Vraag & Antwoord

Beveiliging & privacy

vreemde pop-ups

16 antwoorden
  • Hallo, Ik krijg de laatste tijd steeds vreemde pop-ups (met XXX materiaal). Ik heb Adaware en Spybot al laten lopen, dat levert niets op. Als ik een HijackThis wil doen, kan ik niet een logje saven. Het verdwijnt meteen weer. Hoe kan dat? Heb WinXP Pro met alle updates etc. Wie kan mij helpen? Bij voorbaat dank, sjouke
  • Download [url=http://users.telenet.be/marcvn/tools/reglooks.exe]reglooks.exe[/url] Plaats het op je bureaublad. Dubbelklik op reglooks.exe, doe verder niets en wacht tot er een logfile opent. Post de inhoud van deze logfile.
  • Hallo, Bedankt voor de hulp. Ik heb dit programmaatje laten lopen en hieronder volgt de lofile. Ik had ondertussen SpySweeper ook laten scannen en die vond enige spyware. Daardoor kan ik ook ineens weer een HijackThis log saven. Die volgt daaronder. Ik kan eerst donderdag weer "repareren". Bij voorbaat dank voor het nakijken. De pop-up verschijnt nog steeds. Sjouke REGLOOKS logfile version 0.960 10.04.2007 20:53:49.93 running from: "C:\Documents and Settings\Sjouke Hoving\Desktop" --- SSODL regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad only standard or legit regkeys found --- STS regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler only standard or legit regkeys found --- USERINIT regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," --- SHELL regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="Explorer.exe" --- SYSTEM regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "System"="" --- APPINIT_DLLS regkey --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows "AppInit_DLLs"="" --- NOTIFY regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify "jkkjhee" "DllName"="jkkjhee.dll" "mlljg" "DllName"="C:\\WINDOWS\\system32\\mlljg.dll" "WRNotifier" "DllName"="WRLogonNTF.dll" --- RUN / LOAD regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load"="" --- BOOTEXECUTE regkey --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager BootExecute= autocheck autochk *\0\0 --- SHELLEXECUTEHOOKS regkey --- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{7F5FFCB8-4838-43CD-80EA-A7EC9C744281}"="" --- AUTORUN regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor "AutoRun"="" --- HKLM\Run regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="\"nwiz.exe\" /installquiet" "NVHotkey"="\"rundll32.exe\" nvHotkey.dll,Start" "SigmatelSysTrayApp"="stsystra.exe" "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\"" "Dell QuickSet"="\"C:\\Program Files\\Dell\\QuickSet\\quickset.exe\"" "SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray" [Run\OptionalComponents] [Run\OptionalComponents\IMAIL] "Installed"="1" [Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [Run\OptionalComponents\MSFS] "Installed"="1" --- HKLM\RunOnce regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce no HKLM RunOnce keys found --- HKLM\RunOnceEx regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx no HKLM RunOnceEx keys found --- HKLM\RunServices regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices no HKLM RunServices keys found --- HKLM\RunServicesOnce regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce regkey does not exist --- HKCU\Run regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" --- HKCU\RunOnce regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce no HKCU RunOnce keys found --- HKCU\RunOnceEx regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx no HKCU RunOnceEx keys found --- HKCU\RunServices regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices no HKCU RunServices keys found --- HKCU\RunServicesOnce regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce regkey does not exist --- HKU\.DEFAULT\Run regkeys --- HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" --- HKU\S-1-5-18\Run regkeys --- HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" --- HKU\S-1-5-19\Run regkeys --- HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" --- HKU\S-1-5-20\Run regkeys --- HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" --- HKLM\Explorer\Run regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run regkey does not exist --- HKCU\Explorer\Run regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run regkey does not exist --- Image File Execution regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options no debuggers found --- BROWSER HELPER OBJECTS regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" regkey not found (ERROR) "{53707962-6F74-2D53-2644-206D7942484F}" FILE ="C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll" "{6785976E-2714-4920-9E89-FEC988C606F4}" FILE ="C:\\WINDOWS\\system32\\mlljg.dll" "{67C55A8D-E808-4caa-9EA7-F77102DE0BB6}" FILE ="C:\\WINDOWS\\system32\\cibqsecx.dll" "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\ssv.dll" "{7F5FFCB8-4838-43CD-80EA-A7EC9C744281}" FILE ="C:\\WINDOWS\\system32\\jkkjhee.dll" "{9ECB9560-04F9-4bbc-943D-298DDF1699E1}" FILE ="C:\\Program Files\\Common Files\\Symantec Shared\\AdBlocking\\NISShExt.dll" "{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}" FILE ="C:\\Program Files\\Norton Internet Security\\Norton AntiVirus\\NavShExt.dll" --- TOOLBAR regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}" FILE ="C:\\Program Files\\Common Files\\Symantec Shared\\AdBlocking\\NISShExt.dll" "{C4069E3A-68F1-403E-B40E-20066696354B}" FILE ="C:\\Program Files\\Norton Internet Security\\Norton AntiVirus\\NavShExt.dll" --- URLSEARCHHOOKS regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks only standard regkeys found --- SRCEENSAVER regkey --- HKEY_CURRENT_USER\Control Panel\Desktop "SCRNSAVE.EXE"="C:\\WINDOWS\\System32\\TELETE~1.SCR" --- CONTEXTMENUHANDLERS regkeys --- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers "Cover Designer" CLSID ={73FCA462-9BD5-4065-A73F-A8E5F6904EF7} FILE ="C:\\Program Files\\Nero\\Nero 7\\Nero CoverDesigner\\CoverEdExtension.dll" "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll "Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll "Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll "Symantec.Norton.Antivirus.IEContextMenu" CLSID ={FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} FILE ="C:\\Program Files\\Norton Internet Security\\Norton AntiVirus\\NavShExt.dll" "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll" "{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers "EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll "Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll" "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll" HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers "SpySweeper" CLSID ={7C9D5882-CB4A-4090-96C8-430BFE8B795B} FILE ="C:\\PROGRA~1\\Webroot\\SPYSWE~1\\SSCtxMnu.dll" "Symantec.Norton.Antivirus.IEContextMenu" CLSID ={FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} FILE ="C:\\Program Files\\Norton Internet Security\\Norton AntiVirus\\NavShExt.dll" "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll" --- ALTERNATESHELL regkey --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot "AlternateShell"="cmd.exe" --- SAFEBOOT MINIMAL SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal no unknown services found --- SAFEBOOT NETWORK SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network no unknown services found --- SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdobeActiveFileMonitor5.0 "DisplayName"="Adobe Active File Monitor V5" C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AegisP "DisplayName"="AEGIS Protocol (IEEE 802.1x) v3.6.0.0" system32\DRIVERS\AegisP.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AnyDVD "DisplayName"="AnyDVD" System32\Drivers\AnyDVD.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APPDRV "DisplayName"="APPDRV" \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Automatisches LiveUpdate - Scheduler "DisplayName"="Automatisches LiveUpdate - Scheduler" "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BANTExt "DisplayName"="Belarc SMBios Access" \SystemRoot\System32\Drivers\BANTExt.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bcm4sbxp "DisplayName"="Broadcom 440x 10/100 Integrated Controller XP Driver" system32\DRIVERS\bcm4sbxp.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btaudio "DisplayName"="Bluetooth-Audiogerät" system32\drivers\btaudio.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTDriver "DisplayName"="Virtueller Bluetooth-Kommunikationstreiber" system32\DRIVERS\btport.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTKRNL "DisplayName"="Bluetooth-Bus-Enumerator" system32\DRIVERS\btkrnl.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTSERIAL "DisplayName"="Bluetooth Serial Driver" \??\C:\WINDOWS\system32\drivers\btserial.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwdins "DisplayName"="Bluetooth Service" C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTWDNDIS "DisplayName"="Bluetooth-LAN-Zugangsserver" system32\DRIVERS\btwdndis.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwhid system32\DRIVERS\btwhid.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwmodem "DisplayName"="Bluetooth-Modem" system32\DRIVERS\btwmodem.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTWUSB "DisplayName"="WIDCOMM USB Bluetooth Driver" System32\Drivers\btwusb.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccEvtMgr "DisplayName"="Symantec Event Manager" "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccISPwdSvc "DisplayName"="Symantec Internet Security Password Validation" "C:\Program Files\Norton Internet Security\ccPwdSvc.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccProxy "DisplayName"="Symantec Network Proxy" "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccSetMgr "DisplayName"="Symantec Settings Manager" "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\comHost "DisplayName"="COM Host" "C:\Program Files\Norton Internet Security\comHost.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eeCtrl "DisplayName"="Symantec Eraser Control driver" \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ElbyCDFL "DisplayName"="ElbyCDFL" System32\Drivers\ElbyCDFL.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ElbyCDIO "DisplayName"="ElbyCDIO Driver" System32\Drivers\ElbyCDIO.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ElbyDelay "DisplayName"="ElbyDelay" System32\Drivers\ElbyDelay.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EraserUtilRebootDrv "DisplayName"="EraserUtilRebootDrv" \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EvtEng "DisplayName"="Intel(R) PROSet/Wireless Event Log" C:\Program Files\Intel\Wireless\Bin\EvtEng.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gusvc "DisplayName"="Google Updater Service" "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HDAudBus "DisplayName"="Microsoft UAA Bus Driver for High Definition Audio" system32\DRIVERS\HDAudBus.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidUsb "DisplayName"="Microsoft HID Class Driver" system32\DRIVERS\hidusb.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HPZid412 "DisplayName"="IEEE-1284.4 Driver HPZid412" system32\DRIVERS\HPZid412.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HPZipr12 "DisplayName"="Print Class Driver for IEEE-1284.4 HPZipr12" system32\DRIVERS\HPZipr12.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HPZius12 "DisplayName"="USB to IEEE-1284.4 Translation Driver HPZius12" system32\DRIVERS\HPZius12.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HSFHWAZL system32\DRIVERS\HSFHWAZL.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HSF_DPV system32\DRIVERS\HSF_DPV.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelppm "DisplayName"="Intel Processor Driver" System32\DRIVERS\intelppm.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid "DisplayName"="Keyboard HID Driver" system32\DRIVERS\kbdhid.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LiveUpdate "DisplayName"="LiveUpdate" "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid "DisplayName"="Mouse HID Driver" System32\DRIVERS\mouhid.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\navapsvc "DisplayName"="Norton AntiVirus Auto-Protect-Dienst" "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NAVENG "DisplayName"="NAVENG" \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070410.022\NAVENG.Sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NAVEX15 "DisplayName"="NAVEX15" \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070410.022\NavEx15.Sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NBService "DisplayName"="NBService" C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETw3x32 "DisplayName"="Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows XP 32 Bit" system32\DRIVERS\NETw3x32.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NMIndexingService "DisplayName"="NMIndexingService" "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NSCService "DisplayName"="Norton Protection Center Service" "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Pml Driver HPZ12 "DisplayName"="Pml Driver HPZ12" C:\WINDOWS\system32\HPZipm12.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PxHelp20 "DisplayName"="PxHelp20" System32\Drivers\PxHelp20.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RegSrvc "DisplayName"="Intel(R) PROSet/Wireless Registry Service" C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry "DisplayName"="Remote Registry" %SystemRoot%\system32\svchost.exe -k LocalService HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\S24EventMonitor "DisplayName"="Intel(R) PROSet/Wireless Service" C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s24trans "DisplayName"="WLAN-Transport" system32\DRIVERS\s24trans.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVRT "DisplayName"="SAVRT" \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVRTPEL "DisplayName"="SAVRTPEL" \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVScan "DisplayName"="Symantec AVScan" "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ScsiPort %SystemRoot%\system32\drivers\scsiport.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sdbus System32\DRIVERS\sdbus.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNDSrvc "DisplayName"="Symantec Network Drivers Service" "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBBCDrv "DisplayName"="SPBBCDrv" \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBBCSvc "DisplayName"="Symantec SPBBCSvc" "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSFS0509 "DisplayName"="Spy Sweeper File System Filer Driver: 0509" SYSTEM32\Drivers\SSFS0509.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSHRMD "DisplayName"="Spy Sweeper Hookrack MiniDriver" SYSTEM32\Drivers\SSHRMD.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSIDRV "DisplayName"="Spy Sweeper Interdiction Driver" SYSTEM32\Drivers\SSIDRV.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSKBFD "DisplayName"="Webroot Spy Sweeper Keylogger Shield Keyboard Filter" System32\Drivers\sskbfd.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\STHDA "DisplayName"="SigmaTel High Definition Audio CODEC" system32\drivers\sthda.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swwd no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Symantec Core LC "DisplayName"="Symantec Core LC" "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMDNS \SystemRoot\System32\Drivers\SYMDNS.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SymEvent \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMFW \SystemRoot\System32\Drivers\SYMFW.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMIDS \SystemRoot\System32\Drivers\SYMIDS.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMIDSCO \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20070405.003\symidsco.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\symlcbrd "DisplayName"="symlcbrd" \??\C:\WINDOWS\system32\drivers\symlcbrd.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMNDIS \SystemRoot\System32\Drivers\SYMNDIS.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMREDRV \SystemRoot\System32\Drivers\SYMREDRV.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMTDI "DisplayName"="SYMTDI" \SystemRoot\System32\Drivers\SYMTDI.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SynPS2Enable no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbccgp "DisplayName"="Microsoft USB Generic Parent Driver" system32\DRIVERS\usbccgp.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbprint "DisplayName"="Microsoft USB PRINTER Class" system32\DRIVERS\usbprint.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbscan "DisplayName"="USB Scanner Driver" system32\DRIVERS\usbscan.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VXD no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebrootSpySweeperService "DisplayName"="Webroot Spy Sweeper Engine" "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winachsf system32\DRIVERS\HSF_CNXT.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WLANKEEPER "DisplayName"="Intel(R) PROSet/Wireless SSO Service" C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi "DisplayName"="Windows Management Instrumentation Driver Extensions" %SystemRoot%\System32\svchost.exe -k netsvcs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiAcpi "DisplayName"="Microsoft Windows Management Interface for ACPI" System32\DRIVERS\wmiacpi.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WpdUsb "DisplayName"="WpdUsb" system32\DRIVERS\wpdusb.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{264F368C-E941-46CA-A814-6159726E5C68} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{7FAA19EF-5B8C-4E00-936D-8690A32506FA} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{900A5B8E-9C07-417F-88DD-92639F0FDE8D} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{B920C862-0615-427F-BB7E-C800F8D3925F} no imagepath value found --- SECURITYPROVIDERS regkey --- HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" --- SVCHOST regkey --- HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService: DnsCache\0\0 netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0TermService\0wuauserv\0BITS\0ShellHWDetection\0helpsvc\0xmlprov\0wscsvc\0WmdmPmSN\0\0 rpcss: RpcSs\0\0 imgsvc: StiSvc\0\0 termsvcs: TermService\0\0 HTTPFilter: HTTPFilter\0\0 DcomLaunch: DcomLaunch\0TermService\0\0 WudfServiceGroup: WUDFSvc\0\0 --- WOW-CMDLINE regkeys --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW "cmdline" = %SystemRoot%\system32\ntvdm.exe "wowcmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 --- STARTUP FOLDERS --- C:\Documents and Settings\Sjouke Hoving\Start Menu\Programs\Startup\desktop.ini C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini --- TASK SCHEDULER JOBS --- C:\WINDOWS\tasks\Norton AntiVirus - Vollst„ndige Systemprfung ausfhren - Sjouke Hoving.job --- File associations --- .BAT files: ("%1" %*) .COM files: ("%1" %*) .EXE files: ("%1" %*) .HLP files: (%SystemRoot%\System32\winhlp32.exe %1) .INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1) .INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1) .JS files: (%SystemRoot%\System32\WScript.exe "%1" %*) .PIF files: ("%1" %*) .REG files: (regedit.exe "%1") .SCR files: ("%1" /S) .TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1) .VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*) FINISHED Logfile of HijackThis v1.99.0 Scan saved at 20:52:22, on 10.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Sjouke Hoving\Desktop\HijackThis\HijackThis.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6785976E-2714-4920-9E89-FEC988C606F4} - C:\WINDOWS\system32\mlljg.dll (file missing) O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\cibqsecx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7F5FFCB8-4838-43CD-80EA-A7EC9C744281} - C:\WINDOWS\system32\jkkjhee.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet O4 - HKLM\..\Run: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175759573296 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Active File Monitor V5 - Unknown - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Norton Protection Center Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Webroot Spy Sweeper Engine - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • Je gebruikt een oudere versie van HijackThis. Best dat je eerst update naar de nieuwste versie. Start HijackThis, Ga naar Config - Misc tools - Check for update online. Download de nieuwste versie, unzip het en plaats het in een eigen map (vb c:\hijackthis). (De nieuwste versie van HijackThis kan je ook [url=http://www.downloads.subratam.org/hijackthis.zip]hier[/url] downloaden). Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:573c2d5788]O2 - BHO: (no name) - {6785976E-2714-4920-9E89-FEC988C606F4} - C:\WINDOWS\system32\mlljg.dll (file missing) O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\cibqsecx.dll O2 - BHO: (no name) - {7F5FFCB8-4838-43CD-80EA-A7EC9C744281} - C:\WINDOWS\system32\jkkjhee.dll[/b:573c2d5788] Klik daarna op "Fix checked" en sluit HijackThis af. Download [url=http://www.atribune.org/ccount/click.php?id=4][b:573c2d5788]VundoFix.exe[/b:573c2d5788][/url] en plaats het op je bureaublad. Dubbelklik VundoFix.exe om het programma te starten. Klik op de knop [b:573c2d5788]Scan for Vundo[/b:573c2d5788]. Als de scan klaar is, klik je op de knop "Remove Vundo". Er wordt gevraagd of je de bestanden wil verwijderen. Klik op "YES". Nadat je op de "YES" hebt geklikt, zullen de icoontjes op je bureaublad verdwijnen. Je krijgt een melding dat je PC zal afsluiten. Klik op "OK". Start je pc opnieuw. Post de inhoud van C:\vundofix.txt. Maak een nieuwe hijackthislog en post deze ook. [u:573c2d5788]Note:[/u:573c2d5788] Het is mogelijk dat vundofix een bestand gevonden heeft dat niet kon verwijderd worden. In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Klik op de knop "Scan for Vundo".
  • Hallo M@rc, Ik had vandaag toch nog even tijd om de aanwijzingen door te voeren. VundoFix heeft inderdaad een paar dingen verwijderd. Hier volgen de logs van VundoFix en een nieuwe HijackThis. Hoe ziet het er nu uit? Alvast bedankt voor alle hulp... Sjouke. VundoFix V6.3.19 Checking Java version... Java version is 1.5.0.11 Scan started at 15:44:48 11.04.2007 Listing files found while scanning.... C:\WINDOWS\system32\cibqsecx.dll C:\WINDOWS\system32\gjllm.bak1 C:\WINDOWS\system32\gjllm.bak2 C:\WINDOWS\system32\gjllm.ini C:\WINDOWS\system32\gjllm.ini2 C:\WINDOWS\system32\gjllm.tmp C:\WINDOWS\system32\mlljg.dll C:\WINDOWS\system32\vtutq.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\cibqsecx.dll C:\WINDOWS\system32\cibqsecx.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\gjllm.bak1 C:\WINDOWS\system32\gjllm.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\gjllm.bak2 C:\WINDOWS\system32\gjllm.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\gjllm.ini C:\WINDOWS\system32\gjllm.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\gjllm.ini2 C:\WINDOWS\system32\gjllm.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\gjllm.tmp C:\WINDOWS\system32\gjllm.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\vtutq.dll C:\WINDOWS\system32\vtutq.dll Has been deleted! Performing Repairs to the registry. Done! Logfile of HijackThis v1.99.1 Scan saved at 16:04:10, on 11.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Sjouke Hoving\Desktop\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6785976E-2714-4920-9E89-FEC988C606F4} - C:\WINDOWS\system32\mlljg.dll (file missing) O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\cibqsecx.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7F5FFCB8-4838-43CD-80EA-A7EC9C744281} - C:\WINDOWS\system32\jkkjhee.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {B6D95299-A8CA-44CF-BBCA-E00862C56C46} - C:\WINDOWS\system32\vtutq.dll (file missing) O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet O4 - HKLM\..\Run: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175759573296 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab O20 - Winlogon Notify: jkkjhee - C:\WINDOWS\SYSTEM32\jkkjhee.dll O20 - Winlogon Notify: mlljg - C:\WINDOWS\system32\mlljg.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • Dubbelklik VundoFix.exe om het programma te starten. Klik op de knop [b:29ac2a7db6]Scan for Vundo[/b:29ac2a7db6]. Eenmaal de tool klaar is met scannen, controleer je of het volgende bestand voorkomt in de lijst van gevonden vundo files: (Indien alle bestanden voorkomen in de lijst, dan ga je verder met de fix vanaf het remove vundo gedeelte) [b:29ac2a7db6] C:\WINDOWS\system32\jkkjhee.dll[/b:29ac2a7db6] De bestanden die niet voorkomen in deze lijst voeg je op de volgende manier toe Rechtsklik je in het witte venster van Vundofix. Selecteer “Add More Files?” dat je in het menu zal zien. Dit zal een nieuw venster openen. In dat venster: Kopieer en plak je het volgende: [b:29ac2a7db6]C:\WINDOWS\system32\jkkjhee.dll[/b:29ac2a7db6] Wanneer je deze toegevoegd hebt, klik je op de knop "Add Files". Klik op de knop "Close Window". Remove vundo. Klik op de knop [b:29ac2a7db6]Remove Vundo[/b:29ac2a7db6]. Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik nu op [b:29ac2a7db6]YES[/b:29ac2a7db6]. Nadat je Yes hebt geklikt, zullen de icoontjes op je bureaublad verdwijnen tijdens het verwijderen van Vundo. Als de scan klaar is, klik je op de knop "Remove Vundo". Je krijgt een melding dat je PC zal afsluiten. Klik op "OK". Na de herstart post je de inhoud van C:\vundofix.txt. Maak een nieuwe hijackthislog en post deze ook. [u:29ac2a7db6]Note:[/u:29ac2a7db6] Het is mogelijk dat vundofix een bestand gevonden heeft dat niet kon verwijderd worden. In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Klik op de knop "Scan for Vundo".
  • Okay, ik heb de aanwijzingen gevolgd. Hier volgen de log files. sjouke VundoFix V6.3.19 Checking Java version... Java version is 1.5.0.11 Scan started at 16:33:49 12.04.2007 Listing files found while scanning.... C:\WINDOWS\system32\cdeeg.bak1 C:\WINDOWS\system32\cdeeg.bak2 C:\WINDOWS\system32\cdeeg.ini C:\WINDOWS\system32\cdeeg.ini2 C:\WINDOWS\system32\cdeeg.tmp C:\WINDOWS\system32\cghrvrsu.ini C:\WINDOWS\system32\geedc.dll C:\WINDOWS\system32\usrvrhgc.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\cdeeg.bak1 C:\WINDOWS\system32\cdeeg.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\cdeeg.bak2 C:\WINDOWS\system32\cdeeg.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\cdeeg.ini C:\WINDOWS\system32\cdeeg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\cdeeg.ini2 C:\WINDOWS\system32\cdeeg.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\cdeeg.tmp C:\WINDOWS\system32\cdeeg.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\cghrvrsu.ini C:\WINDOWS\system32\cghrvrsu.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\geedc.dll C:\WINDOWS\system32\geedc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jkkjhee.dll C:\WINDOWS\system32\jkkjhee.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\usrvrhgc.dll C:\WINDOWS\system32\usrvrhgc.dll Has been deleted! Performing Repairs to the registry. Done! Logfile of HijackThis v1.99.1 Scan saved at 16:49:27, on 12.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Documents and Settings\Sjouke Hoving\Desktop\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6785976E-2714-4920-9E89-FEC988C606F4} - (no file) O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7F5FFCB8-4838-43CD-80EA-A7EC9C744281} - C:\WINDOWS\system32\jkkjhee.dll (file missing) O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {ABFA1730-C084-4541-B126-DF33CFE8570F} - C:\WINDOWS\system32\geedc.dll (file missing) O2 - BHO: (no name) - {B6D95299-A8CA-44CF-BBCA-E00862C56C46} - (no file) O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet O4 - HKLM\..\Run: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\usrvrhgc.dll",setvm O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175759573296 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab O20 - Winlogon Notify: mlljg - C:\WINDOWS\system32\mlljg.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:5edf826074]O2 - BHO: (no name) - {6785976E-2714-4920-9E89-FEC988C606F4} - (no file) O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file) O2 - BHO: (no name) - {7F5FFCB8-4838-43CD-80EA-A7EC9C744281} - C:\WINDOWS\system32\jkkjhee.dll (file missing) O2 - BHO: (no name) - {ABFA1730-C084-4541-B126-DF33CFE8570F} - C:\WINDOWS\system32\geedc.dll (file missing) O2 - BHO: (no name) - {B6D95299-A8CA-44CF-BBCA-E00862C56C46} - (no file) O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\usrvrhgc.dll",setvm O20 - Winlogon Notify: mlljg - C:\WINDOWS\system32\mlljg.dll (file missing)[/b:5edf826074] Klik daarna op "Fix checked" en sluit HijackThis af. Herstart de computer. Start HijackThis opnieuw, maak een nieuwe log en post deze.
  • Nogmaals een log file... hoe ziet het er nu uit? Wat was nu de oorzaak? In ieder geval geweldig voor de hulp. sjouke Logfile of HijackThis v1.99.1 Scan saved at 19:46:31, on 12.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Sjouke Hoving\Desktop\HijackThis\HijackThis.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7F5FFCB8-4838-43CD-80EA-A7EC9C744281} - (no file) O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet O4 - HKLM\..\Run: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175759573296 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • Je had last van een vundo-infectie. Cracksite bezocht soms?? Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:37c5af350f]O2 - BHO: (no name) - {7F5FFCB8-4838-43CD-80EA-A7EC9C744281} - (no file)[/b:37c5af350f] Klik daarna op "Fix checked" en sluit HijackThis af. De Java software op je computer is verouderd. Oudere versies hebben lekken die malware de kans geeft om zich te installeren. Voer eerst onderstaane stappen uit om Java te deïnstalleren en de nieuwste versie te installeren: * Download [url=http://java.sun.com/javase/downloads/index.jsp][b:37c5af350f]Java Runtime Environment (JRE) 6u1[/b:37c5af350f][/url]. [list:37c5af350f][*:37c5af350f]Scroll omlaag naar : "[i:37c5af350f]Java Runtime Environment (JRE) 6u1[/i:37c5af350f]". [*:37c5af350f]Klik op de "[b:37c5af350f]Download[/b:37c5af350f]" knop aan de rechterkant. [*:37c5af350f]Vink aan: "[b:37c5af350f][i:37c5af350f]Accept[/b:37c5af350f] License Agreement[/i:37c5af350f]". [*:37c5af350f]De pagina zal herladen. [*:37c5af350f]Klik op de link om [i:37c5af350f]Windows [b:37c5af350f]Offline[/b:37c5af350f] Installation[/i:37c5af350f] te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad. [*:37c5af350f]Sluit alle programma's die eventueel open zijn - Zeker je web browser! [*:37c5af350f]Ga dan naar [b:37c5af350f]Start[/b:37c5af350f] > [b:37c5af350f]Configuratiescherm[/b:37c5af350f] > [b:37c5af350f]Software[/b:37c5af350f] en verwijder alle oudere versies van Java uit de Softwarelijst. [*:37c5af350f]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. [*:37c5af350f]Klik dan op [b:37c5af350f]Verwijderen[/b:37c5af350f] of op de [b:37c5af350f]Wijzig/Verwijder[/b:37c5af350f] knop. [*:37c5af350f]Herhaal dit tot alle oudere versies verdwenen zijn. [*:37c5af350f]Na het verwijderen van alle oudere versies, [b:37c5af350f]herstart[/b:37c5af350f] je pc. [*:37c5af350f]Dubbelklik vervolgens op [b:37c5af350f]jre-6u1-windows-i586-p.exe[/b:37c5af350f] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:37c5af350f] Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF cleaner[/url] (gemaakt door Atribune) Dubbelklik op ATF cleaner om het programma te starten. In het venster "Main", plaats je een vinkje bij [b:37c5af350f]Select All[/b:37c5af350f]. Klik op de knop [b:37c5af350f]Empty Selected[/b:37c5af350f]. Gebruik je ook Firefox als browser: Klik op het tabblad "Firefox" en plaats een vinkje bij [b:37c5af350f]Select All[/b:37c5af350f]. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit haalt het vinkje weer weg bij "Firefox saved passwords") Klik op de knop [b:37c5af350f]Empty Selected[/b:37c5af350f]. Gebruik je ook Opera als browser: Klik op het tabblad "Opera" en plaats een vinkje bij [b:37c5af350f]Select All[/b:37c5af350f]. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop [b:37c5af350f]Empty Selected[/b:37c5af350f]. Ga naar het menu "Main" en klik op de knop [b:37c5af350f]Exit[/b:37c5af350f] om het programma af te sluiten. Zijn er nog problemen?
  • Okay, ik heb de laatste aanwijzingen ook doorgevoerd. en ja, inderdaad, ik had een cracksite bezocht, maar dat zal niet weer gebeuren :oops: de pop-up verschijnt tot nu toe niet meer. Is de log nu schoon? Ik wil je in ieder geval heel erg bedanken voor de snelle en professionele hulp. sjouke Logfile of HijackThis v1.99.1 Scan saved at 20:51:16, on 12.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Sjouke Hoving\Desktop\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet O4 - HKLM\..\Run: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175759573296 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • Eigenlijk kun je de mensen niet genoeg waarschuwen voor cracksites. Een bezoekje aan dergelijke sites is vaak al voldoende om geïnfecteerd te raken. Hijackthislogje ziet er goed uit. Download Sophos-anti-rootkit: http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html Plaatst het op je bureaublad. Dubbelklik op sarsfx.exe om de bestanden uit te pakken. (aanvaard de standaardinstallatiemap) Open de map C:\SOPHTEMP en dubbelklik op sargui.exe om het programma te starten. Zorg dat aangevinkt zijn: - Running processes - Windows Registry - Local Hard Drives Klik op de knop "Start Scan". Wanneer je een melding krijgt dat de scan klaar is, klik je op de knop "OK" en sluit je het programma af. Ga naar Start - Uitvoeren en tik in: [b:62b8461ce4]%temp%\sarscan.log[/b:62b8461ce4] Er opent een kladblokbestandje. Post de inhoud van dit bestand.
  • Ik weet het, ik had die site ook niet moeten aanklikken. Hier volgt de log van de laatste tool. Ik vind het geweldig hoe je al die tools kent om spyware en dergelijke te verwijderen. Het blijft natuurlijk ook een van de zwakke punten van windows dat dit soort dingen kunnen gebeuren. sjouke Sophos Anti-Rootkit Version 1.2 (data 1.01) (c) 2006 Sophos Plc Started logging on 12.04.2007 at 22:44:30 Stopped logging on 12.04.2007 at 22:48:53
  • Ziet er goed uit. Zijn er nog problemen?
  • Bedankt voor alles. Er zijn in ieder geval geen pop ups meer. Het enige wat ik nog merk is, dat de muis (touchpad) instellingen niet behouden worden. Ik geef steeds aan, dat de cursore op de default moet gaan staan, maar die instelling verdwijnt iedere keer weer. Ik weet niet of dat er iets mee te maken heeft. Verder ziet alles er weer normaal uit. Nogmaals bedankt voor alle hulp. sjouke
  • Misschien de bijbehorende software een keer opnieuw installeren.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.