Vraag & Antwoord

Beveiliging & privacy

Virus check en advertisement pop-ups.

40 antwoorden
  • Hallo iedereen, aangezien jullie mij de vorige keer ook zo ontzettend goed hebben geholpen hebben, hoopte ik dat jullie dat weer kunnen. Ik heb laatst een virus binnen gekregen en nu zijn alle pictogrammen op mijn bureaublad "geselecteerd". Dus de lettertjes zitten in de blauwe kadertjes. Hij start ook steeds automatisch Limewire op en ik krijg steeds advertisement pop-ups. Ik heb met AVG een scan gedaan en hij heeft wel wat gevonden en weggegooid, maar het probleem is nog steeds niet over. De vorige keer deden lieten jullie mij allemaal conrtoles uitvoeren met Hijackthis en killbox etc. Nou hoopte ik of jullie dat mij dus weer zo zouden kunnen helpen of met andere middelen als het nodig is. Het is dan ook tevens een soort systeemcheck. Bij voorbaat dank. Met vriendelijke groet, RocX
  • Laten we beginnen met een Hijackthis log. Indien je deze nog op je PC hebt, mag je daarmee een log maken, doe anders onderstaande. Download [url=http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe]Hijackthis-setup[/url] naar je [u:1078607be7]Bureaublad[/u:1078607be7]. Open HJTInstall en bepaal de locatie waar je Hijackthis wilt installeren. Druk vervolgens op Install, na enkele seconde zal Hijackthis automatisch openen. Kies nu voor [b:1078607be7]'Do a system scan and save a logfile'[/b:1078607be7]. Er opent een kladblok bestand met een logfile. Selecteer deze tekst helemaal ([b:1078607be7]ctrl-A[/b:1078607be7]), kopieer ([b:1078607be7]ctrl C[/b:1078607be7]) en plak deze tekst in je volgende bericht. Succes! 8) Pim
  • okeej daar komt ie, Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:20:59, on 25-9-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RGVuIFVpamw\command.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Network Monitor\netmon.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\notepad.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Logitech\Video\LogiTray.exe D:\Britta\Itunes\iTunesHelper.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\retadpu1000106.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WinAble\winable.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe D:\Britta\Ipod\bin\iPodService.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\PROGRA~1\YSTEM~1\javaw.exe C:\Documents and Settings\Daan\Application Data\??curity\??plorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.jvo.nl/dagelijksrooster.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Britta\Itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [{962AD319-0959-1043-0127-03081602001f}] "C:\Program Files\Common Files\{962AD319-0959-1043-0127-03081602001f}\Update.exe" mc-110-12-0000137 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [SmartBarXP] D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min O4 - HKCU\..\Run: [BitTorrent] "D:\Daan\Documenten\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe O4 - HKCU\..\Run: [Enwddr] "C:\Documents and Settings\Daan\Application Data\??curity\??plorer.exe" O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe O4 - Startup: Planet Internet ADSL.lnk = ? O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Daan\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168462717453 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGVuIFVpamw\command.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Britta\Ipod\bin\iPodService.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing) O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing) O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\profsycyzyrt.html -- End of file - 11990 bytes
  • Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url] naar je [b:722975831f]bureaublad[/b:722975831f] Dubbelklik op [u:722975831f]combofix.exe[/u:722975831f] Kies voor "Continue" door [b:722975831f]1[/b:722975831f] te typen gevolgd door [b:722975831f]ENTER[/b:722975831f]. Tijdens het runnen van de fix, [b:722975831f]NIET[/b:722975831f] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:722975831f]combofix.txt[/b:722975831f] openen. Bewaar dit logje. [i:722975831f]NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.[/i:722975831f] Plaats in je volgende antwoord het logje van combofix ([i:722975831f]combofix.txt[/i:722975831f]) tesamen met een vers Hijackthis log. Succes! Pim
  • Ik krijg Combofix niet eens geïnstalleerd. Ik dubbelklik op Combofix wat op mijn bureablad staat. Dan vraagt de computer of ik de installatie wil uitvoeren, dan druk ik op uitvoeren. Popt er een scherm van combofix in Dos-stijl op met blauwe achtergrond. Hierin komt te staan: Gelieve te wachten Combofix wordt opgestart.. en even later zegt hij dat hij een bestand niet kan vinden. Het bestand wat hij niet kan vinden is: [b:ecfaf5d8a2]C:\WINDOWS\regedit.exe[/b:ecfaf5d8a2] Heb jij hier een oplossing voor?
  • Dan gaan we het even handmatig doen, het probleem van Combofix kom ik later op terug. Start Hijackthis, kies voor [i:b7f04a487c]'Do a system scan only'[/i:b7f04a487c] en vink onderstaande regels aan: [b:b7f04a487c] O4 - HKLM\..\Run: [{962AD319-0959-1043-0127-03081602001f}] "C:\Program Files\Common Files\{962AD319-0959-1043-0127-03081602001f}\Update.exe" mc-110-12-0000137 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Daan\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab [/b:b7f04a487c] Sluit nu [u:b7f04a487c]alle[/u:b7f04a487c] openstaande vensters, behalve Hijackthis en klik op [b:b7f04a487c]Fix Checked[/b:b7f04a487c]. Download, unzip en gebruik [b:b7f04a487c]Alcanshorty[/b:b7f04a487c] * Download [url=http://users.telenet.be/Beamerke/tools/alcanshorty_nl.exe]alcanshorty_nl.exe[/url] * Dubbelklik op alcanshorty_nl en installeer het op je [b:b7f04a487c]Bureaublad[/b:b7f04a487c]. * Open daarna de map alcanshorty_nl en dubbelklik op [b:b7f04a487c]run.bat[/b:b7f04a487c] * Lees de instructies goed door en klik op een toets op door te gaan. De icoontjes op je Bureaublad zullen verdwijnen en daarna terug verschijnen. [u:b7f04a487c]Dit is normaal[/u:b7f04a487c]. * Wacht op de "Completed script execution" melding en klik op "OK" * Sluit BFU af door op "EXIT" te klikken * In het uitgepakte mapje van BFU is nu een .log bestand bijgekomen, post de inhoud daarvan mee in je volgende reactie Download [url=http://www.atribune.org/ccount/click.php?id=7]Look2Me-Destroyer.exe[/url] naar je bureaublad. * Sluit alle open venster. * Dubbelklik [b:b7f04a487c]Look2Me-Destroyer.exe[/b:b7f04a487c] om het te starten. * Zet een vinkje naast [b:b7f04a487c]Run this program as a task[/b:b7f04a487c]. * Je zal een melding krijgen met: 'Look2Me-Destroyer will close and re-open in approximately 10 seconds'. Klik [b:b7f04a487c]OK[/b:b7f04a487c] * Wanneer Look2Me-Remover opnieuw opent, Klik de [b:b7f04a487c]Scan for L2M[/b:b7f04a487c] knop. * Je bureaublad icoontjes en taakbalk zullen verdwijnen, dit is normaal. * Eénmaal gedaan met scannen, klik de [b:b7f04a487c]Remove L2M[/b:b7f04a487c] knop. * Je zal de boodschap [b:b7f04a487c]Done Scanning[/b:b7f04a487c] krijgen, klik [b:b7f04a487c]OK[/b:b7f04a487c]. * Nadien zal je volgende melding krijgen: [b:b7f04a487c]Done removing infected files! Look2Me-Destroyer will now shutdown your computer[/b:b7f04a487c], klik [b:b7f04a487c]OK[/b:b7f04a487c]. * Je computer zal dan afsluiten. * Start je computer opnieuw op. * Post de inhoud van C:\[b:b7f04a487c]Look2Me-Destroyer.txt[/b:b7f04a487c] samen met een nieuw hijackthislogje. Indien je een alert krijgt van je firewall dat dit programma probeert toegang te krijgen met het internet, sta het toe en blokkeer het niet! Indien je een [b:b7f04a487c]runtime error '339'[/b:b7f04a487c] krijgt, download MSWINSCK.OCX via onderstaande link en plaats het in je [b:b7f04a487c]C:\Windows\System32[/b:b7f04a487c] map. http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX Post nu het logje van Alcanshorty, Look2me-Destroyer en een vers Hijackthis logje in je volgende bericht Succes! Pim
  • Okee, het BFU logje heb ik niet kunnen vinden, terwijl hij t og alles gechecked heeft. Het L2M Logje: Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 27-9-2007 18:30:03 Attempting to delete infected files... Making registry repairs. Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1CDB2949-8F65-4355-8456-263E7C208A5D}" HKCR\Clsid\{1CDB2949-8F65-4355-8456-263E7C208A5D} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{82A4E758-BE58-4BEF-9188-1DBB10D7C1DE}" HKCR\Clsid\{82A4E758-BE58-4BEF-9188-1DBB10D7C1DE} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8434C518-A078-4582-B401-2A6D0D24F9CA}" HKCR\Clsid\{8434C518-A078-4582-B401-2A6D0D24F9CA} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E3E7D1BF-4842-431B-A498-0E3077B7DBD5}" HKCR\Clsid\{E3E7D1BF-4842-431B-A498-0E3077B7DBD5} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{98E6191A-D353-4470-B154-50A9D18E642C}" HKCR\Clsid\{98E6191A-D353-4470-B154-50A9D18E642C} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{27E60F66-AA43-4E0A-9D4B-F5094B16B993}" HKCR\Clsid\{27E60F66-AA43-4E0A-9D4B-F5094B16B993} Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administrators - Succeeded En een vers Hijackthis logje: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:53:05, on 27-9-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Logitech\Video\LogiTray.exe D:\Britta\Itunes\iTunesHelper.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\QuickTime\qttask.exe D:\Britta\Ipod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\YSTEM~1\javaw.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\WINDOWS\system32\fxrsalun.exe C:\WINDOWS\system32\hycushbv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Daan\Application Data\??curity\??plorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.jvo.nl/dagelijksrooster.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Britta\Itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\swacsqeg.dll",sitypnow O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [SmartBarXP] D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min O4 - HKCU\..\Run: [BitTorrent] "D:\Daan\Documenten\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Enwddr] "C:\Documents and Settings\Daan\Application Data\??curity\??plorer.exe" O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe O4 - Startup: Planet Internet ADSL.lnk = ? O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168462717453 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: DomainService - - C:\WINDOWS\system32\fxrsalun.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Britta\Ipod\bin\iPodService.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing) O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing) O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\profsycyzyrt.html -- End of file - 11596 bytes
  • Hmm, dat ging niet helemaal zoals verwacht, ik kom z.s.m. met een nieuwe fix!
  • 1. klik op [b:2a2eccc3b3]Start --> Uitvoeren[/b:2a2eccc3b3], typ in [b:2a2eccc3b3]CMD[/b:2a2eccc3b3] en klik op '[b:2a2eccc3b3]OK[/b:2a2eccc3b3]' kopieer de volgende 2 regels en plak deze in het DOS venster (rechtermuis/plakken) geef dan een Enter : [b:2a2eccc3b3] SC STOP cmdService SC DELETE cmdService [/b:2a2eccc3b3] Typ [b:2a2eccc3b3]EXIT[/b:2a2eccc3b3] om het DOS-venster te sluiten. 2. Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:2a2eccc3b3] O4 - HKCU\..\Run: [Enwddr] "C:\Documents and Settings\Daan\Application Data\??curity\??plorer.exe" O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe [b] Klik op 'Fix checked' om de items te verwijderen. 3. Download [url=http://www.techsupportforum.com/sectools/Deckard/dss.exe]Deckard's System Scanner[/url] naar je [b]Bureaublad.[/b:2a2eccc3b3] * [b:2a2eccc3b3]Sluit[/b:2a2eccc3b3] alle toepassingen en vensters. * Dubbelklik op [b:2a2eccc3b3]dss.exe[/b:2a2eccc3b3] om het te activeren, en volg de aanwijzingen. * Wanneer de scan volledig is, zal een tekstbestand - [b:2a2eccc3b3]main.txt[/b:2a2eccc3b3] - openen. * Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van [b:2a2eccc3b3]main.txt[/b:2a2eccc3b3] in je volgende antwoord. [b:2a2eccc3b3]Opmerking[/b:2a2eccc3b3]: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet - zorg dat sigcheck.exe toestemming krijgt om dit te doen ! Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen. Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen) Succes! Pim.
  • Ik heb geprobeerd je commando's uit te voeren in het CMD venster, maar hij gaan aan dat de service niet was geïnstalleerd. Bij Hijackthis kon ik laatste 2 regels niet aanvinken, omdat ze er niet tussenstonden. Wat me dan wel is gelukt is met DSS, hier het logje: Deckard's System Scanner v20070905.67 Run by Daan on 2007-09-28 15:47:04 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2007-09-28 13:47:08 UTC - RP1 - Controlepunt van systeem Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Daan.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:49:04, on 28-9-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\fxrsalun.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Logitech\Video\LogiTray.exe D:\Britta\Itunes\iTunesHelper.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe D:\Britta\Ipod\bin\iPodService.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Daan\Application Data\??curity\??plorer.exe C:\DOCUME~1\Daan\LOCALS~1\Temp\!update.exe C:\PROGRA~1\YSTEM~1\javaw.exe C:\Documents and Settings\Daan\Bureaublad\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Daan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.jvo.nl/dagelijksrooster.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {096C8BA4-1664-4AE6-6D2D-4D71C278C5C1} - C:\WINDOWS\system32\bneogv.dll O2 - BHO: 0 - {2E9F2046-87A1-47E7-999C-661EE0016664} - C:\Program Files\MSN Gaming Zone\lavunagiv401.dll O2 - BHO: (no name) - {554534D4-2C73-4A6E-8EC8-D4A37C30CEF4} - C:\Program Files\Internet Explorer\hoketof83122.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9395AB2A-65EB-3A3D-BF55-3A766D340497} - C:\WINDOWS\system32\jzflaygg.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: (no name) - {B403F9DE-5C4E-4149-808B-25855C446A89} - C:\Program Files\Internet Explorer\hoketof4444.dll O2 - BHO: (no name) - {CE6A3B7C-D765-454A-9E47-0DBA7B8E20DB} - C:\WINDOWS\system32\jkhhh.dll O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\wcvdjkju.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Britta\Itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\dknoqnip.dll",sitypnow O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [SmartBarXP] D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min O4 - HKCU\..\Run: [BitTorrent] "D:\Daan\Documenten\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe O4 - Startup: Planet Internet ADSL.lnk = ? O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168462717453 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O20 - Winlogon Notify: jkkklkk - C:\WINDOWS\SYSTEM32\jkkklkk.dll O20 - Winlogon Notify: qomnlmm - C:\WINDOWS\SYSTEM32\qomnlmm.dll O23 - Service: DomainService - - C:\WINDOWS\system32\fxrsalun.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Britta\Ipod\bin\iPodService.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing) O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing) O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\profsycyzyrt.html -- End of file - 13065 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20070927-180819-333 O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe backup-20070927-180819-480 O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Daan\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing) backup-20070927-180819-492 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab backup-20070927-180819-553 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 backup-20070927-180819-636 O4 - HKLM\..\Run: [{962AD319-0959-1043-0127-03081602001f}] "C:\Program Files\Common Files\{962AD319-0959-1043-0127-03081602001f}\Update.exe" mc-110-12-0000137 backup-20070927-180819-728 O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe backup-20070928-154406-736 O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv backup-20070928-154406-882 O4 - HKCU\..\Run: [Enwddr] "C:\Documents and Settings\Daan\Application Data\??curity\??plorer.exe" -- File Associations ----------------------------------------------------------- [color=red:a90f37f568].reg - regfile - shell\open\command - "regedit.exe" "%1"[/color:a90f37f568] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System> R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS> R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver> R2 Devx - c:\windows\system32\drivers\devx.sys R2 VtPr - c:\windows\system32\drivers\vtpr.sys S1 SAVRTPEL - c:\program files\norton antivirus\savrtpel.sys (file missing) S1 SPBBCDrv - c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys (file missing) S1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver> S3 AMON - c:\windows\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System> S3 BRGSp50 (BRGSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\brgsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing) S3 hamachi (Hamachi Network Interface) - c:\windows\system32\drivers\hamachi.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver> S3 Lvckap (Logitech Kernel Audio Processing Filter Driver) - c:\windows\system32\drivers\lvckap.sys (file missing) S3 NAVENG - c:\progra~1\common~1\symant~1\virusd~1\20061206.016\naveng.sys (file missing) S3 NAVEX15 - c:\progra~1\common~1\symant~1\virusd~1\20061206.016\navex15.sys (file missing) S3 pepifilter (Volume Adapter) - c:\windows\system32\drivers\lv302af.sys (file missing) S3 PID_08A0 (QuickCam IM(PID_08A0)) - c:\windows\system32\drivers\lv302av.sys (file missing) S3 PID_0928 (Logitech QuickCam Express(PID_0928)) - c:\windows\system32\drivers\lv561av.sys (file missing) S3 psquery - c:\program files\psquery\psquery.sys (file missing) S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters> S3 SAVRT - c:\program files\norton antivirus\savrt.sys (file missing) S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\ids-di~1\20061113.031\symidsco.sys (file missing) S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver> S3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver> S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)> S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA> S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA> S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA> S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver> S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)> S3 ZD1211BU(ZyDAS) (ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)) - c:\windows\system32\drivers\zd1211bu.sys <Not Verified; ZyDAS Technology Corporation; ZD1211B 802.11 b+g USB LAN Adapter> S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 DomainService - c:\windows\system32\fxrsalun.exe /service <Not Verified; ; DDC> S2 SBService (ScriptBlocking Service) - c:\progra~1\common~1\symant~1\script~1\sbserv.exe (file missing) S2 SymWSC (SymWMI Service) - c:\program files\common files\symantec shared\security center\symwsc.exe (file missing) S3 mcupdmgr.exe (McAfee SecurityCenter Update Manager) - c:\progra~1\mcafee.com\agent\mcupdmgr.exe (file missing) S3 SAVScan - "c:\program files\norton antivirus\savscan.exe" (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Hamachi Network Interface Device ID: ROOT\NET\0000 Manufacturer: Applied Networking Inc. Name: Hamachi Network Interface PNP Device ID: ROOT\NET\0000 Service: hamachi -- Scheduled Tasks ------------------------------------------------------------- 2007-09-28 15:48:02 476 --a------ C:\WINDOWS\Tasks\Controle op updates door McAfee.com (WOONKAMER-Daan).job 2007-09-28 15:47:00 478 --a------ C:\WINDOWS\Tasks\Controle op updates door McAfee.com (WOONKAMER-Niels).job 2007-09-28 15:45:00 482 --a------ C:\WINDOWS\Tasks\Controle op updates door McAfee.com (WOONKAMER-Reinier).job 2007-09-28 15:45:00 480 --a------ C:\WINDOWS\Tasks\Controle op updates door McAfee.com (WOONKAMER-Britta).job 2007-09-21 20:00:00 532 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Reinier.job 2007-06-23 06:54:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-08-28 and 2007-09-28 ----------------------------- 2007-09-28 14:08:54 85056 --a------ C:\WINDOWS\system32\dknoqnip.dll 2007-09-28 14:07:06 60928 --a------ C:\WINDOWS\system32\jzflaygg.dll 2007-09-28 14:06:49 75328 --a------ C:\WINDOWS\system32\jufvcmyw.exe <Not Verified; ; DDC> 2007-09-27 19:18:59 69184 --a------ C:\WINDOWS\system32\wcvdjkju.dll 2007-09-27 19:15:59 4672 --a------ C:\WINDOWS\system32\hycushbv.exe 2007-09-27 19:13:23 75328 --a------ C:\WINDOWS\system32\fxrsalun.exe <Not Verified; ; DDC> 2007-09-27 18:26:32 710917 ---hs---- C:\WINDOWS\system32\hhhkj.bak2 2007-09-27 18:12:59 0 d-------- C:\bintheredunthat 2007-09-26 21:27:24 693140 ---hs---- C:\WINDOWS\system32\hhhkj.bak1 2007-09-26 20:41:44 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE> 2007-09-26 20:37:25 0 d-------- C:\Program Files\Jamdat 2007-09-25 22:20:33 0 d-------- C:\Program Files\Trend Micro 2007-09-25 22:19:01 0 d-------- C:\Documents and Settings\Daan\Application Data\?ymantec 2007-09-25 22:17:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-09-25 15:23:50 0 d-------- C:\Documents and Settings\Daan\Application Data\??curity 2007-09-25 15:23:09 32177 ---hs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe 2007-09-25 15:23:07 0 d-------- C:\Program Files\?ystem 2007-09-25 15:23:07 207 --a------ C:\Documents and Settings\Daan\2977.bat 2007-09-25 07:56:25 321632 -----n--- C:\WINDOWS\system32\jkhhh.dll 2007-09-25 07:52:04 207 --a------ C:\Documents and Settings\Daan\2813.bat 2007-09-25 07:51:53 36352 --a------ C:\WINDOWS\system32\jkkklkk.dll 2007-09-24 23:28:10 207 --a------ C:\Documents and Settings\Daan\4992.bat 2007-09-24 23:28:01 0 d-------- C:\Program Files\WinAble 2007-09-24 23:28:01 0 d-------- C:\Program Files\Temporary 2007-09-24 23:28:00 32768 --a------ C:\Documents and Settings\Daan\winlogo.exe <Not Verified; w00t; oooo8888> 2007-09-24 23:14:02 135168 --a------ C:\WINDOWS\tk58.exe 2007-09-24 23:13:59 687592 --a------ C:\WINDOWS\system32\atmtd.dll 2007-09-24 23:13:56 169147 --a------ C:\WINDOWS\TTC-4444.exe 2007-09-24 23:13:50 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon 2007-09-24 23:13:43 35840 --a------ C:\WINDOWS\retadpu1000106.exe 2007-09-24 23:13:39 0 d-------- C:\WINDOWS\system32\UPC1 2007-09-24 23:13:39 0 d-------- C:\WINDOWS\system32\P2 2007-09-24 23:13:39 0 d-------- C:\WINDOWS\system32\Dr3 2007-09-24 23:13:35 0 d-------- C:\WINDOWS\system32\f04WtR 2007-09-24 23:13:35 207 --a------ C:\WINDOWS\system32\9774.bat 2007-09-24 23:13:33 109585 --a------ C:\WINDOWS\system32\ps.exe 2007-09-24 23:13:22 35328 --a------ C:\WINDOWS\system32\qomnlmm.dll 2007-09-24 23:13:20 55296 -----n--- C:\WINDOWS\system32\install.exe 2007-09-24 23:13:08 35840 --a------ C:\WINDOWS\retadpu1000137.exe 2007-09-24 23:13:03 9814 --a------ C:\WINDOWS\system32\app.exe <Not Verified; ; adinstall> 2007-09-24 23:13:01 32768 --a------ C:\WINDOWS\system32\winlogo.exe <Not Verified; w00t; oooo8888> 2007-09-24 22:06:12 0 --a------ C:\WINDOWS\system32\taskkill.exe 2007-09-24 22:06:03 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ> 2007-09-23 21:07:36 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire> 2007-09-23 21:07:36 0 d-------- C:\Program Files\VstPlugins 2007-09-23 21:02:34 0 d-------- C:\Program Files\Image-Line 2007-09-23 15:12:48 0 d-------- C:\Documents and Settings\Daan\Application Data\Syntrillium 2007-09-23 14:42:54 4608 --a------ C:\WINDOWS\system32\W95INF32.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95> 2007-09-23 14:42:54 2272 --a------ C:\WINDOWS\system32\W95INF16.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95> 2007-09-23 10:18:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2007-09-23 10:18:44 0 d-------- C:\Program Files\Google 2007-09-20 17:56:07 0 d-------- C:\WINDOWS\s?mbols 2007-09-20 17:56:06 60928 --a------ C:\WINDOWS\system32\bneogv.dll 2007-09-20 17:55:42 0 d-------- C:\Documents and Settings\Niels\Application Data\Logitech 2007-09-19 21:56:10 53248 --a------ C:\WINDOWS\b122.exe 2007-09-14 18:32:35 0 d-------- C:\Documents and Settings\Daan\Application Data\NCH Swift Sound 2007-09-14 18:27:09 0 d-------- C:\Program Files\NCH Swift Sound 2007-09-10 23:13:07 0 d-------- C:\Documents and Settings\Reinier\Application Data\Logitech 2007-09-03 18:20:17 0 d-------- C:\Program Files\Norton Security Scan 2007-09-03 17:34:51 0 d-------- C:\Documents and Settings\Daan\Application Data\Logitech 2007-09-03 17:34:43 0 d-------- C:\Documents and Settings\Daan\Application Data\Leadertech 2007-09-03 17:34:41 0 d-------- C:\Program Files\Common Files\LogiShared 2007-09-03 17:32:08 69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint> 2007-09-03 17:32:08 110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint> 2007-09-03 17:32:08 135168 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint> 2007-09-03 17:32:08 163840 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint> 2007-09-03 17:31:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2007-09-03 17:31:28 0 d-------- C:\Documents and Settings\Daan\Application Data\InstallShield 2007-09-03 17:31:19 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd -- Find3M Report --------------------------------------------------------------- 2007-09-28 15:36:51 0 d-------- C:\Program Files\MSN Gaming Zone 2007-09-28 14:07:10 2 --a------ C:\WINDOWS\system32\wcpsvit32.exe 2007-09-28 14:07:08 0 d-------- C:\Documents and Settings\Daan\Application Data\??curity 2007-09-27 19:18:23 0 d-------- C:\Program Files\Common Files 2007-09-26 20:54:01 0 d-------- C:\Program Files\Microsoft ActiveSync 2007-09-26 20:27:32 2528 --a------ C:\Documents and Settings\Daan\Application Data\$_hpcst$.hpc 2007-09-25 22:19:01 0 d-------- C:\Documents and Settings\Daan\Application Data\?ymantec 2007-09-25 22:18:28 0 d-------- C:\Program Files\?ystem 2007-09-25 18:14:27 0 d-------- C:\Program Files\AdSponsorCL 2007-09-25 16:56:20 86016 --a------ C:\eSetup.exe 2007-09-20 17:56:07 0 d-------- C:\Program Files\Common Files\s?stem 2007-09-10 22:20:41 0 d-------- C:\Program Files\LimeWire 2007-09-10 16:46:54 0 d-------- C:\Program Files\Java 2007-09-03 18:20:22 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-03 17:32:22 0 d-------- C:\Program Files\Common Files\Logitech 2007-09-03 17:31:40 0 d-------- C:\Program Files\Logitech 2007-09-03 17:31:38 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-08-15 23:10:19 0 d-------- C:\Program Files\MSXML 4.0 2007-08-11 14:56:22 0 d-------- C:\Program Files\??mantec 2007-08-11 14:56:22 0 d-------- C:\Program Files\Outerinfo 2007-08-02 15:43:59 282624 --a------ C:\Program Files\TTC.dll 2007-08-01 20:04:14 0 d-------- C:\Program Files\Common Files\Teleca Shared -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{096C8BA4-1664-4AE6-6D2D-4D71C278C5C1}] 06-09-2007 15:47 60928 --a------ C:\WINDOWS\system32\bneogv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E9F2046-87A1-47E7-999C-661EE0016664}] 28-09-2007 15:36 70144 --a------ C:\Program Files\MSN Gaming Zone\lavunagiv401.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{554534D4-2C73-4A6E-8EC8-D4A37C30CEF4}] 02-08-2007 15:43 282624 --a------ C:\Program Files\Internet Explorer\hoketof83122.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9395AB2A-65EB-3A3D-BF55-3A766D340497}] 23-08-2007 21:58 60928 --a------ C:\WINDOWS\system32\jzflaygg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B403F9DE-5C4E-4149-808B-25855C446A89}] 02-08-2007 15:43 282624 --a------ C:\Program Files\Internet Explorer\hoketof4444.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE6A3B7C-D765-454A-9E47-0DBA7B8E20DB}] 25-09-2007 07:56 321632 --------- C:\WINDOWS\system32\jkhhh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}] 27-09-2007 19:18 69184 --a------ C:\WINDOWS\system32\wcvdjkju.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [06-10-2003 15:16] "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [10-04-2002 17:44] "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [12-11-2002 12:02] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [] "nwiz"="nwiz.exe" [06-10-2003 15:16 C:\WINDOWS\system32\nwiz.exe] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08-03-2006 15:54] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08-06-2005 15:14] "iTunesHelper"="D:\Britta\Itunes\iTunesHelper.exe" [23-02-2006 15:45] "CreateCD50"="C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [02-05-2002 19:58] "McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [] "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [] "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [] "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [31-12-2006 13:55] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12-07-2007 04:00] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11-04-2007 15:32 C:\WINDOWS\KHALMNPR.Exe] "SearchIndexer"="C:\WINDOWS\system32\dknoqnip.dll" [28-09-2007 14:08] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 02:03] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [] "Steam"="c:\program files\steam\steam.exe" [] "SmartBarXP"="D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe" [] "Eyeball Chat"="C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" [] "BitTorrent"="D:\Daan\Documenten\bittorrent.exe" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [23-09-2007 10:18] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [13-11-2006 18:34] "Adru"="C:\PROGRA~1\YSTEM~1\javaw.exe" [25-09-2007 22:18] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= C:\Program Files\MSN Gaming Zone\profsycyzyrt.html FriendlyName= [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{2DF26EA8-AAF5-45BD-A107-778EB1D5C0C9}"= C:\WINDOWS\system32\qomnlmm.dll [24-09-2007 23:13 35328] "{F884BE4E-64D5-43FE-80A4-DB8D63C748F0}"= C:\WINDOWS\system32\jkkklkk.dll [25-09-2007 07:51 36352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkklkk] jkkklkk.dll 25-09-2007 07:51 36352 C:\WINDOWS\system32\jkkklkk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnlmm] qomnlmm.dll 24-09-2007 23:13 35328 C:\WINDOWS\system32\qomnlmm.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\jkhhh "Notification Packages"= scecli scecli [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8affe2a-9871-11d9-9951-806d6172696f}] AutoRun\command- D:\setupSNK.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4AFEB339-8F0B-469A-B2A2-87D2A8FA92BE}] c:\eSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}] C:\WINDOWS\system\sservice.exe -- End of Deckard's System Scanner: finished at 2007-09-28 15:51:38 ------------ Ik kreeg ook nog een logje extra.txt, hieronder: Deckard's System Scanner v20070905.67 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: Dutch CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz Percentage of Memory in Use: 72% Physical Memory (total/avail): 511 MiB / 139.98 MiB Pagefile Memory (total/avail): 1248.55 MiB / 860.03 MiB Virtual Memory (total/avail): 2047.88 MiB / 1965.63 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 16.8 GiB total, 6 GiB free. D: is Fixed (NTFS) - 39.06 GiB total, 18.8 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST360015A - 55.9 GiB - 3 partitions \PARTITION0 - Unknown - 39.19 MiB \PARTITION1 (bootable) - Installable File System - 16.8 GiB - C: \PARTITION2 - Installable File System - 39.06 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FW: Norton Internet Worm Protection v2005 (Symantec) AV: Norton AntiVirus 2005 v2005 (Symantec Corporation) AV: NOD32 antivirus systeem 2.50 v2.50 (Eset) [color=RED:a90f37f568]Disabled[/color:a90f37f568] [color=RED:a90f37f568]Outdated[/color:a90f37f568] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Eyeball\\Eyeball Chat\\EyeballChat.exe"="C:\\Program Files\\Eyeball\\Eyeball Chat\\EyeballChat.exe:*:Enabled:Eyeball Chat" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "D:\\Program Files\\Steam\\steamapps\\masterbrugger\\counter-strike source\\hl2.exe"="D:\\Program Files\\Steam\\steamapps\\masterbrugger\\counter-strike source\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\WINDOWS\\system32\\fxrsalun.exe"="C:\\WINDOWS\\system32\\fxr" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Daan\Application Data CLASSPATH=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=WOONKAMER ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Daan LOGONSERVER=\\WOONKAMER NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0207 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Daan\LOCALS~1\Temp TMP=C:\DOCUME~1\Daan\LOCALS~1\Temp USERDOMAIN=WOONKAMER USERNAME=Daan USERPROFILE=C:\Documents and Settings\Daan windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Reinier [i:a90f37f568](admin)[/i:a90f37f568] Britta [i:a90f37f568](admin)[/i:a90f37f568] Niels [i:a90f37f568](admin)[/i:a90f37f568] Daan [i:a90f37f568](admin)[/i:a90f37f568] -- Add/Remove Programs --------------------------------------------------------- --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Download Manager 2.0 (alleen verwijderen) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe" Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 7.0.8 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A70800000002} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log AdSponsorCL --> C:\Program Files\AdSponsorCL\Uninstall.exe Alcatel SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l0013 -Control_Panel Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5} Beveiligingsupdate voor Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Beveiligingsupdate voor Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB} CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA} Conexant SmartHSFi V92 56K Speakerphone PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE -U -IDel8d8xk.INF Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe" Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0} Eyeball Chat 2.2 --> C:\PROGRA~1\Eyeball\EYEBAL~1\UNWISE.EXE C:\PROGRA~1\Eyeball\EYEBAL~1\INSTALL.LOG Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix voor Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" hp deskjet 5100 series --> rundll32 hpzcon08.dll,VendorJettison hp deskjet 5100 series Indeo® Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll" Intel(R) PRO Ethernet Adapter and Software --> Prounstl.exe Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4} iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1043 IpWins --> C:\Program Files\Ipwindows\Uninst.exe iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1043 J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719} LG GSM PC Components --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB8251EE-C86B-410D-83B2-1E28E9DE2C2B}\setup.exe" -l0x9 LG USB Modem Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x13 -removeonly LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe" LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Logitech QuickCam-software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x13 Logitech Registration --> MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C} Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0013 -removeonly Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F} Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6} Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B} Messenger Plus! Live --> "D:\Daan\Documenten\Messenger Plus! Live\Uninstall.exe" Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE} Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office 2000 Premium --> MsiExec.exe /I{00000413-78E1-11D2-B60F-006097C998E7} Microsoft Office XP Professional --> MsiExec.exe /I{90110413-6000-11D3-8CFE-0050048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348) --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} NBAAS04Saver --> C:\WINDOWS\System32\NBAAS04Saver.scr /u NOD32 antivirus systeem --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B} Norton AntiVirus 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8} Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43} Norton AntiVirus SCSSDist MSI --> MsiExec.exe /I{541230A3-1D3A-4879-B7E0-E71F90E35548} Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8} Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352} Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4} Norton™ Security Scan --> MsiExec.exe /I{DA15D535-5E1D-4076-B520-8571346D6238} NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf OIN --> "C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe" Outerinfo --> C:\Program Files\Outerinfo\OiUninstaller.exe Outlook4D --> c:\Program Files\Tech Solutions\Outlook4D\Uninstal.exe PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log" Philips Digital Media Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED0CF8BD-D4C4-4E8E-8E96-15EAA0316975}\Setup.exe" -l0x13 SC Ver 2.55C --> D:\Daan\Documenten\SC\unins000.exe Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Steam --> D:\PROGRA~1\Steam\UNWISE.EXE D:\PROGRA~1\Steam\INSTALL.LOG Suunto Sports Instrument Drivers --> C:\WINDOWS\system32\suuntoun.exe C:\WINDOWS\system32\sntun2k.ini Suunto Trek Manager 1.2.1 --> "C:\Program Files\Suunto Trek Manager\unins000.exe" Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09} Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138} SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} Update voor Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Update voor Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe" Update voor Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update voor Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update voor Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Update voor Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Update voor Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update voor Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Update voor Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update voor Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update voor Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update voor Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Update voor Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" Update voor Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Update voor Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Update voor Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe" Update voor Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe" Update voor Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe WebDP 2.07 --> C:\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe WinAble --> "C:\Program Files\WinAble\winable.exe" -uninstall Windows Live installer --> MsiExec.exe /I{621AF8B2-75D2-4074-BA44-79178A617255} Windows Live Messenger --> MsiExec.exe /X{33F8EAD4-B6EC-498B-B487-696B973D1C0C} Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe WisBar Advance 2 (version 2.0.1.10) --> "C:\Program Files\Microsoft ActiveSync\WisBar Advance 2\unins000.exe" Worms for Pocket PC --> C:\WINDOWS\unvise32.exe C:\Program Files\Jamdat\Worms Pocket PC\uninstal.log -- Application Event Log ------------------------------------------------------- Event Record #/Type96513 / Error Event Submitted/Written: 09/28/2007 03:46:37 PM Event ID/Source: 101 / Automatic LiveUpdate Scheduler Event Description: Informatieniveau: error Starten van Automatische LiveUpdate mislukt: err:0x2; Het systeem kan het opgegeven bestand niet vinden. Event Record #/Type96512 / Error Event Submitted/Written: 09/28/2007 03:45:38 PM / 09/28/2007 03:45:39 PM Event ID/Source: 1000 / Application Error Event Description: Vastgelopen toepassing: 043504450070006C006F007200650072002E006500780065, versie: 0.0.0.0, vastgelopen module: mshtml.dll, versie: 7.0.6000.16525, vastgelopen op: 0x00067e2e. Verwerken van mediaspecifieke gebeurtenis voor [043504450070006C006F007200650072002E006500780065!ws!] Event Record #/Type96510 / Error Event Submitted/Written: 09/28/2007 03:41:37 PM Event ID/Source: 101 / Automatic LiveUpdate Scheduler Event Description: Informatieniveau: error Starten van Automatische LiveUpdate mislukt: err:0x2; Het systeem kan het opgegeven bestand niet vinden. Event Record #/Type96509 / Error Event Submitted/Written: 09/28/2007 03:37:32 PM Event ID/Source: 1000 / Application Error Event Description: Vastgelopen toepassing: 043504450070006C006F007200650072002E006500780065, versie: 0.0.0.0, vastgelopen module: mshtml.dll, versie: 7.0.6000.16525, vastgelopen op: 0x00067e2e. Verwerken van mediaspecifieke gebeurtenis voor [043504450070006C006F007200650072002E006500780065!ws!] Event Record #/Type96507 / Error Event Submitted/Written: 09/28/2007 03:36:35 PM Event ID/Source: 101 / Automatic LiveUpdate Scheduler Event Description: Informatieniveau: error Starten van Automatische LiveUpdate mislukt: err:0x2; Het systeem kan het opgegeven bestand niet vinden. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type131614 / Error Event Submitted/Written: 09/28/2007 03:27:42 PM Event ID/Source: 7026 / Service Control Manager Event Description: De volgende opstartstuurprogramma's zijn niet geladen: SAVRTPEL SPBBCDrv Event Record #/Type131612 / Error Event Submitted/Written: 09/28
  • Eerst even wat opruimen, want nu zie ik door de bomen het bos niet meer! Download [color=red:0f0edb17af][url=http://www.atribune.org/ccount/click.php?id=4]Vundofix[/url][/color:0f0edb17af] naar je Bureaublad. [list:0f0edb17af] Dubbelklik [b:0f0edb17af]Vundofix[/b:0f0edb17af] om het te starten. Klik op de [b:0f0edb17af]Scan for Vundo[/b:0f0edb17af] knop. Eenmaal gedaan met scannen, klik op de Remove Vundo knop. Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik [b:0f0edb17af]YES][/b:0f0edb17af] Nadat je Yes hebt geklikt, zullen de icoontjes op je Bureaublad verdwijnen tijdens het verwijderen van Vundo. Wanneer voltooid zal je de melding krijgen dat het je PC zal afsluiten, klik [b:0f0edb17af]OK[/b:0f0edb17af]. Start je pc terug opnieuw op. Post de inhoud van [b:0f0edb17af]C:\vundofix.txt[/b:0f0edb17af] en een nieuwe hijackthislog in je volgende post. [/list:u:0f0edb17af] Nota: Het is mogelijk dat VundoFix een bestand vindt dat niet kan verwijderd worden. In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Klik op [b:0f0edb17af]Scan for Vundo.[/b:0f0edb17af]" Post het logje van Vundofix, een nieuw logje van DDS en een vers Hijackthis logje in je volgende bericht. Succes! Pim
  • Okee, hier het Vundofix logje: VundoFix V6.3.19 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Scan started at 13:50:31 15-4-2007 Listing files found while scanning.... C:\WINDOWS\system32\guard.tmp VundoFix V6.5.9 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Scan started at 23:24:34 28-9-2007 Listing files found while scanning.... C:\WINDOWS\system32\dknoqnip.dll C:\windows\system32\hycushbv.exe C:\WINDOWS\system32\pinqonkd.ini C:\WINDOWS\system32\wcvdjkju.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\dknoqnip.dll C:\WINDOWS\system32\dknoqnip.dll Could not be deleted. Attempting to delete C:\windows\system32\hycushbv.exe C:\windows\system32\hycushbv.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\pinqonkd.ini C:\WINDOWS\system32\pinqonkd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\wcvdjkju.dll C:\WINDOWS\system32\wcvdjkju.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\dknoqnip.dll C:\WINDOWS\system32\dknoqnip.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\wcvdjkju.dll C:\WINDOWS\system32\wcvdjkju.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.9 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Scan started at 23:33:16 28-9-2007 Listing files found while scanning.... C:\windows\system32\ccsspsru.dll Beginning removal... Attempting to delete C:\windows\system32\ccsspsru.dll C:\windows\system32\ccsspsru.dll Has been deleted! Performing Repairs to the registry. Done! Hijackthislogje: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:46:38, on 28-9-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\fxrsalun.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\notepad.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Logitech\Video\LogiTray.exe D:\Britta\Itunes\iTunesHelper.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\PROGRA~1\YSTEM~1\javaw.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe D:\Britta\Ipod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\F?nts\??chost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.jvo.nl/dagelijksrooster.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Britta\Itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [SmartBarXP] D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min O4 - HKCU\..\Run: [BitTorrent] "D:\Daan\Documenten\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv O4 - HKCU\..\Run: [Lacuog] C:\WINDOWS\F?nts\??chost.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe O4 - Startup: Planet Internet ADSL.lnk = ? O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168462717453 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: DomainService - - C:\WINDOWS\system32\fxrsalun.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Britta\Ipod\bin\iPodService.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing) O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing) O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\profsycyzyrt.html -- End of file - 11386 bytes En dan nog DSS: Deckard's System Scanner v20070905.67 Run by Daan on 2007-09-28 23:47:06 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Daan.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:47:09, on 28-9-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\fxrsalun.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\notepad.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Logitech\Video\LogiTray.exe D:\Britta\Itunes\iTunesHelper.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\PROGRA~1\YSTEM~1\javaw.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe D:\Britta\Ipod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Daan\Bureaublad\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Daan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.jvo.nl/dagelijksrooster.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {096C8BA4-1664-4AE6-6D2D-4D71C278C5C1} - C:\WINDOWS\system32\bneogv.dll O2 - BHO: (no name) - {554534D4-2C73-4A6E-8EC8-D4A37C30CEF4} - C:\Program Files\Internet Explorer\hoketof83122.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {98C7A825-69B9-6839-EE55-3A766D3407C5} - C:\WINDOWS\system32\fzv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: (no name) - {B403F9DE-5C4E-4149-808B-25855C446A89} - C:\Program Files\Internet Explorer\hoketof4444.dll O2 - BHO: (no name) - {F8B3503D-4026-478F-B9C6-36A6D0D2B1E8} - C:\WINDOWS\system32\jkhhh.dll O2 - BHO: 0 - {FD3101AB-B1E2-462C-9BBC-DF9BAF63C666} - C:\Program Files\MSN Gaming Zone\lavunagiv463.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Britta\Itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [SmartBarXP] D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min O4 - HKCU\..\Run: [BitTorrent] "D:\Daan\Documenten\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv O4 - HKCU\..\Run: [Lacuog] C:\WINDOWS\F?nts\??chost.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe O4 - Startup: Planet Internet ADSL.lnk = ? O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168462717453 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O20 - Winlogon Notify: jkkklkk - C:\WINDOWS\SYSTEM32\jkkklkk.dll O20 - Winlogon Notify: qomnlmm - C:\WINDOWS\SYSTEM32\qomnlmm.dll O23 - Service: DomainService - - C:\WINDOWS\system32\fxrsalun.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Britta\Ipod\bin\iPodService.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing) O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing) O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\profsycyzyrt.html -- End of file - 12786 bytes -- Files created between 2007-08-28 and 2007-09-28 ----------------------------- 2007-09-28 23:33:15 0 d-------- C:\WINDOWS\F?nts 2007-09-28 23:33:14 60928 --a------ C:\WINDOWS\system32\fzv.dll 2007-09-28 23:24:34 0 d-------- C:\VundoFix Backups 2007-09-28 14:06:49 75328 --a------ C:\WINDOWS\system32\jufvcmyw.exe <Not Verified; ; DDC> 2007-09-27 19:13:23 75328 --a------ C:\WINDOWS\system32\fxrsalun.exe <Not Verified; ; DDC> 2007-09-27 18:26:32 710917 ---hs---- C:\WINDOWS\system32\hhhkj.bak2 2007-09-27 18:12:59 0 d-------- C:\bintheredunthat 2007-09-26 21:27:24 693140 ---hs---- C:\WINDOWS\system32\hhhkj.bak1 2007-09-26 20:41:44 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE> 2007-09-26 20:37:25 0 d-------- C:\Program Files\Jamdat 2007-09-25 22:20:33 0 d-------- C:\Program Files\Trend Micro 2007-09-25 22:19:01 0 d-------- C:\Documents and Settings\Daan\Application Data\?ymantec 2007-09-25 22:17:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-09-25 15:23:50 0 d-------- C:\Documents and Settings\Daan\Application Data\??curity 2007-09-25 15:23:09 32177 ---hs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe 2007-09-25 15:23:07 0 d-------- C:\Program Files\?ystem 2007-09-25 15:23:07 207 --a------ C:\Documents and Settings\Daan\2977.bat 2007-09-25 07:56:25 321632 -----n--- C:\WINDOWS\system32\jkhhh.dll 2007-09-25 07:52:04 207 --a------ C:\Documents and Settings\Daan\2813.bat 2007-09-25 07:51:53 36352 --a------ C:\WINDOWS\system32\jkkklkk.dll 2007-09-24 23:28:10 207 --a------ C:\Documents and Settings\Daan\4992.bat 2007-09-24 23:28:01 0 d-------- C:\Program Files\WinAble 2007-09-24 23:28:01 0 d-------- C:\Program Files\Temporary 2007-09-24 23:28:00 32768 --a------ C:\Documents and Settings\Daan\winlogo.exe <Not Verified; w00t; oooo8888> 2007-09-24 23:14:02 135168 --a------ C:\WINDOWS\tk58.exe 2007-09-24 23:13:59 687592 --a------ C:\WINDOWS\system32\atmtd.dll 2007-09-24 23:13:56 169147 --a------ C:\WINDOWS\TTC-4444.exe 2007-09-24 23:13:50 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon 2007-09-24 23:13:43 35840 --a------ C:\WINDOWS\retadpu1000106.exe 2007-09-24 23:13:39 0 d-------- C:\WINDOWS\system32\UPC1 2007-09-24 23:13:39 0 d-------- C:\WINDOWS\system32\P2 2007-09-24 23:13:39 0 d-------- C:\WINDOWS\system32\Dr3 2007-09-24 23:13:35 0 d-------- C:\WINDOWS\system32\f04WtR 2007-09-24 23:13:35 207 --a------ C:\WINDOWS\system32\9774.bat 2007-09-24 23:13:33 109585 --a------ C:\WINDOWS\system32\ps.exe 2007-09-24 23:13:22 35328 --a------ C:\WINDOWS\system32\qomnlmm.dll 2007-09-24 23:13:20 55296 -----n--- C:\WINDOWS\system32\install.exe 2007-09-24 23:13:08 35840 --a------ C:\WINDOWS\retadpu1000137.exe 2007-09-24 23:13:03 9814 --a------ C:\WINDOWS\system32\app.exe <Not Verified; ; adinstall> 2007-09-24 23:13:01 32768 --a------ C:\WINDOWS\system32\winlogo.exe <Not Verified; w00t; oooo8888> 2007-09-24 22:06:12 0 --a------ C:\WINDOWS\system32\taskkill.exe 2007-09-24 22:06:03 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ> 2007-09-23 21:07:36 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire> 2007-09-23 21:07:36 0 d-------- C:\Program Files\VstPlugins 2007-09-23 21:02:34 0 d-------- C:\Program Files\Image-Line 2007-09-23 15:12:48 0 d-------- C:\Documents and Settings\Daan\Application Data\Syntrillium 2007-09-23 14:42:54 4608 --a------ C:\WINDOWS\system32\W95INF32.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95> 2007-09-23 14:42:54 2272 --a------ C:\WINDOWS\system32\W95INF16.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95> 2007-09-23 10:18:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2007-09-23 10:18:44 0 d-------- C:\Program Files\Google 2007-09-20 17:56:07 0 d-------- C:\WINDOWS\s?mbols 2007-09-20 17:56:06 60928 --a------ C:\WINDOWS\system32\bneogv.dll 2007-09-20 17:55:42 0 d-------- C:\Documents and Settings\Niels\Application Data\Logitech 2007-09-19 21:56:10 53248 --a------ C:\WINDOWS\b122.exe 2007-09-14 18:32:35 0 d-------- C:\Documents and Settings\Daan\Application Data\NCH Swift Sound 2007-09-14 18:27:09 0 d-------- C:\Program Files\NCH Swift Sound 2007-09-10 23:13:07 0 d-------- C:\Documents and Settings\Reinier\Application Data\Logitech 2007-09-03 18:20:17 0 d-------- C:\Program Files\Norton Security Scan 2007-09-03 17:34:51 0 d-------- C:\Documents and Settings\Daan\Application Data\Logitech 2007-09-03 17:34:43 0 d-------- C:\Documents and Settings\Daan\Application Data\Leadertech 2007-09-03 17:34:41 0 d-------- C:\Program Files\Common Files\LogiShared 2007-09-03 17:32:08 69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint> 2007-09-03 17:32:08 110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint> 2007-09-03 17:32:08 135168 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint> 2007-09-03 17:32:08 163840 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint> 2007-09-03 17:31:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2007-09-03 17:31:28 0 d-------- C:\Documents and Settings\Daan\Application Data\InstallShield 2007-09-03 17:31:19 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd -- Find3M Report --------------------------------------------------------------- 2007-09-28 23:41:51 0 d-------- C:\Program Files\MSN Gaming Zone 2007-09-28 23:33:20 2 --a------ C:\WINDOWS\system32\wcpsvit32.exe 2007-09-28 23:33:15 0 d-------- C:\Documents and Settings\Daan\Application Data\??curity 2007-09-27 19:18:23 0 d-------- C:\Program Files\Common Files 2007-09-26 20:54:01 0 d-------- C:\Program Files\Microsoft ActiveSync 2007-09-26 20:27:32 2528 --a------ C:\Documents and Settings\Daan\Application Data\$_hpcst$.hpc 2007-09-25 22:19:01 0 d-------- C:\Documents and Settings\Daan\Application Data\?ymantec 2007-09-25 22:18:28 0 d-------- C:\Program Files\?ystem 2007-09-25 18:14:27 0 d-------- C:\Program Files\AdSponsorCL 2007-09-25 16:56:20 86016 --a------ C:\eSetup.exe 2007-09-20 17:56:07 0 d-------- C:\Program Files\Common Files\s?stem 2007-09-10 22:20:41 0 d-------- C:\Program Files\LimeWire 2007-09-10 16:46:54 0 d-------- C:\Program Files\Java 2007-09-03 18:20:22 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-03 17:32:22 0 d-------- C:\Program Files\Common Files\Logitech 2007-09-03 17:31:40 0 d-------- C:\Program Files\Logitech 2007-09-03 17:31:38 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-08-15 23:10:19 0 d-------- C:\Program Files\MSXML 4.0 2007-08-11 14:56:22 0 d-------- C:\Program Files\??mantec 2007-08-11 14:56:22 0 d-------- C:\Program Files\Outerinfo 2007-08-02 15:43:59 282624 --a------ C:\Program Files\TTC.dll 2007-08-01 20:04:14 0 d-------- C:\Program Files\Common Files\Teleca Shared -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{096C8BA4-1664-4AE6-6D2D-4D71C278C5C1}] 06-09-2007 15:47 60928 --a------ C:\WINDOWS\system32\bneogv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{554534D4-2C73-4A6E-8EC8-D4A37C30CEF4}] 02-08-2007 15:43 282624 --a------ C:\Program Files\Internet Explorer\hoketof83122.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98C7A825-69B9-6839-EE55-3A766D3407C5}] 23-08-2007 21:58 60928 --a------ C:\WINDOWS\system32\fzv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B403F9DE-5C4E-4149-808B-25855C446A89}] 02-08-2007 15:43 282624 --a------ C:\Program Files\Internet Explorer\hoketof4444.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8B3503D-4026-478F-B9C6-36A6D0D2B1E8}] 25-09-2007 07:56 321632 --------- C:\WINDOWS\system32\jkhhh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD3101AB-B1E2-462C-9BBC-DF9BAF63C666}] 28-09-2007 23:41 70144 --a------ C:\Program Files\MSN Gaming Zone\lavunagiv463.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [06-10-2003 15:16] "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [10-04-2002 17:44] "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [12-11-2002 12:02] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [] "nwiz"="nwiz.exe" [06-10-2003 15:16 C:\WINDOWS\system32\nwiz.exe] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08-03-2006 15:54] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08-06-2005 15:14] "iTunesHelper"="D:\Britta\Itunes\iTunesHelper.exe" [23-02-2006 15:45] "CreateCD50"="C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [02-05-2002 19:58] "McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [] "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [] "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [] "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [31-12-2006 13:55] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12-07-2007 04:00] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11-04-2007 15:32 C:\WINDOWS\KHALMNPR.Exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 02:03] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [] "Steam"="c:\program files\steam\steam.exe" [] "SmartBarXP"="D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe" [] "Eyeball Chat"="C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" [] "BitTorrent"="D:\Daan\Documenten\bittorrent.exe" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [23-09-2007 10:18] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [13-11-2006 18:34] "Adru"="C:\PROGRA~1\YSTEM~1\javaw.exe" [25-09-2007 22:18] "Lacuog"="C:\WINDOWS\F?nts\??chost.exe" [] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= C:\Program Files\MSN Gaming Zone\profsycyzyrt.html FriendlyName= [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{2DF26EA8-AAF5-45BD-A107-778EB1D5C0C9}"= C:\WINDOWS\system32\qomnlmm.dll [24-09-2007 23:13 35328] "{F884BE4E-64D5-43FE-80A4-DB8D63C748F0}"= C:\WINDOWS\system32\jkkklkk.dll [25-09-2007 07:51 36352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkklkk] jkkklkk.dll 25-09-2007 07:51 36352 C:\WINDOWS\system32\jkkklkk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnlmm] qomnlmm.dll 24-09-2007 23:13 35328 C:\WINDOWS\system32\qomnlmm.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\jkhhh "Notification Packages"= scecli scecli [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8affe2a-9871-11d9-9951-806d6172696f}] AutoRun\command- D:\setupSNK.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4AFEB339-8F0B-469A-B2A2-87D2A8FA92BE}] c:\eSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}] C:\WINDOWS\system\sservice.exe -- End of Deckard's System Scanner: finished at 2007-09-28 23:47:53 ------------
  • Start Hijackthis, kies voor [i:2e6f03d351]'Do a system scan only'[/i:2e6f03d351] en vink onderstaande regels aan: [b:2e6f03d351] R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv O4 - HKCU\..\Run: [Lacuog] C:\WINDOWS\F?nts\??chost.exe [/b:2e6f03d351] Sluit nu [u:2e6f03d351]alle[/u:2e6f03d351] openstaande vensters, behalve Hijackthis en klik op [b:2e6f03d351]Fix Checked[/b:2e6f03d351]. Download [url=http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe]OTmoveit[/url] en plaats het op je [u:2e6f03d351]bureaublad[/u:2e6f03d351] [list:2e6f03d351] * Dubbelklik op [b:2e6f03d351]OTMoveIt.exe[/b:2e6f03d351] om de tool te starten. * Kopiëer (selecteren en druk Ctrl-C) [b:2e6f03d351]alle[/b:2e6f03d351] onderstaande, vetgedrukte, blauwe tekst : [color=blue:2e6f03d351][b:2e6f03d351] C:\WINDOWS\system32\fxrsalun.exe C:\WINDOWS\F?nts\??chost.exe C:\PROGRA~1\YSTEM~1\javaw.exe C:\WINDOWS\system32\bneogv.dll C:\Program Files\Internet Explorer\hoketof83122.dll C:\WINDOWS\system32\fzv.dll C:\Program Files\Internet Explorer\hoketof4444.dll C:\WINDOWS\system32\jkhhh.dll C:\Program Files\MSN Gaming Zone\lavunagiv463.dll C:\WINDOWS\SYSTEM32\jkkklkk.dll C:\WINDOWS\SYSTEM32\qomnlmm.dll C:\WINDOWS\system32\fxrsalun.exe C:\Program Files\MSN Gaming Zone\profsycyzyrt.html C:\WINDOWS\system32\jufvcmyw.exe C:\WINDOWS\system32\fxrsalun.exe C:\WINDOWS\system32\hhhkj.bak2 C:\WINDOWS\system32\hhhkj.bak1 C:\bintheredunthat C:\WINDOWS\unvise32.exe C:\Documents and Settings\Daan\Application Data\??curity C:\WINDOWS\system32\jkhhh.dll C:\WINDOWS\system32\jkkklkk.dll C:\Program Files\WinAble C:\Documents and Settings\Daan\winlogo.exe C:\WINDOWS\tk58.exe C:\WINDOWS\system32\atmtd.dll C:\WINDOWS\TTC-4444.exe C:\WINDOWS\retadpu1000106.exe C:\WINDOWS\system32\qomnlmm.dll C:\WINDOWS\system32\install.exe C:\WINDOWS\retadpu1000137.exe C:\WINDOWS\system32\winlogo.exe C:\WINDOWS\system32\bneogv.dll C:\WINDOWS\b122.exe C:\WINDOWS\system32\wcpsvit32.exe [/b:2e6f03d351][/color:2e6f03d351] * Plak de gekopiëerde tekst (druk Ctrl-V) in het "[b:2e6f03d351]Paste List of Files/Folders to be moved[/b:2e6f03d351]" venster * Klik op de rode [color=red:2e6f03d351]MoveIt![/color:2e6f03d351] knop * [b:2e6f03d351]Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord.[/b:2e6f03d351] * Sluit OTMoveIt. Indien een bestand of map niet onmiddellijk kan verplaatst worden, kun je gevraagd worden om de PC te herstarten teneinde het verplaatsen te beeïndigen. Klik dan op [b:2e6f03d351]Ja/Yes[/b:2e6f03d351]. [/list:u:2e6f03d351] Plaats het resultaat van Otmoveit in je volgende antwoord samen met een vers Hijackthis logje en een nieuw logje van DDS. Kun je ook nogmaals proberen een Combofix log te maken? Pim
  • Okeej, heb alles doorgevoerd. Ik heb alleen mijn PC niet opnieuw opgestart wat OTMoveIt mij vroeg omdat ik dan niet zeker wist of de resultaten in de rechterkolom bewaard zouden blijven dus hier de resulaten: C:\WINDOWS\system32\fxrsalun.exe moved successfully. File/Folder C:\WINDOWS\F?nts\??chost.exe not found. C:\PROGRA~1\YSTEM~1\javaw.exe moved successfully. C:\WINDOWS\system32\bneogv.dll unregistered successfully. C:\WINDOWS\system32\bneogv.dll moved successfully. DllUnregisterServer procedure not found in C:\Program Files\Internet Explorer\hoketof83122.dll C:\Program Files\Internet Explorer\hoketof83122.dll NOT unregistered. C:\Program Files\Internet Explorer\hoketof83122.dll moved successfully. C:\WINDOWS\system32\fzv.dll unregistered successfully. C:\WINDOWS\system32\fzv.dll moved successfully. DllUnregisterServer procedure not found in C:\Program Files\Internet Explorer\hoketof4444.dll C:\Program Files\Internet Explorer\hoketof4444.dll NOT unregistered. C:\Program Files\Internet Explorer\hoketof4444.dll moved successfully. LoadLibrary failed for C:\WINDOWS\system32\jkhhh.dll C:\WINDOWS\system32\jkhhh.dll NOT unregistered. File move failed. C:\WINDOWS\system32\jkhhh.dll scheduled to be moved on reboot. LoadLibrary failed for C:\Program Files\MSN Gaming Zone\lavunagiv463.dll C:\Program Files\MSN Gaming Zone\lavunagiv463.dll NOT unregistered. C:\Program Files\MSN Gaming Zone\lavunagiv463.dll moved successfully. LoadLibrary failed for C:\WINDOWS\SYSTEM32\jkkklkk.dll C:\WINDOWS\SYSTEM32\jkkklkk.dll NOT unregistered. C:\WINDOWS\SYSTEM32\jkkklkk.dll moved successfully. LoadLibrary failed for C:\WINDOWS\SYSTEM32\qomnlmm.dll C:\WINDOWS\SYSTEM32\qomnlmm.dll NOT unregistered. C:\WINDOWS\SYSTEM32\qomnlmm.dll moved successfully. File/Folder C:\WINDOWS\system32\fxrsalun.exe not found. C:\Program Files\MSN Gaming Zone\profsycyzyrt.html moved successfully. C:\WINDOWS\system32\jufvcmyw.exe moved successfully. File/Folder C:\WINDOWS\system32\fxrsalun.exe not found. C:\WINDOWS\system32\hhhkj.bak2 moved successfully. C:\WINDOWS\system32\hhhkj.bak1 moved successfully. C:\bintheredunthat moved successfully. C:\WINDOWS\unvise32.exe moved successfully. File/Folder C:\Documents and Settings\Daan\Application Data\??curity not found. LoadLibrary failed for C:\WINDOWS\system32\jkhhh.dll C:\WINDOWS\system32\jkhhh.dll NOT unregistered. File move failed. C:\WINDOWS\system32\jkhhh.dll scheduled to be moved on reboot. File/Folder C:\WINDOWS\system32\jkkklkk.dll not found. C:\Program Files\WinAble moved successfully. C:\Documents and Settings\Daan\winlogo.exe moved successfully. C:\WINDOWS\tk58.exe moved successfully. LoadLibrary failed for C:\WINDOWS\system32\atmtd.dll C:\WINDOWS\system32\atmtd.dll NOT unregistered. C:\WINDOWS\system32\atmtd.dll moved successfully. C:\WINDOWS\TTC-4444.exe moved successfully. C:\WINDOWS\retadpu1000106.exe moved successfully. File/Folder C:\WINDOWS\system32\qomnlmm.dll not found. C:\WINDOWS\system32\install.exe moved successfully. C:\WINDOWS\retadpu1000137.exe moved successfully. C:\WINDOWS\system32\winlogo.exe moved successfully. File/Folder C:\WINDOWS\system32\bneogv.dll not found. C:\WINDOWS\b122.exe moved successfully. C:\WINDOWS\system32\wcpsvit32.exe moved successfully. Created on 09-29-2007 09:04:33 Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:08:49, on 29-9-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\fxrsalun.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\notepad.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Logitech\Video\LogiTray.exe D:\Britta\Itunes\iTunesHelper.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE D:\Britta\Ipod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\Daan\LOCALS~1\Temp\!update.exe C:\PROGRA~1\YSTEM~1\javaw.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\F?nts\??chost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.jvo.nl/dagelijksrooster.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Britta\Itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [SmartBarXP] D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min O4 - HKCU\..\Run: [BitTorrent] "D:\Daan\Documenten\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe O4 - Startup: Planet Internet ADSL.lnk = ? O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168462717453 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\fxrsalun.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Britta\Ipod\bin\iPodService.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing) O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing) O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\profsycyzyrt.html -- End of file - 11359 bytes DSS logje: Deckard's System Scanner v20070905.67 Run by Daan on 2007-09-29 09:09:49 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Daan.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:09:51, on 29-9-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\fxrsalun.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\notepad.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Logitech\Video\LogiTray.exe D:\Britta\Itunes\iTunesHelper.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE D:\Britta\Ipod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\Daan\LOCALS~1\Temp\!update.exe C:\PROGRA~1\YSTEM~1\javaw.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\F?nts\??chost.exe C:\Documents and Settings\Daan\Bureaublad\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Daan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.jvo.nl/dagelijksrooster.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: 0 - {2F2E90E8-BD69-4AFF-FAB3-FB1989091D17} - C:\Program Files\MSN Gaming Zone\lavunagiv238.dll O2 - BHO: (no name) - {554534D4-2C73-4A6E-8EC8-D4A37C30CEF4} - C:\Program Files\Internet Explorer\hoketof83122.dll (file missing) O2 - BHO: (no name) - {63633284-BC99-4D86-AEB6-158AC92C5A17} - C:\WINDOWS\system32\jkhhh.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: (no name) - {B403F9DE-5C4E-4149-808B-25855C446A89} - C:\Program Files\Internet Explorer\hoketof4444.dll (file missing) O2 - BHO: (no name) - {B694C244-BC70-4AE5-A2A8-452F4CABC099} - C:\WINDOWS\system32\pmnli.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Britta\Itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [SmartBarXP] D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min O4 - HKCU\..\Run: [BitTorrent] "D:\Daan\Documenten\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\YSTEM~1\javaw.exe" -vt ndrv O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe O4 - Startup: Planet Internet ADSL.lnk = ? O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168462717453 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O20 - Winlogon Notify: jkkklkk - jkkklkk.dll (file missing) O20 - Winlogon Notify: qomnlmm - qomnlmm.dll (file missing) O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\fxrsalun.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Britta\Ipod\bin\iPodService.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing) O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing) O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\profsycyzyrt.html -- End of file - 12667 bytes -- Files created between 2007-08-29 and 2007-09-29 ----------------------------- 2007-09-29 08:22:06 6448 ---hs---- C:\WINDOWS\system32\ilnmp.bak1 2007-09-29 08:21:31 316000 --a------ C:\WINDOWS\system32\pmnli.dll 2007-09-29 08:08:33 4672 --a------ C:\WINDOWS\system32\ahsrpais.exe 2007-09-28 23:33:15 0 d-------- C:\WINDOWS\F?nts 2007-09-28 23:24:34 0 d-------- C:\VundoFix Backups 2007-09-26 20:37:25 0 d-------- C:\Program Files\Jamdat 2007-09-25 22:20:33 0 d-------- C:\Program Files\Trend Micro 2007-09-25 22:19:01 0 d-------- C:\Documents and Settings\Daan\Application Data\?ymantec 2007-09-25 22:17:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-09-25 15:23:50 0 d-------- C:\Documents and Settings\Daan\Application Data\??curity 2007-09-25 15:23:09 32177 ---hs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe 2007-09-25 15:23:07 0 d-------- C:\Program Files\?ystem 2007-09-25 15:23:07 207 --a------ C:\Documents and Settings\Daan\2977.bat 2007-09-25 07:56:25 321632 -----n--- C:\WINDOWS\system32\jkhhh.dll 2007-09-25 07:52:04 207 --a------ C:\Documents and Settings\Daan\2813.bat 2007-09-24 23:28:10 207 --a------ C:\Documents and Settings\Daan\4992.bat 2007-09-24 23:28:01 0 d-------- C:\Program Files\Temporary 2007-09-24 23:13:50 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon 2007-09-24 23:13:39 0 d-------- C:\WINDOWS\system32\UPC1 2007-09-24 23:13:39 0 d-------- C:\WINDOWS\system32\P2 2007-09-24 23:13:39 0 d-------- C:\WINDOWS\system32\Dr3 2007-09-24 23:13:35 0 d-------- C:\WINDOWS\system32\f04WtR 2007-09-24 23:13:35 207 --a------ C:\WINDOWS\system32\9774.bat 2007-09-24 23:13:33 109585 --a------ C:\WINDOWS\system32\ps.exe 2007-09-24 23:13:03 9814 --a------ C:\WINDOWS\system32\app.exe <Not Verified; ; adinstall> 2007-09-24 22:06:12 0 --a------ C:\WINDOWS\system32\taskkill.exe 2007-09-24 22:06:03 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ> 2007-09-23 21:07:36 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire> 2007-09-23 21:07:36 0 d-------- C:\Program Files\VstPlugins 2007-09-23 21:02:34 0 d-------- C:\Program Files\Image-Line 2007-09-23 15:12:48 0 d-------- C:\Documents and Settings\Daan\Application Data\Syntrillium 2007-09-23 14:42:54 4608 --a------ C:\WINDOWS\system32\W95INF32.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95> 2007-09-23 14:42:54 2272 --a------ C:\WINDOWS\system32\W95INF16.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95> 2007-09-23 10:18:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2007-09-23 10:18:44 0 d-------- C:\Program Files\Google 2007-09-20 17:56:07 0 d-------- C:\WINDOWS\s?mbols 2007-09-20 17:55:42 0 d-------- C:\Documents and Settings\Niels\Application Data\Logitech 2007-09-14 18:32:35 0 d-------- C:\Documents and Settings\Daan\Application Data\NCH Swift Sound 2007-09-14 18:27:09 0 d-------- C:\Program Files\NCH Swift Sound 2007-09-10 23:13:07 0 d-------- C:\Documents and Settings\Reinier\Application Data\Logitech 2007-09-03 18:20:17 0 d-------- C:\Program Files\Norton Security Scan 2007-09-03 17:34:51 0 d-------- C:\Documents and Settings\Daan\Application Data\Logitech 2007-09-03 17:34:43 0 d-------- C:\Documents and Settings\Daan\Application Data\Leadertech 2007-09-03 17:34:41 0 d-------- C:\Program Files\Common Files\LogiShared 2007-09-03 17:32:08 69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint> 2007-09-03 17:32:08 110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint> 2007-09-03 17:32:08 135168 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint> 2007-09-03 17:32:08 163840 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint> 2007-09-03 17:31:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2007-09-03 17:31:28 0 d-------- C:\Documents and Settings\Daan\Application Data\InstallShield 2007-09-03 17:31:19 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd -- Find3M Report --------------------------------------------------------------- 2007-09-29 09:04:26 0 d-------- C:\Program Files\MSN Gaming Zone 2007-09-29 09:04:22 0 d-------- C:\Program Files\?ystem 2007-09-28 23:33:15 0 d-------- C:\Documents and Settings\Daan\Application Data\??curity 2007-09-27 19:18:23 0 d-------- C:\Program Files\Common Files 2007-09-26 20:54:01 0 d-------- C:\Program Files\Microsoft ActiveSync 2007-09-26 20:27:32 2528 --a------ C:\Documents and Settings\Daan\Application Data\$_hpcst$.hpc 2007-09-25 22:19:01 0 d-------- C:\Documents and Settings\Daan\Application Data\?ymantec 2007-09-25 18:14:27 0 d-------- C:\Program Files\AdSponsorCL 2007-09-25 16:56:20 86016 --a------ C:\eSetup.exe 2007-09-20 17:56:07 0 d-------- C:\Program Files\Common Files\s?stem 2007-09-10 22:20:41 0 d-------- C:\Program Files\LimeWire 2007-09-10 16:46:54 0 d-------- C:\Program Files\Java 2007-09-03 18:20:22 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-03 17:32:22 0 d-------- C:\Program Files\Common Files\Logitech 2007-09-03 17:31:40 0 d-------- C:\Program Files\Logitech 2007-09-03 17:31:38 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-08-15 23:10:19 0 d-------- C:\Program Files\MSXML 4.0 2007-08-11 14:56:22 0 d-------- C:\Program Files\??mantec 2007-08-11 14:56:22 0 d-------- C:\Program Files\Outerinfo 2007-08-02 15:43:59 282624 --a------ C:\Program Files\TTC.dll 2007-08-01 20:04:14 0 d-------- C:\Program Files\Common Files\Teleca Shared -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F2E90E8-BD69-4AFF-FAB3-FB1989091D17}] 29-09-2007 09:01 70144 --a------ C:\Program Files\MSN Gaming Zone\lavunagiv238.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{554534D4-2C73-4A6E-8EC8-D4A37C30CEF4}] C:\Program Files\Internet Explorer\hoketof83122.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63633284-BC99-4D86-AEB6-158AC92C5A17}] 25-09-2007 07:56 321632 --------- C:\WINDOWS\system32\jkhhh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B403F9DE-5C4E-4149-808B-25855C446A89}] C:\Program Files\Internet Explorer\hoketof4444.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B694C244-BC70-4AE5-A2A8-452F4CABC099}] 29-09-2007 08:21 316000 --a------ C:\WINDOWS\system32\pmnli.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [06-10-2003 15:16] "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [10-04-2002 17:44] "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [12-11-2002 12:02] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [] "nwiz"="nwiz.exe" [06-10-2003 15:16 C:\WINDOWS\system32\nwiz.exe] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08-03-2006 15:54] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08-06-2005 15:14] "iTunesHelper"="D:\Britta\Itunes\iTunesHelper.exe" [23-02-2006 15:45] "CreateCD50"="C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [02-05-2002 19:58] "McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [] "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [] "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [] "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [31-12-2006 13:55] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12-07-2007 04:00] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11-04-2007 15:32 C:\WINDOWS\KHALMNPR.Exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 02:03] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [] "Steam"="c:\program files\steam\steam.exe" [] "SmartBarXP"="D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe" [] "Eyeball Chat"="C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" [] "BitTorrent"="D:\Daan\Documenten\bittorrent.exe" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [23-09-2007 10:18] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [13-11-2006 18:34] "Adru"="C:\PROGRA~1\YSTEM~1\javaw.exe" [] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= C:\Program Files\MSN Gaming Zone\profsycyzyrt.html FriendlyName= [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{2DF26EA8-AAF5-45BD-A107-778EB1D5C0C9}"= C:\WINDOWS\system32\qomnlmm.dll [ ] "{F884BE4E-64D5-43FE-80A4-DB8D63C748F0}"= C:\WINDOWS\system32\jkkklkk.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkklkk] jkkklkk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnlmm] qomnlmm.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\jkhhh "Notification Packages"= scecli scecli [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4AFEB339-8F0B-469A-B2A2-87D2A8FA92BE}] c:\eSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}] C:\WINDOWS\system\sservice.exe -- End of Deckard's System Scanner: finished at 2007-09-29 09:10:32 ------------ En Combofix kan hetzelfde bestand nog steeds niet vinden: [b:3b76609723]C:\WINDOWS\regedit.exe[/b:3b76609723]
  • Ziet er niet zo goed uit. We zullen eerst kijken wat er met regedit.exe aan de hand is. Open een kladblokbestand. Kopieer onderstaande code in dit kladblokbestand. Ga naar Bestand - Opslaan als. Bij "Opslaan in" kies je: Bureaublad Bij "Bestandsnaam" zet je: look.bat Bij "Opslaan als type" selecteer je: Alle bestanden (*.*). Klik op de knop Opslaan. [code:1:098d327967] IF EXIST files.txt DEL files.txt dir %Systemdrive%\regedit.exe /a h /s > files.txt start notepad files.txt [/code:1:098d327967] Dubbelklik op look.bat en post de inhoud files.txt
  • Kan je ook even de header posten van de laatste Combofixlog? Ik zou graag weten welke versie je gebruikt.
  • Okeej, hier het files.txt De volumenaam van station C is PROGRAMMAS Het volumenummer is 962A-D319 Map van C:\WINDOWS 04-08-2004 02:03 153.088 regedit.exe 1 bestand(en) 153.088 bytes Map van C:\WINDOWS\$NtServicePackUninstall$ 30-09-2002 17:11 140.800 regedit.exe 1 bestand(en) 140.800 bytes Map van C:\WINDOWS\ServicePackFiles\i386 04-08-2004 02:03 153.088 regedit.exe 1 bestand(en) 153.088 bytes Map van C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da 04-08-2004 10:03 153.088 regedit.exe 1 bestand(en) 153.088 bytes Map van C:\WINDOWS\system32\dllcache 04-08-2004 02:03 153.088 regedit.exe 1 bestand(en) 153.088 bytes En welke combofik versie ik gebruik weet ik niet en ik weet niet waar ik de header kan vinden sorry, maar alsje naar boven scrollt zul je zien dat Pim zegt "Download Combofix en plaats hem op je bureaublad" die versie die daar in een link staat aangegeven heb ik. Ik hoop dat dat een bevredigend antwoord is.
  • Download combofix opnieuw en maak een nieuwe log.
  • Daar wrikt hem nou juist de schoen, ik kan hem niet openen en ik heb ook geen logje, ik kan er ook geen logje mee maken omdat hij het dus niet doet, tenzij jij een andere weg weet. Maar ik moet nu werken dus zal vanavond verder kunnen iig ontzettend bedankt alvast.
  • Heb je hem opnieuw proberen te downloaden? (oude versie eerst weggooien RocX)

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.