDOWS\system32\cghrvrsu.ini
    C:\WINDOWS\system32\geedc.dll
    C:\WINDOWS\system32\usrvrhgc.dll

    Beginning removal…

    Attempting to delete C:\WINDOWS\system32\cdeeg.bak1
    C:\WINDOWS\system32\cdeeg.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cdeeg.bak2
    C:\WINDOWS\system32\cdeeg.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cdeeg.ini
    C:\WINDOWS\system32\cdeeg.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cdeeg.ini2
    C:\WINDOWS\system32\cdeeg.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cdeeg.tmp
    C:\WINDOWS\system32\cdeeg.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cghrvrsu.ini
    C:\WINDOWS\system32\cghrvrsu.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\geedc.dll
    C:\WINDOWS\system32\geedc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkjhee.dll
    C:\WINDOWS\system32\jkkjhee.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\usrvrhgc.dll
    C:\WINDOWS\system32\usrvrhgc.dll Has been deleted!

    Performing Repairs to the registry.
    Done!


    Logfile of HijackThis v1.99.1
    Scan saved at 16:49:27, on 12.04.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Documents and Settings\Sjouke Hoving\Desktop\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6785976E-2714-4920-9E89-FEC988C606F4} - (no file)
    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7F5FFCB8-4838-43CD-80EA-A7EC9C744281} - C:\WINDOWS\system32\jkkjhee.dll (file missing)
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {ABFA1730-C084-4541-B126-DF33CFE8570F} - C:\WINDOWS\system32\geedc.dll (file missing)
    O2 - BHO: (no name) - {B6D95299-A8CA-44CF-BBCA-E00862C56C46} - (no file)
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
    O4 - HKLM\..\Run: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\usrvrhgc.dll",setvm
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175759573296
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
    O20 - Winlogon Notify: mlljg - C:\WINDOWS\system32\mlljg.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe



  • Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:5edf826074]O2 - BHO: (no name) - {6785976E-2714-4920-9E89-FEC988C606F4} - (no file)
    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
    O2 - BHO: (no name) - {7F5FFCB8-4838-43CD-80EA-A7EC9C744281} - C:\WINDOWS\system32\jkkjhee.dll (file missing)
    O2 - BHO: (no name) - {ABFA1730-C084-4541-B126-DF33CFE8570F} - C:\WINDOWS\system32\geedc.dll (file missing)
    O2 - BHO: (no name) - {B6D95299-A8CA-44CF-BBCA-E00862C56C46} - (no file)
    O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\usrvrhgc.dll",setvm
    O20 - Winlogon Notify: mlljg - C:\WINDOWS\system32\mlljg.dll (file missing)[/b:5edf826074]

    Klik daarna op "Fix checked" en sluit HijackThis af.


    Herstart de computer.

    Start HijackThis opnieuw, maak een nieuwe log en post deze.
  • Nogmaals een log file… hoe ziet het er nu uit? Wat was nu de oorzaak?
    In ieder geval geweldig voor de hulp.

    sjouke

    Logfile of HijackThis v1.99.1
    Scan saved at 19:46:31, on 12.04.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Sjouke Hoving\Desktop\HijackThis\HijackThis.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7F5FFCB8-4838-43CD-80EA-A7EC9C744281} - (no file)
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
    O4 - HKLM\..\Run: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175759573296
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe



  • Je had last van een vundo-infectie.
    Cracksite bezocht soms??

    Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:37c5af350f]O2 - BHO: (no name) - {7F5FFCB8-4838-43CD-80EA-A7EC9C744281} - (no file)[/b:37c5af350f]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    De Java software op je computer is verouderd.
    Oudere versies hebben lekken die malware de kans geeft om zich te installeren.
    Voer eerst onderstaane stappen uit om Java te deïnstalleren en de nieuwste versie te installeren:
    * Download [b:37c5af350f]Java Runtime Environment (JRE) 6u1[/b:37c5af350f].
    [list:37c5af350f][*:37c5af350f]Scroll omlaag naar : "[i:37c5af350f]Java Runtime Environment (JRE) 6u1[/i:37c5af350f]".
    [*:37c5af350f]Klik op de "[b:37c5af350f]Download[/b:37c5af350f]" knop aan de rechterkant.
    [*:37c5af350f]Vink aan: "[b:37c5af350f][i:37c5af350f]Accept[/b:37c5af350f] License Agreement[/i:37c5af350f]".
    [*:37c5af350f]De pagina zal herladen.
    [*:37c5af350f]Klik op de link om [i:37c5af350f]Windows [b:37c5af350f]Offline[/b:37c5af350f] Installation[/i:37c5af350f] te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
    [*:37c5af350f]Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    [*:37c5af350f]Ga dan naar [b:37c5af350f]Start[/b:37c5af350f] > [b:37c5af350f]Configuratiescherm[/b:37c5af350f] > [b:37c5af350f]Software[/b:37c5af350f] en verwijder alle oudere versies van Java uit de Softwarelijst.
    [*:37c5af350f]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
    [*:37c5af350f]Klik dan op [b:37c5af350f]Verwijderen[/b:37c5af350f] of op de [b:37c5af350f]Wijzig/Verwijder[/b:37c5af350f] knop.
    [*:37c5af350f]Herhaal dit tot alle oudere versies verdwenen zijn.
    [*:37c5af350f]Na het verwijderen van alle oudere versies, [b:37c5af350f]herstart[/b:37c5af350f] je pc.
    [*:37c5af350f]Dubbelklik vervolgens op [b:37c5af350f]jre-6u1-windows-i586-p.exe[/b:37c5af350f] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:37c5af350f]

    Download ATF cleaner (gemaakt door Atribune)
    Dubbelklik op ATF cleaner om het programma te starten.
    In het venster "Main", plaats je een vinkje bij [b:37c5af350f]Select All[/b:37c5af350f].
    Klik op de knop [b:37c5af350f]Empty Selected[/b:37c5af350f].

    Gebruik je ook Firefox als browser:
    Klik op het tabblad "Firefox" en plaats een vinkje bij [b:37c5af350f]Select All[/b:37c5af350f].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
    Klik op de knop [b:37c5af350f]Empty Selected[/b:37c5af350f].

    Gebruik je ook Opera als browser:
    Klik op het tabblad "Opera" en plaats een vinkje bij [b:37c5af350f]Select All[/b:37c5af350f].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:37c5af350f]Empty Selected[/b:37c5af350f].

    Ga naar het menu "Main" en klik op de knop [b:37c5af350f]Exit[/b:37c5af350f] om het programma af te sluiten.


    Zijn er nog problemen?
  • Okay, ik heb de laatste aanwijzingen ook doorgevoerd. en ja, inderdaad, ik had een cracksite bezocht, maar dat zal niet weer gebeuren :oops:

    de pop-up verschijnt tot nu toe niet meer. Is de log nu schoon? Ik wil je in ieder geval heel erg bedanken voor de snelle en professionele hulp.

    sjouke


    Logfile of HijackThis v1.99.1
    Scan saved at 20:51:16, on 12.04.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Sjouke Hoving\Desktop\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
    O4 - HKLM\..\Run: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175759573296
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe



  • Eigenlijk kun je de mensen niet genoeg waarschuwen voor cracksites.
    Een bezoekje aan dergelijke sites is vaak al voldoende om geïnfecteerd te raken.

    Hijackthislogje ziet er goed uit.

    Download Sophos-anti-rootkit: http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
    Plaatst het op je bureaublad.
    Dubbelklik op sarsfx.exe om de bestanden uit te pakken. (aanvaard de standaardinstallatiemap)
    Open de map C:\SOPHTEMP en dubbelklik op sargui.exe om het programma te starten.
    Zorg dat aangevinkt zijn:
    - Running processes
    - Windows Registry
    - Local Hard Drives
    Klik op de knop "Start Scan".

    Wanneer je een melding krijgt dat de scan klaar is, klik je op de knop "OK" en sluit je het programma af.
    Ga naar Start - Uitvoeren en tik in: [b:62b8461ce4]%temp%\sarscan.log[/b:62b8461ce4]
    Er opent een kladblokbestandje. Post de inhoud van dit bestand.
  • Ik weet het, ik had die site ook niet moeten aanklikken. Hier volgt de log van de laatste tool.
    Ik vind het geweldig hoe je al die tools kent om spyware en dergelijke te verwijderen. Het blijft natuurlijk ook een van de zwakke punten van windows dat dit soort dingen kunnen gebeuren.

    sjouke


    Sophos Anti-Rootkit Version 1.2 (data 1.01) © 2006 Sophos Plc
    Started logging on 12.04.2007 at 22:44:30
    Stopped logging on 12.04.2007 at 22:48:53
  • Ziet er goed uit.
    Zijn er nog problemen?
  • Bedankt voor alles. Er zijn in ieder geval geen pop ups meer. Het enige wat ik nog merk is, dat de muis (touchpad) instellingen niet behouden worden. Ik geef steeds aan, dat de cursore op de default moet gaan staan, maar die instelling verdwijnt iedere keer weer. Ik weet niet of dat er iets mee te maken heeft. Verder ziet alles er weer normaal uit. Nogmaals bedankt voor alle hulp.

    sjouke
  • Misschien de bijbehorende software een keer opnieuw installeren.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.