Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

pc gaar...

pimvandenderen
18 antwoorden
  • Delsimdialer verwijderd, maar lijkt toch niet helemaal te zijn verwijderd.. Misschien nog wat extra rotzooi op de pc waar ik het fijne niet van weet.

    Graag hulp bij dit hijack-logje…

    Logfile of HijackThis v1.97.7
    Scan saved at 20:05:55, on 28-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Norman\Npm\bin\ELOGSVC.EXE
    C:\Norman\Npm\Bin\Zanda.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\WinDV.exe
    C:\Norman\Npm\bin\NJEEVES.EXE
    C:\Norman\Nvc\bin
    vcoas.exe
    C:\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Norman\Npm\bin\ZLH.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\CDSpeed.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Norman\Nvc\bin\cclaw.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Wireless\Client Manager\CMags.EXE
    C:\WINDOWS\system32\wuauclt.exe
    D:\Documents and Settings\gebruiker\Bureaublad\HijackThis.exe
    C:\WINDOWS\system32
    otepad.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F0 - system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe
    F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe
    O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
    O1 - Hosts: 67.15.57.172 auto.search.msn.com #NETVISION
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.341.0\OEAddOn.exe
    O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe"
    O4 - HKLM\..\Run: [CDSpeed.exe] C:\WINDOWS\CDSpeed.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Wireless Client Manager.lnk = ?
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.computercornerschijndel.nl
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165072177921
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab

  • Je hebt een sterke oude versie van Hijackthis.

    Download Hijackthis-setup naar je [u:3af1ce006b]Bureaublad[/u:3af1ce006b].

    Open HJTInstall en bepaal de locatie waar je Hijackthis wilt installeren.
    Druk vervolgens op Install, na enkele seconde zal Hijackthis automatisch openen.
    Kies nu voor [b:3af1ce006b]'Do a system scan and save a logfile'[/b:3af1ce006b].
    Er opent een kladblok bestand met een logfile. Selecteer deze tekst helemaal ([b:3af1ce006b]ctrl-A[/b:3af1ce006b]), kopieer ([b:3af1ce006b]ctrl C[/b:3af1ce006b]) en plak deze tekst in je volgende bericht.

    Succes! 8)

    Pim
  • Dank alvast voor reactie, hier is de nieuwe log..

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:51:25, on 28-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Norman\Npm\bin\ELOGSVC.EXE
    C:\Norman\Npm\Bin\Zanda.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\WinDV.exe
    C:\Norman\Npm\bin\NJEEVES.EXE
    C:\Norman\Nvc\bin
    vcoas.exe
    C:\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Norman\Npm\bin\ZLH.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\CDSpeed.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Norman\Nvc\bin\cclaw.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Wireless\Client Manager\CMags.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe
    O1 - Hosts: 67.15.57.172 auto.search.msn.com #NETVISION
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.341.0\OEAddOn.exe
    O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe"
    O4 - HKLM\..\Run: [CDSpeed.exe] C:\WINDOWS\CDSpeed.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Wireless Client Manager.lnk = ?
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.computercornerschijndel.nl
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165072177921
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin
    vcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: Windows Drivers Version - Unknown owner - C:\WINDOWS\WinDV.exe


    End of file - 8640 bytes

  • Ik zie meerdere actieve virusscanners in je logfile. Meerdere virusscanners gaan ruzie
    maken met elkaar en kunnen leiden tot problemen. Daarom raad ik je aan om Avast of Norman
    te deinstalleren via start –> configuratiescherm –> software.

    Verwijder daar ook het programma [b:880a0b537f]seekmo[/b:880a0b537f]

    Indien dat nog niet is gebeurt, herstart je PC.

    Start Hijackthis, kies voor [i:880a0b537f]'Do a system scan only'[/i:880a0b537f] en vink onderstaande regels aan, [b:880a0b537f]indien nog aanwezig[/b:880a0b537f]:
    [b:880a0b537f]
    F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe
    O1 - Hosts: 67.15.57.172 auto.search.msn.com #NETVISION
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.341.0\OEAddOn.exe
    O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe"
    [/b:880a0b537f]

    Sluit nu [u:880a0b537f]alle[/u:880a0b537f] openstaande vensters, behalve Hijackthis en klik op [b:880a0b537f]Fix Checked[/b:880a0b537f].

    Verwijder het volgende bestand:
    C:\Windows\[b:880a0b537f]WinDV.exe[/b:880a0b537f]

    En de volgende map:
    C:\Program Files\[b:880a0b537f]Seekmo[/b:880a0b537f]

    Download Deckard's System Scanner naar je [b:880a0b537f]Bureaublad[/b:880a0b537f]

    [list:880a0b537f]
    Sluit alle toepassingen en vensters.
    [b:880a0b537f]Dubbelklik[/b:880a0b537f] op [b:880a0b537f]dss.exe[/b:880a0b537f] om het te activeren, en volg de aanwijzingen.
    Wanneer de scan volledig is, zal een tekstbestand - [b:880a0b537f]main.txt[/b:880a0b537f] - openen.
    Kopiëer [b:880a0b537f]Ctrl+A gevolgd door Ctrl+C[/b:880a0b537f]) en plak ([b:880a0b537f]Ctrl+V[/b:880a0b537f]) de inhoud van [b:880a0b537f]main.txt[/b:880a0b537f] in je volgende antwoord.
    [/list:u:880a0b537f]
  • Windv.exe kon ik niet vinden. Heb de pc laten doorzoeken. Maar hij vond alleen een windv.exe.pf in windows/prefetch ofzo. Moet ik die deleten??

    De rest verliep allemaal soepel. Heb dss laten scannen, maar die pc zit even een avond niet verbonden aan internet, dus dss kon niet op internet. Is dit noodzakelijk? Kan eventueel wel internet fixen voor die pc, maar wil het risico niet lopen dat zometeen het hele netwerk vol zit met troep van mn collega :)

    Maargoed, hier de log van dss:

    Deckard's System Scanner v20070826.66
    Run by gebruiker on 2007-08-28 21:34:36
    Computer is in Normal Mode.
    ——————————————————————————–

    – System Restore ————————————————————–

    Successfully created a Deckard's System Scanner Restore Point.


    – Last 2 Restore Point(s) –
    2: 2007-08-28 19:34:42 UTC - RP2 - Deckard's System Scanner Restore Point
    1: 2007-08-27 18:20:41 UTC - RP1 - Controlepunt van systeem


    Backed up registry hives.
    Performed disk cleanup.

  • Download OTmoveit en plaats het op je [u:89f3c8d2ae]bureaublad[/u:89f3c8d2ae]

    [list:89f3c8d2ae]
    * Dubbelklik op [b:89f3c8d2ae]OTMoveIt.exe[/b:89f3c8d2ae] om de tool te starten.
    * Kopiëer (selecteren en druk Ctrl-C) [b:89f3c8d2ae]alle[/b:89f3c8d2ae] onderstaande, vetgedrukte, blauwe tekst :
  • C:\WINDOWS\WinDV.exe moved successfully.
    C:\WINDOWS\chcp.exe moved successfully.
    C:\Program Files\Common Files\delsim moved successfully.
    D:\Documents and Settings\All Users\Application Data\SeekmoSA moved successfully.
    D:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 moved successfully.
    D:\Documents and Settings\gebruiker\Application Data\Seekmo moved successfully.

    Created on 08-28-2007 22:09:23

    Dus pc niet hoeven te rebooten, meteen die dss erachteraan gedaan, hier het resultaat:

    Deckard's System Scanner v20070826.66
    Run by gebruiker on 2007-08-28 22:10:44
    Computer is in Normal Mode.
    ——————————————————————————–

  • Ik lig geloof ik echt te slapen hierzo, heb iets drastisch over het hoofd gezien :oops:

    Start Hijackthis, kies voor [i:876c7cdd26]'Do a system scan only'[/i:876c7cdd26] en vink onderstaande regels aan:
    [b:876c7cdd26]
    O4 - HKLM\..\Run: [CDSpeed.exe] C:\WINDOWS\CDSpeed.exe
    [/b:876c7cdd26]

    Sluit nu [u:876c7cdd26]alle[/u:876c7cdd26] openstaande vensters, behalve Hijackthis en klik op [b:876c7cdd26]Fix Checked[/b:876c7cdd26].

    [list:876c7cdd26]
    * Dubbelklik op [b:876c7cdd26]OTMoveIt.exe[/b:876c7cdd26] om de tool te starten.
    * Kopiëer (selecteren en druk Ctrl-C) [b:876c7cdd26]alle[/b:876c7cdd26] onderstaande, vetgedrukte, blauwe tekst :
  • File/Folder C:\WINDOWS\CDSpeed.exe not found.
    C:\WINDOWS\WinDV.exe moved successfully.
    File/Folder C:\WINDOWS\sndrec32.exe not found.
    File move failed. C:\WINDOWS\system32\ftp.exe scheduled to be moved on reboot.
    File move failed. C:\WINDOWS\system32\tftp.exe scheduled to be moved on reboot.

    Created on 08-28-2007 23:29:32

    dit is die otmoveit, hij gaf nu wel aan dat ik moest rebooten. Dus heb na reboot nog eens zelfde procedure gedaan. Wist niet zeker of het na alleen reboot al goed was. Voor reboot weet ik niet meer precies wat ie aangaf, volgens mij enkel dat ie die tftp en ftp.exe nie kon moven. rest was succesfully, maar weet niet zeker….

    Hier is dsslog:

    Deckard's System Scanner v20070826.66
    Run by gebruiker on 2007-08-28 23:30:46
    Computer is in Normal Mode.
    ——————————————————————————–

  • Is de pc nu weer ongeveer schoon van rotzooi, of moet ik nog wat stappen doorlopen??

    Dat windv.exe bijv. moet ik die nu wissen?

    bvd
  • Hoi,

    Ik ben momenteel bezig met een fix, alleen vergt het nogal wat opzoek werk, er zit zeker nog het een en ander op, ik post mijn fix vanavond.

    Pim
  • ok top, bedankt voor alle moeite, zeer gewaardeerd _o_

    Ik wacht het rustig af.

    gr.
  • Oké, we gaan het even anders aanpakken. De tool Combofix is gelukkig weer beschikbaar.

    1. Start Hijackthis, kies voor [i:3810a1600f]'Do a system scan only'[/i:3810a1600f] en vink onderstaande regels aan:
    [b:3810a1600f]
    F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe
    [/b:3810a1600f]

    Sluit nu [u:3810a1600f]alle[/u:3810a1600f] openstaande vensters, behalve Hijackthis en klik op [b:3810a1600f]Fix Checked[/b:3810a1600f].

    2.
    Download Combofix naar je [b:3810a1600f]bureaublad[/b:3810a1600f]

    Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:3810a1600f]
    File::
    C:\WINDOWS\WinDV.exe
    C:\WINDOWS\system32\ftp.exe
    C:\WINDOWS\system32\tftp.exe
    C:\WINDOWS\rstrui.exe

    Driver::
    Windows Drivers Version

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Shell"=-

    [/b:3810a1600f]
    Sla dit op op je Bureaublad als [b:3810a1600f]CFScript.txt[/b:3810a1600f]

    Sleep [b:3810a1600f]CFScript.txt[/b:3810a1600f] in [b:3810a1600f]ComboFix.exe[/b:3810a1600f] zoals getoond in onderstaand voorbeeld :

    [img:3810a1600f]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:3810a1600f]

    Dit zal [b:3810a1600f]ComboFix[/b:3810a1600f] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:3810a1600f]Combofix.txt[/b:3810a1600f] in je volgende antwoord samen met een nieuw HijackThislogje.

    Succes!

    Pim
  • ComboFix 07-08-30.1 - "gebruiker" 2007-08-29 22:02:19.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.298 [GMT 2:00]
    Command switches used :: D:\Documents and Settings\gebruiker\Bureaublad\CFScript.txt
    * Created a new restore point

    FILE::
    C:\WINDOWS\WinDV.exe
    C:\WINDOWS\system32\ftp.exe
    C:\WINDOWS\system32\tftp.exe
    C:\WINDOWS\rstrui.exe


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\rstrui.exe
    C:\WINDOWS\system32\ftp.exe
    C:\WINDOWS\system32\tftp.exe
    D:\Autorun.inf
    D:\DOCUME~1\GEBRUI~1\BUREAU~1\internet.lnk


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    ——-\LEGACY_WINDOWS_DRIVERS_VERSION
    ——-\Windows Drivers Version


    ((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))


    2007-08-29 22:01 51,200 –a—— C:\WINDOWS
    ircmd.exe
    2007-08-28 20:50 <DIR> d——– C:\Program Files\Trend Micro
    2007-08-28 20:01 <DIR> d——– D:\DOCUME~1\GEBRUI~1\APPLIC~1\Lavasoft
    2007-08-28 19:49 <DIR> d——– C:\Program Files\Enigma Software Group
    2007-08-26 20:52 95,608 –a—— C:\WINDOWS\system32\AvastSS.scr
    2007-08-26 20:52 94,416 –a—— C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-08-26 20:52 92,848 –a—— C:\WINDOWS\system32\drivers\aswmon.sys
    2007-08-26 20:52 783,224 –a—— C:\WINDOWS\system32\aswBoot.exe
    2007-08-26 20:52 42,912 –a—— C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-08-26 20:52 26,624 –a—— C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-08-26 20:52 23,152 –a—— C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-08-26 20:52 <DIR> d——– C:\Program Files\Alwil Software
    2007-08-26 18:08 <DIR> d——– C:\WINDOWS\pss
    2007-08-25 12:33 <DIR> d——– D:\DOCUME~1\Gast\APPLIC~1\Google
    2007-08-25 12:32 <DIR> dr-h—– D:\DOCUME~1\Gast\Onlangs geopend
    2007-08-25 12:32 <DIR> dr——- D:\DOCUME~1\Gast\Mijn documenten
    2007-08-25 12:32 <DIR> dr——- D:\DOCUME~1\Gast\Menu Start
    2007-08-25 12:32 <DIR> dr——- D:\DOCUME~1\Gast\Favorieten
    2007-08-25 12:32 <DIR> d–h—– D:\DOCUME~1\Gast\Sjablonen
    2007-08-25 12:32 <DIR> d–h—– D:\DOCUME~1\Gast\Netwerkprinteromgeving
    2007-08-25 12:32 <DIR> d——– D:\DOCUME~1\Gast\Bureaublad
    2007-08-25 12:32 <DIR> d——– D:\DOCUME~1\Gast\APPLIC~1\SPAMfighter
    2007-08-24 21:33 <DIR> d——– D:\DOCUME~1\Steffi\APPLIC~1\SPAMfighter
    2007-08-24 15:59 <DIR> d——– C:\Program Files\MSN Messenger
    2007-07-26 17:49 18,704 -ra—— C:\WINDOWS\system32\drivers\se2Bnd5.sys
    2007-07-23 13:19 <DIR> d——– D:\DOCUME~1\GEBRUI~1\APPLIC~1\Leadertech
    2007-07-23 13:12 90,800 -ra—— C:\WINDOWS\system32\drivers\se2Bunic.sys
    2007-07-23 13:12 4,128 -ra—— C:\WINDOWS\system32\drivers\se2Bcr.sys
    2007-07-23 13:07 88,688 -ra—— C:\WINDOWS\system32\drivers\SE2Bmgmt.sys
    2007-07-04 19:42 86,560 -ra—— C:\WINDOWS\system32\drivers\SE2Bobex.sys
    2007-07-04 19:41 97,184 -ra—— C:\WINDOWS\system32\drivers\SE2Bmdm.sys
    2007-07-04 19:41 9,360 -ra—— C:\WINDOWS\system32\drivers\SE2Bmdfl.sys
    2007-07-04 19:41 61,600 -ra—— C:\WINDOWS\system32\drivers\SE2Bbus.sys
    2007-07-04 19:41 6,240 -ra—— C:\WINDOWS\system32\drivers\SE2Bcmnt.sys
    2007-07-04 19:41 6,240 -ra—— C:\WINDOWS\system32\drivers\SE2Bcm.sys
    2007-07-04 19:41 5,872 -ra—— C:\WINDOWS\system32\drivers\SE2Bwhnt.sys
    2007-07-04 19:41 5,872 -ra—— C:\WINDOWS\system32\drivers\se2Bwh.sys
    2007-07-04 18:58 <DIR> d——– D:\DOCUME~1\GEBRUI~1\APPLIC~1\AdobeAUM
    2007-07-02 14:18 <DIR> d——– D:\DOCUME~1\GEBRUI~1\APPLIC~1\TransRender
    2007-07-02 14:18 <DIR> d——– D:\DOCUME~1\GEBRUI~1\APPLIC~1\Temporary


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-25 15:12 ——— d——– C:\Program Files\Common Files\LightScribe
    2007-08-24 22:27 ——— d——– C:\Program Files\Microsoft Picture It! 9
    2007-08-24 18:24 ——— d——– C:\Program Files\LimeWire
    2007-08-24 14:53 ——— d——– D:\DOCUME~1\GEBRUI~1\APPLIC~1\OpenOffice.org2
    2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 –a—— C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 –a—— C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 –a—— C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 –a—— C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 –a—— C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 –a—— C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 –a—— C:\WINDOWS\system32\wups.dll
    2007-07-23 13:16 ——— d——– D:\DOCUME~1\GEBRUI~1\APPLIC~1\AdobeUM
    2007-06-30 15:58 ——— d——– D:\DOCUME~1\GEBRUI~1\APPLIC~1\ConvertTemp
    2007-06-30 15:41 ——— d——– D:\DOCUME~1\GEBRUI~1\APPLIC~1\Samsung
    2007-06-30 15:36 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-06-30 15:36 ——— d——– C:\Program Files\Samsung
    2007-06-29 09:22 ——— d——– C:\Program Files\SPAMfighter
    2007-06-29 09:22 ——— d——– C:\Program Files\Common Files\Application
    2007-06-29 09:22 ——— d——– C:\Program Files\Common Files\Ankiro
    2007-06-26 08:10 1104896 –a—— C:\WINDOWS\system32\msxml3.dll
    2007-06-19 15:33 282112 –a—— C:\WINDOWS\system32\gdi32.dll
    2007-06-13 15:24 1036800 –a—— C:\WINDOWS\explorer.exe
    2007-06-05 10:34 1184664 –a—— C:\WINDOWS\system32\FreeImage.dll
    2002-12-09 17:48:22 53,248 -csha-r C:\WINDOWS\system32\Vncpwd.dll
    2003-02-19 09:10:46 479,232 -csha-r C:\WINDOWS\system32\vncpwd.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 18:35]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40]
    "RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-11-23 04:12]
    "SoundMan"="SOUNDMAN.EXE" [2006-03-01 10:22 C:\WINDOWS\soundman.exe]
    "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10]
    "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 02:11]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-06-25 15:03]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 14:27]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
    S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys
    S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys
    S3 SE2Bmdfl;Sony Ericsson Device 043 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Bmdfl.sys
    S3 SE2Bmdm;Sony Ericsson Device 043 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Bmdm.sys
    S3 SE2Bmgmt;Sony Ericsson Device 043 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bmgmt.sys
    S3 se2Bnd5;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Bnd5.sys
    S3 SE2Bobex;Sony Ericsson Device 043 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Bobex.sys
    S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM);C:\WINDOWS\system32\DRIVERS\se2Bunic.sys
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
    S3 wlags51b;Agere Wireless USB Driver;C:\WINDOWS\system32\DRIVERS\wlags51b.sys


    Contents of the 'Scheduled Tasks' folder
    2006-12-08 07:37:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-30 22:05:00
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-30 22:06:18 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-08-30 22:06

    — E O F —


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:09:29, on 30-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Wireless\Client Manager\CMags.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Wireless Client Manager.lnk = ?
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.computercornerschijndel.nl
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165072177921
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe


    End of file - 7384 bytes
  • Dat ziet er weer goed uit!

    Hoe is het met je problemen? 8)
  • ja, het gaat om de pc van mn collega. Hij heeft hem vanaf donderdag weer gewoon thuis in gebruik. En alles lijkt gefixt te zijn. Alleen de datum vd pc was een dag vooruit gezet. Deze kan ie gewoon terugzetten op goeie datum/tijd?

    Verder is dus alles in orde, dank hiervoor :)
  • Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
    Kijk hier hoe je je systeemherstel moet uitschakelen.
    Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

    Je datum en tijd kan je weer goed zetten, handmatig.

    Pim 8)
  • Alles werkt weer prima, op 1 ding na.

    Hij wilde foto's via zo'n usb-stickie op zn pc zetten, maar zn autorun werkt nu niet meer. Weet niet zeker of het voor dvd's ed ook zo is. Zal dit morgen navragen.
    Normaal krijg je dan dat ie automatisch die foto's weergeeft en kunt kopieren naar de harde schijf, maar dit werkt dus niet meer..

    Misschien iets verwijderd vande week, wat hiermee te maken kan hebben?

    Hij zou het graag weer terug werkend zien..
    Als ik een logje moet plaatsen, dan hoor ik dat wel. Vraag ik gewoon nog een avondje de pc mee;)

    Bvd!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.