Vraag & Antwoord

Beveiliging & privacy

pc gaar...

18 antwoorden
  • Delsimdialer verwijderd, maar lijkt toch niet helemaal te zijn verwijderd.. Misschien nog wat extra rotzooi op de pc waar ik het fijne niet van weet. Graag hulp bij dit hijack-logje... Logfile of HijackThis v1.97.7 Scan saved at 20:05:55, on 28-8-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\WinDV.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\WINDOWS\Explorer.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\SOUNDMAN.EXE C:\Norman\Npm\bin\ZLH.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\WINDOWS\CDSpeed.exe C:\Norman\Nvc\BIN\NIP.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Norman\Nvc\bin\cclaw.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Wireless\Client Manager\CMags.EXE C:\WINDOWS\system32\wuauclt.exe D:\Documents and Settings\gebruiker\Bureaublad\HijackThis.exe C:\WINDOWS\system32\notepad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F0 - system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 67.15.57.172 auto.search.msn.com #NETVISION O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.341.0\OEAddOn.exe O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe" O4 - HKLM\..\Run: [CDSpeed.exe] C:\WINDOWS\CDSpeed.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Wireless Client Manager.lnk = ? O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.computercornerschijndel.nl O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165072177921 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
  • Je hebt een sterke oude versie van Hijackthis. Download [url=http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe]Hijackthis-setup[/url] naar je [u:3af1ce006b]Bureaublad[/u:3af1ce006b]. Open HJTInstall en bepaal de locatie waar je Hijackthis wilt installeren. Druk vervolgens op Install, na enkele seconde zal Hijackthis automatisch openen. Kies nu voor [b:3af1ce006b]'Do a system scan and save a logfile'[/b:3af1ce006b]. Er opent een kladblok bestand met een logfile. Selecteer deze tekst helemaal ([b:3af1ce006b]ctrl-A[/b:3af1ce006b]), kopieer ([b:3af1ce006b]ctrl C[/b:3af1ce006b]) en plak deze tekst in je volgende bericht. Succes! 8) Pim
  • Dank alvast voor reactie, hier is de nieuwe log.. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:51:25, on 28-8-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\WinDV.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\WINDOWS\Explorer.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\SOUNDMAN.EXE C:\Norman\Npm\bin\ZLH.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\WINDOWS\CDSpeed.exe C:\Norman\Nvc\BIN\NIP.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Norman\Nvc\bin\cclaw.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Wireless\Client Manager\CMags.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe O1 - Hosts: 67.15.57.172 auto.search.msn.com #NETVISION O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.341.0\OEAddOn.exe O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe" O4 - HKLM\..\Run: [CDSpeed.exe] C:\WINDOWS\CDSpeed.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Wireless Client Manager.lnk = ? O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.computercornerschijndel.nl O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165072177921 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Windows Drivers Version - Unknown owner - C:\WINDOWS\WinDV.exe -- End of file - 8640 bytes
  • Ik zie meerdere actieve virusscanners in je logfile. Meerdere virusscanners gaan ruzie maken met elkaar en kunnen leiden tot problemen. Daarom raad ik je aan om Avast of Norman te deinstalleren via start --> configuratiescherm --> software. Verwijder daar ook het programma [b:880a0b537f]seekmo[/b:880a0b537f] Indien dat nog niet is gebeurt, herstart je PC. Start Hijackthis, kies voor [i:880a0b537f]'Do a system scan only'[/i:880a0b537f] en vink onderstaande regels aan, [b:880a0b537f]indien nog aanwezig[/b:880a0b537f]: [b:880a0b537f] F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe O1 - Hosts: 67.15.57.172 auto.search.msn.com #NETVISION O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.341.0\OEAddOn.exe O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe" [/b:880a0b537f] Sluit nu [u:880a0b537f]alle[/u:880a0b537f] openstaande vensters, behalve Hijackthis en klik op [b:880a0b537f]Fix Checked[/b:880a0b537f]. Verwijder het volgende bestand: C:\Windows\[b:880a0b537f]WinDV.exe[/b:880a0b537f] En de volgende map: C:\Program Files\[b:880a0b537f]Seekmo[/b:880a0b537f] Download [url=http://www.techsupportforum.com/sectools/Deckard/dss.exe]Deckard's System Scanner[/url] naar je [b:880a0b537f]Bureaublad[/b:880a0b537f] [list:880a0b537f] Sluit alle toepassingen en vensters. [b:880a0b537f]Dubbelklik[/b:880a0b537f] op [b:880a0b537f]dss.exe[/b:880a0b537f] om het te activeren, en volg de aanwijzingen. Wanneer de scan volledig is, zal een tekstbestand - [b:880a0b537f]main.txt[/b:880a0b537f] - openen. Kopiëer [b:880a0b537f]Ctrl+A gevolgd door Ctrl+C[/b:880a0b537f]) en plak ([b:880a0b537f]Ctrl+V[/b:880a0b537f]) de inhoud van [b:880a0b537f]main.txt[/b:880a0b537f] in je volgende antwoord. [/list:u:880a0b537f] [color=red:880a0b537f]Opmerking:[/color:880a0b537f] Sommige firewalls [b:880a0b537f]kunnen[/b:880a0b537f] waarschuwen dat [b:880a0b537f]sigcheck.exe[/b:880a0b537f] probeert verbinding te maken met het internet - zorg dat [b:880a0b537f]sigcheck.exe[/b:880a0b537f] toestemming krijgt om dit te doen ! Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen. Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen) Succes! Pim
  • Windv.exe kon ik niet vinden. Heb de pc laten doorzoeken. Maar hij vond alleen een windv.exe.pf in windows/prefetch ofzo. Moet ik die deleten?? De rest verliep allemaal soepel. Heb dss laten scannen, maar die pc zit even een avond niet verbonden aan internet, dus dss kon niet op internet. Is dit noodzakelijk? Kan eventueel wel internet fixen voor die pc, maar wil het risico niet lopen dat zometeen het hele netwerk vol zit met troep van mn collega :) Maargoed, hier de log van dss: Deckard's System Scanner v20070826.66 Run by gebruiker on 2007-08-28 21:34:36 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 2 Restore Point(s) -- 2: 2007-08-28 19:34:42 UTC - RP2 - Deckard's System Scanner Restore Point 1: 2007-08-27 18:20:41 UTC - RP1 - Controlepunt van systeem Backed up registry hives. Performed disk cleanup. [color=red:c49a9ad19c]Total Physical Memory: 511 MiB (512 MiB recommended).[/color:c49a9ad19c] -- HijackThis (run as gebruiker.exe) ------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:35:59, on 28-8-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\WinDV.exe C:\WINDOWS\Explorer.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\WINDOWS\CDSpeed.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Wireless\Client Manager\CMags.EXE C:\WINDOWS\system32\msiexec.exe D:\Documents and Settings\gebruiker\Bureaublad\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\gebruiker.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [CDSpeed.exe] C:\WINDOWS\CDSpeed.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Wireless Client Manager.lnk = ? O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.computercornerschijndel.nl O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165072177921 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Windows Drivers Version - Unknown owner - C:\WINDOWS\WinDV.exe -- End of file - 7580 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20070828-212818-194 O1 - Hosts: 67.15.57.172 auto.search.msn.com #NETVISION backup-20070828-212818-724 O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe" backup-20070828-212818-808 F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe backup-20070828-212818-901 O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.341.0\OEAddOn.exe backup-20070828-212818-973 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 StarOpen - c:\windows\system32\drivers\staropen.sys S3 GMSIPCI - e:\install\gmsipci.sys (file missing) S3 MSICPL - e:\install4\msicpl.sys (file missing) S3 NTACCESS - e:\ntaccess.sys (file missing) S3 SetupNTGLM7X - e:\ntglm7x.sys (file missing) S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Windows Drivers Version - "c:\windows\windv.exe" -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2006-12-08 09:37:51 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-07-28 and 2007-08-28 ----------------------------- 2007-08-28 21:34:22 0 d-------- D:\Deckard 2007-08-28 20:50:54 0 d-------- C:\Program Files\Trend Micro 2007-08-28 20:01:09 0 d-------- D:\Documents and Settings\gebruiker\Application Data\Lavasoft 2007-08-28 19:49:48 0 d-------- C:\Program Files\Enigma Software Group 2007-08-26 20:52:44 0 d-------- C:\Program Files\Alwil Software 2007-08-26 18:08:55 0 d-------- C:\WINDOWS\pss 2007-08-25 17:44:23 435200 -r-hs---- C:\WINDOWS\CDSpeed.exe 2007-08-25 15:03:51 657408 -r-hs---- C:\WINDOWS\WinDV.exe 2007-08-25 12:33:02 0 d-------- D:\Documents and Settings\Gast\Application Data\Google 2007-08-25 12:32:23 0 d-------- D:\Documents and Settings\Gast\Application Data\SPAMfighter 2007-08-25 12:32:02 0 d--h----- D:\Documents and Settings\Gast\Sjablonen 2007-08-25 12:32:02 0 dr-h----- D:\Documents and Settings\Gast\SendTo 2007-08-25 12:32:02 0 dr-h----- D:\Documents and Settings\Gast\Onlangs geopend 2007-08-25 12:32:02 1048576 --ah----- D:\Documents and Settings\Gast\NTUSER.DAT 2007-08-25 12:32:02 0 d--h----- D:\Documents and Settings\Gast\Netwerkprinteromgeving 2007-08-25 12:32:02 0 d--h----- D:\Documents and Settings\Gast\NetHood 2007-08-25 12:32:02 0 dr------- D:\Documents and Settings\Gast\Mijn documenten 2007-08-25 12:32:02 0 dr------- D:\Documents and Settings\Gast\Menu Start 2007-08-25 12:32:02 0 d--h----- D:\Documents and Settings\Gast\Local Settings 2007-08-25 12:32:02 0 dr------- D:\Documents and Settings\Gast\Favorieten 2007-08-25 12:32:02 0 d--hs---- D:\Documents and Settings\Gast\Cookies 2007-08-25 12:32:02 0 d-------- D:\Documents and Settings\Gast\Bureaublad 2007-08-25 12:32:02 0 dr-h----- D:\Documents and Settings\Gast\Application Data 2007-08-25 12:32:02 0 d---s---- D:\Documents and Settings\Gast\Application Data\Microsoft 2007-08-25 12:32:02 0 d-------- D:\Documents and Settings\Gast\Application Data\Identities 2007-08-24 21:33:36 0 d-------- D:\Documents and Settings\Steffi\Application Data\SPAMfighter 2007-08-24 17:52:42 638976 -r-hs---- C:\WINDOWS\rstrui.exe 2007-08-24 15:59:58 0 d-------- C:\Program Files\MSN Messenger 2007-08-24 08:21:52 434176 -r-hs---- C:\WINDOWS\chcp.exe 2007-08-22 18:09:40 0 d--h----- C:\Program Files\Common Files\delsim 2007-08-22 18:09:26 385536 -r-hs---- C:\WINDOWS\sndrec32.exe 2007-08-13 08:15:08 0 d-------- D:\Documents and Settings\All Users\Application Data\SeekmoSA 2007-08-13 08:15:08 0 d-------- D:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 2007-08-13 08:15:05 0 d-------- D:\Documents and Settings\gebruiker\Application Data\Seekmo -- Find3M Report --------------------------------------------------------------- 2007-08-28 21:26:54 17408 --a----c- C:\WINDOWS\system32\tftp.exe 2007-08-28 21:26:54 45056 --a----c- C:\WINDOWS\system32\ftp.exe 2007-08-28 18:09:25 52054 --a------ D:\Documents and Settings\gebruiker\Application Data\wklnhst.dat 2007-08-27 19:54:03 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-08-25 15:12:03 0 d-------- C:\Program Files\Common Files\LightScribe 2007-08-24 22:27:04 0 d-------- C:\Program Files\Microsoft Picture It! 9 2007-08-24 18:24:43 0 d-------- C:\Program Files\LimeWire 2007-08-24 14:53:40 0 d-------- D:\Documents and Settings\gebruiker\Application Data\OpenOffice.org2 2007-08-22 18:09:40 0 d-------- C:\Program Files\Common Files 2007-07-26 17:08:03 60712 --a------ D:\Documents and Settings\gebruiker\Application Data\GDIPFONTCACHEV1.DAT 2007-07-23 13:19:11 0 d-------- D:\Documents and Settings\gebruiker\Application Data\Leadertech 2007-07-23 13:16:08 0 d-------- D:\Documents and Settings\gebruiker\Application Data\AdobeUM 2007-07-04 18:58:07 0 d-------- D:\Documents and Settings\gebruiker\Application Data\AdobeAUM 2007-07-04 18:58:07 0 d-------- D:\Documents and Settings\gebruiker\Application Data\Adobe 2007-07-04 18:57:12 0 d-------- C:\Program Files\Common Files\Adobe 2007-07-02 14:18:09 0 d-------- D:\Documents and Settings\gebruiker\Application Data\TransRender 2007-07-02 14:18:09 0 d-------- D:\Documents and Settings\gebruiker\Application Data\Temporary 2007-06-30 15:58:41 0 d-------- D:\Documents and Settings\gebruiker\Application Data\ConvertTemp 2007-06-30 15:41:48 0 d-------- D:\Documents and Settings\gebruiker\Application Data\Samsung 2007-06-30 15:36:24 0 d-------- C:\Program Files\Samsung 2007-06-30 15:36:24 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-06-29 09:22:57 0 d-------- C:\Program Files\Common Files\Ankiro 2007-06-29 09:22:56 0 d-------- C:\Program Files\SPAMfighter 2007-06-29 09:22:41 0 d-------- C:\Program Files\Common Files\Application -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14-03-2007 03:43] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [08-12-2003 18:35] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [12-01-2006 17:40] "RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [23-11-2005 04:12] "SoundMan"="SOUNDMAN.EXE" [01-03-2006 10:22 C:\WINDOWS\soundman.exe] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [14-01-2004 03:10] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [10-06-2003 02:11] "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [25-06-2007 15:03] "CDSpeed.exe"="C:\WINDOWS\CDSpeed.exe" [25-08-2007 17:44] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [28-07-2007 00:03] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [31-07-2007 14:27] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 14:00] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19-01-2007 12:54] D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23-9-2005 23:05:26] Wireless Client Manager.lnk - C:\Program Files\Wireless\Client Manager\CMags.EXE [6-12-2006 20:34:47] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=1 (0x1) "DisableRegistryTools"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"="Explorer.exe %WINDIR%\WinDV.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime -- End of Deckard's System Scanner: finished at 2007-08-28 21:37:26 ------------
  • Download [url=http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe]OTmoveit[/url] en plaats het op je [u:89f3c8d2ae]bureaublad[/u:89f3c8d2ae] [list:89f3c8d2ae] * Dubbelklik op [b:89f3c8d2ae]OTMoveIt.exe[/b:89f3c8d2ae] om de tool te starten. * Kopiëer (selecteren en druk Ctrl-C) [b:89f3c8d2ae]alle[/b:89f3c8d2ae] onderstaande, vetgedrukte, blauwe tekst : [color=blue:89f3c8d2ae][b:89f3c8d2ae] C:\WINDOWS\WinDV.exe C:\WINDOWS\chcp.exe C:\Program Files\Common Files\delsim D:\Documents and Settings\All Users\Application Data\SeekmoSA D:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 D:\Documents and Settings\gebruiker\Application Data\Seekmo [/b:89f3c8d2ae][/color:89f3c8d2ae] * Plak de gekopiëerde tekst (druk Ctrl-V) in het "[b:89f3c8d2ae]Paste List of Files/Folders to be moved[/b:89f3c8d2ae]" venster * Klik op de rode [color=red:89f3c8d2ae]MoveIt![/color:89f3c8d2ae] knop * [b:89f3c8d2ae]Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord.[/b:89f3c8d2ae] * Sluit OTMoveIt. Indien een bestand of map niet onmiddellijk kan verplaatst worden, kun je gevraagd worden om de PC te herstarten teneinde het verplaatsen te beeïndigen. Klik dan op [b:89f3c8d2ae]Ja/Yes[/b:89f3c8d2ae]. [/list:u:89f3c8d2ae] Plaats het resultaat van Otmoveit in je volgende antwoord tesamen met een nieuw logje van Deckard's System Scanner. Succes. Pim
  • C:\WINDOWS\WinDV.exe moved successfully. C:\WINDOWS\chcp.exe moved successfully. C:\Program Files\Common Files\delsim moved successfully. D:\Documents and Settings\All Users\Application Data\SeekmoSA moved successfully. D:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 moved successfully. D:\Documents and Settings\gebruiker\Application Data\Seekmo moved successfully. Created on 08-28-2007 22:09:23 Dus pc niet hoeven te rebooten, meteen die dss erachteraan gedaan, hier het resultaat: Deckard's System Scanner v20070826.66 Run by gebruiker on 2007-08-28 22:10:44 Computer is in Normal Mode. -------------------------------------------------------------------------------- [color=red:cda1f87797]Total Physical Memory: 511 MiB (512 MiB recommended).[/color:cda1f87797] -- HijackThis (run as gebruiker.exe) ------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:10:47, on 28-8-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\WinDV.exe C:\WINDOWS\Explorer.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\WINDOWS\CDSpeed.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Wireless\Client Manager\CMags.EXE D:\Documents and Settings\gebruiker\Bureaublad\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\GEBRUI~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [CDSpeed.exe] C:\WINDOWS\CDSpeed.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Wireless Client Manager.lnk = ? O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.computercornerschijndel.nl O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165072177921 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Windows Drivers Version - Unknown owner - C:\WINDOWS\WinDV.exe -- End of file - 7546 bytes -- Files created between 2007-07-28 and 2007-08-28 ----------------------------- 2007-08-28 22:09:23 0 d-------- D:\_OTMoveIt 2007-08-28 21:34:22 0 d-------- D:\Deckard 2007-08-28 20:50:54 0 d-------- C:\Program Files\Trend Micro 2007-08-28 20:01:09 0 d-------- D:\Documents and Settings\gebruiker\Application Data\Lavasoft 2007-08-28 19:49:48 0 d-------- C:\Program Files\Enigma Software Group 2007-08-26 20:52:44 0 d-------- C:\Program Files\Alwil Software 2007-08-26 18:08:55 0 d-------- C:\WINDOWS\pss 2007-08-25 17:44:23 435200 -r-hs---- C:\WINDOWS\CDSpeed.exe 2007-08-25 15:03:51 657408 -----n--- C:\WINDOWS\WinDV.exe 2007-08-25 12:33:02 0 d-------- D:\Documents and Settings\Gast\Application Data\Google 2007-08-25 12:32:23 0 d-------- D:\Documents and Settings\Gast\Application Data\SPAMfighter 2007-08-25 12:32:02 0 d--h----- D:\Documents and Settings\Gast\Sjablonen 2007-08-25 12:32:02 0 dr-h----- D:\Documents and Settings\Gast\SendTo 2007-08-25 12:32:02 0 dr-h----- D:\Documents and Settings\Gast\Onlangs geopend 2007-08-25 12:32:02 1048576 --ah----- D:\Documents and Settings\Gast\NTUSER.DAT 2007-08-25 12:32:02 0 d--h----- D:\Documents and Settings\Gast\Netwerkprinteromgeving 2007-08-25 12:32:02 0 d--h----- D:\Documents and Settings\Gast\NetHood 2007-08-25 12:32:02 0 dr------- D:\Documents and Settings\Gast\Mijn documenten 2007-08-25 12:32:02 0 dr------- D:\Documents and Settings\Gast\Menu Start 2007-08-25 12:32:02 0 d--h----- D:\Documents and Settings\Gast\Local Settings 2007-08-25 12:32:02 0 dr------- D:\Documents and Settings\Gast\Favorieten 2007-08-25 12:32:02 0 d--hs---- D:\Documents and Settings\Gast\Cookies 2007-08-25 12:32:02 0 d-------- D:\Documents and Settings\Gast\Bureaublad 2007-08-25 12:32:02 0 dr-h----- D:\Documents and Settings\Gast\Application Data 2007-08-25 12:32:02 0 d---s---- D:\Documents and Settings\Gast\Application Data\Microsoft 2007-08-25 12:32:02 0 d-------- D:\Documents and Settings\Gast\Application Data\Identities 2007-08-24 21:33:36 0 d-------- D:\Documents and Settings\Steffi\Application Data\SPAMfighter 2007-08-24 17:52:42 638976 -r-hs---- C:\WINDOWS\rstrui.exe 2007-08-24 15:59:58 0 d-------- C:\Program Files\MSN Messenger 2007-08-22 18:09:26 385536 -r-hs---- C:\WINDOWS\sndrec32.exe -- Find3M Report --------------------------------------------------------------- 2007-08-28 22:09:23 0 d-------- C:\Program Files\Common Files 2007-08-28 21:26:54 17408 --a----c- C:\WINDOWS\system32\tftp.exe 2007-08-28 21:26:54 45056 --a----c- C:\WINDOWS\system32\ftp.exe 2007-08-28 18:09:25 52054 --a------ D:\Documents and Settings\gebruiker\Application Data\wklnhst.dat 2007-08-27 19:54:03 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-08-25 15:12:03 0 d-------- C:\Program Files\Common Files\LightScribe 2007-08-24 22:27:04 0 d-------- C:\Program Files\Microsoft Picture It! 9 2007-08-24 18:24:43 0 d-------- C:\Program Files\LimeWire 2007-08-24 14:53:40 0 d-------- D:\Documents and Settings\gebruiker\Application Data\OpenOffice.org2 2007-07-26 17:08:03 60712 --a------ D:\Documents and Settings\gebruiker\Application Data\GDIPFONTCACHEV1.DAT 2007-07-23 13:19:11 0 d-------- D:\Documents and Settings\gebruiker\Application Data\Leadertech 2007-07-23 13:16:08 0 d-------- D:\Documents and Settings\gebruiker\Application Data\AdobeUM 2007-07-04 18:58:07 0 d-------- D:\Documents and Settings\gebruiker\Application Data\AdobeAUM 2007-07-04 18:58:07 0 d-------- D:\Documents and Settings\gebruiker\Application Data\Adobe 2007-07-04 18:57:12 0 d-------- C:\Program Files\Common Files\Adobe 2007-07-02 14:18:09 0 d-------- D:\Documents and Settings\gebruiker\Application Data\TransRender 2007-07-02 14:18:09 0 d-------- D:\Documents and Settings\gebruiker\Application Data\Temporary 2007-06-30 15:58:41 0 d-------- D:\Documents and Settings\gebruiker\Application Data\ConvertTemp 2007-06-30 15:41:48 0 d-------- D:\Documents and Settings\gebruiker\Application Data\Samsung 2007-06-30 15:36:24 0 d-------- C:\Program Files\Samsung 2007-06-30 15:36:24 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-06-29 09:22:57 0 d-------- C:\Program Files\Common Files\Ankiro 2007-06-29 09:22:56 0 d-------- C:\Program Files\SPAMfighter 2007-06-29 09:22:41 0 d-------- C:\Program Files\Common Files\Application -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14-03-2007 03:43] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [08-12-2003 18:35] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [12-01-2006 17:40] "RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [23-11-2005 04:12] "SoundMan"="SOUNDMAN.EXE" [01-03-2006 10:22 C:\WINDOWS\soundman.exe] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [14-01-2004 03:10] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [10-06-2003 02:11] "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [25-06-2007 15:03] "CDSpeed.exe"="C:\WINDOWS\CDSpeed.exe" [25-08-2007 17:44] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [28-07-2007 00:03] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [31-07-2007 14:27] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 14:00] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19-01-2007 12:54] D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23-9-2005 23:05:26] Wireless Client Manager.lnk - C:\Program Files\Wireless\Client Manager\CMags.EXE [6-12-2006 20:34:47] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=1 (0x1) "DisableRegistryTools"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"="Explorer.exe %WINDIR%\WinDV.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bad3b23-8207-11db-a585-806d6172696f}] AutoRun\command- D:\setupSNK.exe -- End of Deckard's System Scanner: finished at 2007-08-28 22:11:08 ------------ En zag in die log weer die windv.exe. alvast stiekem gekeken in c:\windows en nu staat ie er wel. Nog niets mee gedaan verder, enkel even gekeken, en ik wacht op verdere instructies. Top iig dit, tgaat echt soepel dankzij je hulp :)
  • Ik lig geloof ik echt te slapen hierzo, heb iets drastisch over het hoofd gezien :oops: Start Hijackthis, kies voor [i:876c7cdd26]'Do a system scan only'[/i:876c7cdd26] en vink onderstaande regels aan: [b:876c7cdd26] O4 - HKLM\..\Run: [CDSpeed.exe] C:\WINDOWS\CDSpeed.exe [/b:876c7cdd26] Sluit nu [u:876c7cdd26]alle[/u:876c7cdd26] openstaande vensters, behalve Hijackthis en klik op [b:876c7cdd26]Fix Checked[/b:876c7cdd26]. [list:876c7cdd26] * Dubbelklik op [b:876c7cdd26]OTMoveIt.exe[/b:876c7cdd26] om de tool te starten. * Kopiëer (selecteren en druk Ctrl-C) [b:876c7cdd26]alle[/b:876c7cdd26] onderstaande, vetgedrukte, blauwe tekst : [color=blue:876c7cdd26][b:876c7cdd26] C:\WINDOWS\CDSpeed.exe C:\WINDOWS\WinDV.exe C:\WINDOWS\sndrec32.exe C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\tftp.exe [/b:876c7cdd26][/color:876c7cdd26] * Plak de gekopiëerde tekst (druk Ctrl-V) in het "[b:876c7cdd26]Paste List of Files/Folders to be moved[/b:876c7cdd26]" venster * Klik op de rode [color=red:876c7cdd26]MoveIt![/color:876c7cdd26] knop * [b:876c7cdd26]Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord.[/b:876c7cdd26] * Sluit OTMoveIt. Indien een bestand of map niet onmiddellijk kan verplaatst worden, kun je gevraagd worden om de PC te herstarten teneinde het verplaatsen te beeïndigen. Klik dan op [b:876c7cdd26]Ja/Yes[/b:876c7cdd26]. [/list:u:876c7cdd26] Plaats het resultaat van Otmoveit in je volgende antwoord tesamen met een nieuwe main.txt. Pim
  • File/Folder C:\WINDOWS\CDSpeed.exe not found. C:\WINDOWS\WinDV.exe moved successfully. File/Folder C:\WINDOWS\sndrec32.exe not found. File move failed. C:\WINDOWS\system32\ftp.exe scheduled to be moved on reboot. File move failed. C:\WINDOWS\system32\tftp.exe scheduled to be moved on reboot. Created on 08-28-2007 23:29:32 dit is die otmoveit, hij gaf nu wel aan dat ik moest rebooten. Dus heb na reboot nog eens zelfde procedure gedaan. Wist niet zeker of het na alleen reboot al goed was. Voor reboot weet ik niet meer precies wat ie aangaf, volgens mij enkel dat ie die tftp en ftp.exe nie kon moven. rest was succesfully, maar weet niet zeker.... Hier is dsslog: Deckard's System Scanner v20070826.66 Run by gebruiker on 2007-08-28 23:30:46 Computer is in Normal Mode. -------------------------------------------------------------------------------- [color=red:e751a14482]Total Physical Memory: 511 MiB (512 MiB recommended).[/color:e751a14482] -- HijackThis (run as gebruiker.exe) ------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:30:51, on 28-8-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\WinDV.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Wireless\Client Manager\CMags.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe D:\Documents and Settings\gebruiker\Bureaublad\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\GEBRUI~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Wireless Client Manager.lnk = ? O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.computercornerschijndel.nl O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165072177921 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Windows Drivers Version - Unknown owner - C:\WINDOWS\WinDV.exe -- End of file - 7589 bytes -- Files created between 2007-07-28 and 2007-08-28 ----------------------------- 2007-08-28 22:09:23 0 d-------- D:\_OTMoveIt 2007-08-28 21:34:22 0 d-------- D:\Deckard 2007-08-28 20:50:54 0 d-------- C:\Program Files\Trend Micro 2007-08-28 20:01:09 0 d-------- D:\Documents and Settings\gebruiker\Application Data\Lavasoft 2007-08-28 19:49:48 0 d-------- C:\Program Files\Enigma Software Group 2007-08-26 20:52:44 0 d-------- C:\Program Files\Alwil Software 2007-08-26 18:08:55 0 d-------- C:\WINDOWS\pss 2007-08-25 15:03:51 657408 -----n--- C:\WINDOWS\WinDV.exe 2007-08-25 12:33:02 0 d-------- D:\Documents and Settings\Gast\Application Data\Google 2007-08-25 12:32:23 0 d-------- D:\Documents and Settings\Gast\Application Data\SPAMfighter 2007-08-25 12:32:02 0 d--h----- D:\Documents and Settings\Gast\Sjablonen 2007-08-25 12:32:02 0 dr-h----- D:\Documents and Settings\Gast\SendTo 2007-08-25 12:32:02 0 dr-h----- D:\Documents and Settings\Gast\Onlangs geopend 2007-08-25 12:32:02 1048576 --ah----- D:\Documents and Settings\Gast\NTUSER.DAT 2007-08-25 12:32:02 0 d--h----- D:\Documents and Settings\Gast\Netwerkprinteromgeving 2007-08-25 12:32:02 0 d--h----- D:\Documents and Settings\Gast\NetHood 2007-08-25 12:32:02 0 dr------- D:\Documents and Settings\Gast\Mijn documenten 2007-08-25 12:32:02 0 dr------- D:\Documents and Settings\Gast\Menu Start 2007-08-25 12:32:02 0 d--h----- D:\Documents and Settings\Gast\Local Settings 2007-08-25 12:32:02 0 dr------- D:\Documents and Settings\Gast\Favorieten 2007-08-25 12:32:02 0 d--hs---- D:\Documents and Settings\Gast\Cookies 2007-08-25 12:32:02 0 d-------- D:\Documents and Settings\Gast\Bureaublad 2007-08-25 12:32:02 0 dr-h----- D:\Documents and Settings\Gast\Application Data 2007-08-25 12:32:02 0 d---s---- D:\Documents and Settings\Gast\Application Data\Microsoft 2007-08-25 12:32:02 0 d-------- D:\Documents and Settings\Gast\Application Data\Identities 2007-08-24 21:33:36 0 d-------- D:\Documents and Settings\Steffi\Application Data\SPAMfighter 2007-08-24 17:52:42 638976 -r-hs---- C:\WINDOWS\rstrui.exe 2007-08-24 15:59:58 0 d-------- C:\Program Files\MSN Messenger -- Find3M Report --------------------------------------------------------------- 2007-08-28 23:28:20 17408 --a----c- C:\WINDOWS\system32\tftp.exe 2007-08-28 23:28:20 45056 --a----c- C:\WINDOWS\system32\ftp.exe 2007-08-28 22:09:23 0 d-------- C:\Program Files\Common Files 2007-08-28 18:09:25 52054 --a------ D:\Documents and Settings\gebruiker\Application Data\wklnhst.dat 2007-08-27 19:54:03 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-08-25 15:12:03 0 d-------- C:\Program Files\Common Files\LightScribe 2007-08-24 22:27:04 0 d-------- C:\Program Files\Microsoft Picture It! 9 2007-08-24 18:24:43 0 d-------- C:\Program Files\LimeWire 2007-08-24 14:53:40 0 d-------- D:\Documents and Settings\gebruiker\Application Data\OpenOffice.org2 2007-07-26 17:08:03 60712 --a------ D:\Documents and Settings\gebruiker\Application Data\GDIPFONTCACHEV1.DAT 2007-07-23 13:19:11 0 d-------- D:\Documents and Settings\gebruiker\Application Data\Leadertech 2007-07-23 13:16:08 0 d-------- D:\Documents and Settings\gebruiker\Application Data\AdobeUM 2007-07-04 18:58:07 0 d-------- D:\Documents and Settings\gebruiker\Application Data\AdobeAUM 2007-07-04 18:58:07 0 d-------- D:\Documents and Settings\gebruiker\Application Data\Adobe 2007-07-04 18:57:12 0 d-------- C:\Program Files\Common Files\Adobe 2007-07-02 14:18:09 0 d-------- D:\Documents and Settings\gebruiker\Application Data\TransRender 2007-07-02 14:18:09 0 d-------- D:\Documents and Settings\gebruiker\Application Data\Temporary 2007-06-30 15:58:41 0 d-------- D:\Documents and Settings\gebruiker\Application Data\ConvertTemp 2007-06-30 15:41:48 0 d-------- D:\Documents and Settings\gebruiker\Application Data\Samsung 2007-06-30 15:36:24 0 d-------- C:\Program Files\Samsung 2007-06-30 15:36:24 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-06-29 09:22:57 0 d-------- C:\Program Files\Common Files\Ankiro 2007-06-29 09:22:56 0 d-------- C:\Program Files\SPAMfighter 2007-06-29 09:22:41 0 d-------- C:\Program Files\Common Files\Application -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14-03-2007 03:43] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [08-12-2003 18:35] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [12-01-2006 17:40] "RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [23-11-2005 04:12] "SoundMan"="SOUNDMAN.EXE" [01-03-2006 10:22 C:\WINDOWS\soundman.exe] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [14-01-2004 03:10] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [10-06-2003 02:11] "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [25-06-2007 15:03] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [28-07-2007 00:03] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [31-07-2007 14:27] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 14:00] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19-01-2007 12:54] D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23-9-2005 23:05:26] Wireless Client Manager.lnk - C:\Program Files\Wireless\Client Manager\CMags.EXE [6-12-2006 20:34:47] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=1 (0x1) "DisableRegistryTools"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"="Explorer.exe %WINDIR%\WinDV.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime -- End of Deckard's System Scanner: finished at 2007-08-28 23:31:12 ------------
  • Is de pc nu weer ongeveer schoon van rotzooi, of moet ik nog wat stappen doorlopen?? Dat windv.exe bijv. moet ik die nu wissen? bvd
  • Hoi, Ik ben momenteel bezig met een fix, alleen vergt het nogal wat opzoek werk, er zit zeker nog het een en ander op, ik post mijn fix vanavond. Pim
  • ok top, bedankt voor alle moeite, zeer gewaardeerd _o_ Ik wacht het rustig af. gr.
  • Oké, we gaan het even anders aanpakken. De tool Combofix is gelukkig weer beschikbaar. 1. Start Hijackthis, kies voor [i:3810a1600f]'Do a system scan only'[/i:3810a1600f] en vink onderstaande regels aan: [b:3810a1600f] F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe [/b:3810a1600f] Sluit nu [u:3810a1600f]alle[/u:3810a1600f] openstaande vensters, behalve Hijackthis en klik op [b:3810a1600f]Fix Checked[/b:3810a1600f]. 2. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url] naar je [b:3810a1600f]bureaublad[/b:3810a1600f] Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:3810a1600f] File:: C:\WINDOWS\WinDV.exe C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\tftp.exe C:\WINDOWS\rstrui.exe Driver:: Windows Drivers Version Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"=- [/b:3810a1600f] Sla dit op op je Bureaublad als [b:3810a1600f]CFScript.txt[/b:3810a1600f] Sleep [b:3810a1600f]CFScript.txt[/b:3810a1600f] in [b:3810a1600f]ComboFix.exe[/b:3810a1600f] zoals getoond in onderstaand voorbeeld : [img:3810a1600f]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:3810a1600f] Dit zal [b:3810a1600f]ComboFix[/b:3810a1600f] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:3810a1600f]Combofix.txt[/b:3810a1600f] in je volgende antwoord samen met een nieuw HijackThislogje. Succes! Pim
  • ComboFix 07-08-30.1 - "gebruiker" 2007-08-29 22:02:19.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.298 [GMT 2:00] Command switches used :: D:\Documents and Settings\gebruiker\Bureaublad\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\WinDV.exe C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\tftp.exe C:\WINDOWS\rstrui.exe ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\rstrui.exe C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\tftp.exe D:\Autorun.inf D:\DOCUME~1\GEBRUI~1\BUREAU~1\internet.lnk ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_WINDOWS_DRIVERS_VERSION -------\Windows Drivers Version ((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 ))))))))))))))))))))))))))))))) 2007-08-29 22:01 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-28 20:50 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-28 20:01 <DIR> d-------- D:\DOCUME~1\GEBRUI~1\APPLIC~1\Lavasoft 2007-08-28 19:49 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-08-26 20:52 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-08-26 20:52 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-08-26 20:52 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-08-26 20:52 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-08-26 20:52 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-08-26 20:52 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-26 20:52 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-08-26 20:52 <DIR> d-------- C:\Program Files\Alwil Software 2007-08-26 18:08 <DIR> d-------- C:\WINDOWS\pss 2007-08-25 12:33 <DIR> d-------- D:\DOCUME~1\Gast\APPLIC~1\Google 2007-08-25 12:32 <DIR> dr-h----- D:\DOCUME~1\Gast\Onlangs geopend 2007-08-25 12:32 <DIR> dr------- D:\DOCUME~1\Gast\Mijn documenten 2007-08-25 12:32 <DIR> dr------- D:\DOCUME~1\Gast\Menu Start 2007-08-25 12:32 <DIR> dr------- D:\DOCUME~1\Gast\Favorieten 2007-08-25 12:32 <DIR> d--h----- D:\DOCUME~1\Gast\Sjablonen 2007-08-25 12:32 <DIR> d--h----- D:\DOCUME~1\Gast\Netwerkprinteromgeving 2007-08-25 12:32 <DIR> d-------- D:\DOCUME~1\Gast\Bureaublad 2007-08-25 12:32 <DIR> d-------- D:\DOCUME~1\Gast\APPLIC~1\SPAMfighter 2007-08-24 21:33 <DIR> d-------- D:\DOCUME~1\Steffi\APPLIC~1\SPAMfighter 2007-08-24 15:59 <DIR> d-------- C:\Program Files\MSN Messenger 2007-07-26 17:49 18,704 -ra------ C:\WINDOWS\system32\drivers\se2Bnd5.sys 2007-07-23 13:19 <DIR> d-------- D:\DOCUME~1\GEBRUI~1\APPLIC~1\Leadertech 2007-07-23 13:12 90,800 -ra------ C:\WINDOWS\system32\drivers\se2Bunic.sys 2007-07-23 13:12 4,128 -ra------ C:\WINDOWS\system32\drivers\se2Bcr.sys 2007-07-23 13:07 88,688 -ra------ C:\WINDOWS\system32\drivers\SE2Bmgmt.sys 2007-07-04 19:42 86,560 -ra------ C:\WINDOWS\system32\drivers\SE2Bobex.sys 2007-07-04 19:41 97,184 -ra------ C:\WINDOWS\system32\drivers\SE2Bmdm.sys 2007-07-04 19:41 9,360 -ra------ C:\WINDOWS\system32\drivers\SE2Bmdfl.sys 2007-07-04 19:41 61,600 -ra------ C:\WINDOWS\system32\drivers\SE2Bbus.sys 2007-07-04 19:41 6,240 -ra------ C:\WINDOWS\system32\drivers\SE2Bcmnt.sys 2007-07-04 19:41 6,240 -ra------ C:\WINDOWS\system32\drivers\SE2Bcm.sys 2007-07-04 19:41 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Bwhnt.sys 2007-07-04 19:41 5,872 -ra------ C:\WINDOWS\system32\drivers\se2Bwh.sys 2007-07-04 18:58 <DIR> d-------- D:\DOCUME~1\GEBRUI~1\APPLIC~1\AdobeAUM 2007-07-02 14:18 <DIR> d-------- D:\DOCUME~1\GEBRUI~1\APPLIC~1\TransRender 2007-07-02 14:18 <DIR> d-------- D:\DOCUME~1\GEBRUI~1\APPLIC~1\Temporary (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-25 15:12 --------- d-------- C:\Program Files\Common Files\LightScribe 2007-08-24 22:27 --------- d-------- C:\Program Files\Microsoft Picture It! 9 2007-08-24 18:24 --------- d-------- C:\Program Files\LimeWire 2007-08-24 14:53 --------- d-------- D:\DOCUME~1\GEBRUI~1\APPLIC~1\OpenOffice.org2 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-23 13:16 --------- d-------- D:\DOCUME~1\GEBRUI~1\APPLIC~1\AdobeUM 2007-06-30 15:58 --------- d-------- D:\DOCUME~1\GEBRUI~1\APPLIC~1\ConvertTemp 2007-06-30 15:41 --------- d-------- D:\DOCUME~1\GEBRUI~1\APPLIC~1\Samsung 2007-06-30 15:36 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-06-30 15:36 --------- d-------- C:\Program Files\Samsung 2007-06-29 09:22 --------- d-------- C:\Program Files\SPAMfighter 2007-06-29 09:22 --------- d-------- C:\Program Files\Common Files\Application 2007-06-29 09:22 --------- d-------- C:\Program Files\Common Files\Ankiro 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 15:33 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 15:24 1036800 --a------ C:\WINDOWS\explorer.exe 2007-06-05 10:34 1184664 --a------ C:\WINDOWS\system32\FreeImage.dll 2002-12-09 17:48:22 53,248 -csha-r C:\WINDOWS\system32\Vncpwd.dll 2003-02-19 09:10:46 479,232 -csha-r C:\WINDOWS\system32\vncpwd.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 18:35] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40] "RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-11-23 04:12] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 10:22 C:\WINDOWS\soundman.exe] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 02:11] "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-06-25 15:03] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 14:27] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys S3 SE2Bmdfl;Sony Ericsson Device 043 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Bmdfl.sys S3 SE2Bmdm;Sony Ericsson Device 043 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Bmdm.sys S3 SE2Bmgmt;Sony Ericsson Device 043 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bmgmt.sys S3 se2Bnd5;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Bnd5.sys S3 SE2Bobex;Sony Ericsson Device 043 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Bobex.sys S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM);C:\WINDOWS\system32\DRIVERS\se2Bunic.sys S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys S3 wlags51b;Agere Wireless USB Driver;C:\WINDOWS\system32\DRIVERS\wlags51b.sys Contents of the 'Scheduled Tasks' folder 2006-12-08 07:37:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-30 22:05:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-30 22:06:18 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-30 22:06 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:09:29, on 30-8-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Wireless\Client Manager\CMags.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Wireless Client Manager.lnk = ? O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.computercornerschijndel.nl O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165072177921 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 7384 bytes
  • Dat ziet er weer goed uit! Hoe is het met je problemen? 8)
  • ja, het gaat om de pc van mn collega. Hij heeft hem vanaf donderdag weer gewoon thuis in gebruik. En alles lijkt gefixt te zijn. Alleen de datum vd pc was een dag vooruit gezet. Deze kan ie gewoon terugzetten op goeie datum/tijd? Verder is dus alles in orde, dank hiervoor :)
  • Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in. [url=http://users.pandora.be/marcvn/spyware/1852808.htm]Kijk hier hoe je je systeemherstel moet uitschakelen.[/url] Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel. Je datum en tijd kan je weer goed zetten, handmatig. Pim 8)
  • Alles werkt weer prima, op 1 ding na. Hij wilde foto's via zo'n usb-stickie op zn pc zetten, maar zn autorun werkt nu niet meer. Weet niet zeker of het voor dvd's ed ook zo is. Zal dit morgen navragen. Normaal krijg je dan dat ie automatisch die foto's weergeeft en kunt kopieren naar de harde schijf, maar dit werkt dus niet meer.. Misschien iets verwijderd vande week, wat hiermee te maken kan hebben? Hij zou het graag weer terug werkend zien.. Als ik een logje moet plaatsen, dan hoor ik dat wel. Vraag ik gewoon nog een avondje de pc mee;) Bvd!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.