Vraag & Antwoord

Beveiliging & privacy

Windows Security Center <- Spyware (log toegevoegd)

17 antwoorden
  • Ik weet niet wat mijn zusje heeft gedaan, maar die arme meid heeft last van redelijk wat virussen/spyware. Bijvoorbeeld een scam van Windows Security Center (hebben ze redelijk netjes nagemaakt though) Norton komt constant met meldingen. Wie kan deze hijackthis log even bekijken en tips geven? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:08, on 2008-04-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe E:\Norton Internet Security 2005\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe E:\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Documents and Settings\Laura R\ie_updates3r.exe E:\Norton Internet Security 2005\Norton AntiVirus\navapsvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\vsnpstd.exe C:\WINDOWS\system32\RUNDLL32.EXE E:\Java\bin\jusched.exe E:\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\LocalService\cftmon.exe C:\WINDOWS\system32\wind32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe E:\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe E:\Mozilla Firefox\firefox.exe E:\Hijackthis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat Reader 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Norton Internet Security 2005\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {F2F2A4CB-DAAD-4D0C-BDFC-E945647202C2} - c:\autoex.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Norton Internet Security 2005\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Java\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Laura R\cftmon.exe O4 - HKLM\..\Run: [advap32] "yrjz486.exe"/r O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\wind32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Laura R\cftmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Acrobat Reader 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = E:\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documenten\Settings\partnership.dll O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Online Services - Unknown owner - C:\Documents and Settings\Laura R\ie_updates3r.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - E:\Norton Internet Security 2005\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Norton Internet Security 2005\Norton AntiVirus\navapsvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - E:\Norton Internet Security 2005\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 10822 bytes
  • Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels: [b:b5d1ffe5fe]O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing) O2 - BHO: (no name) - {F2F2A4CB-DAAD-4D0C-BDFC-E945647202C2} - c:\autoex.dll O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Laura R\cftmon.exe O4 - HKLM\..\Run: [advap32] "yrjz486.exe"/r O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\wind32.exe O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Laura R\cftmon.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documenten\Settings\partnership.dll O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing)[/b:b5d1ffe5fe] Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af. Download: [url=http://home.hetnet.nl/~stefsmeenk/RVAXO.exe][color=blue:b5d1ffe5fe][b:b5d1ffe5fe]RVAXO.exe[/b:b5d1ffe5fe][/color:b5d1ffe5fe][/url][list:b5d1ffe5fe][*:b5d1ffe5fe]Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken. [*:b5d1ffe5fe]Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm][color=red:b5d1ffe5fe][b:b5d1ffe5fe]veilige modus[/b:b5d1ffe5fe][/color:b5d1ffe5fe][/url]. [*:b5d1ffe5fe]Open nu de map [b:b5d1ffe5fe]RVAXO[/b:b5d1ffe5fe] op je bureaublad en dubbeklik [b:b5d1ffe5fe]RunMe[/b:b5d1ffe5fe].cmd Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal. [*:b5d1ffe5fe][b:b5d1ffe5fe]Mogelijk[/b:b5d1ffe5fe] start er ook een uninstaller van een rogue scanner op, [b:b5d1ffe5fe]sluit deze niet af[/b:b5d1ffe5fe] maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen. [*:b5d1ffe5fe]Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw. Laat deze lopen en wacht tot er een logfile opent: C:\[b:b5d1ffe5fe]RVAXO-results.log[/b:b5d1ffe5fe] [*:b5d1ffe5fe]Herstart je computer niet vanzelf, of start de tool niet na de reboot, [b:b5d1ffe5fe]doe dit dan handmatig[/b:b5d1ffe5fe]. [*:b5d1ffe5fe]Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van Hijackthis :)[/list:u:b5d1ffe5fe]
  • Bedankt voor je reactie, hij is al een stuk schoner, maar nog niet helemaal clean :) Hier de log files: ---RVAXO.exe Updated: [b:94e0beb0af]2008-04-10[/b:94e0beb0af]---first run--- [b:94e0beb0af]Uninstallers:[/b:94e0beb0af] [b:94e0beb0af]Files found:[/b:94e0beb0af] C:\WINDOWS\system32\Kf94k4g.dll C:\WINDOWS\system32\Hfk97g.dll C:\WINDOWS\system32\Hfk97g.dll C:\WINDOWS\system32\dllgh8jkd1q8.exe C:\WINDOWS\system32\wind32.exe C:\WINDOWS\system32\iSecurity.cpl C:\Documents and Settings\Laura R\ie_updates3r.exe C:\Documents and Settings\All Users\Documenten\Settings\partnership.dll [b:94e0beb0af]Folders Found:[/b:94e0beb0af] Hosts-file was reset, If you use a custom hosts file please replace it... --------------RVAXO.exe last run--------------- [b:94e0beb0af]Not deleted items:[/b:94e0beb0af] --------------RVAXO.exe finished---------------- ---------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:00, on 2008-04-11 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe E:\Norton Internet Security 2005\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe E:\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\systime C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\vsnpstd.exe C:\WINDOWS\system32\RUNDLL32.EXE E:\Java\bin\jusched.exe E:\iTunes\iTunesHelper.exe C:\Program Files\cjb\cjb8.exe C:\WINDOWS\TEMP\winlogan.exe C:\WINDOWS\TEMP\load2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe E:\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe E:\Norton Internet Security 2005\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\wuauclt.exe E:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat Reader 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java\bin\ssv.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: (no name) - {B5AC49A2-94F2-42BD-F434-2604812C897D} - (no file) O2 - BHO: (no name) - {B5AF0562-94F3-42BD-F434-2604812C797D} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Norton Internet Security 2005\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Norton Internet Security 2005\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Java\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb8.exe O4 - HKLM\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlogan.exe O4 - HKLM\..\Run: [advap32] "C:\WINDOWS\TEMP\load2.exe" /r O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlogan.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Acrobat Reader 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = E:\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Online Services - Unknown owner - C:\Documents and Settings\Laura R\ie_updates3r.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - E:\Norton Internet Security 2005\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSSysInterv - Unknown owner - C:\WINDOWS\systime.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Norton Internet Security 2005\Norton AntiVirus\navapsvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - E:\Norton Internet Security 2005\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 9949 bytes
  • Download dit bestand: [url=http://home.hetnet.nl/~stefsmeenk/zoek.exe]zoek.exe[/url] Dubbelklik het, na een tijdje opent er een logje. Post de inhoud van dit logje in je volgende bericht ;)
  • ======C:\WINDOWS==== ----a-w 0 2008-04-11 15:42:24 C:\WINDOWS\0.log --s-a-w 2,048 2008-04-11 15:41:59 C:\WINDOWS\bootstat.dat ----a-w 1,388 2008-04-10 16:02:15 C:\WINDOWS\IE4 Error Log.txt --sh--r 0 2008-04-11 13:53:34 C:\WINDOWS\ky.sxc ----a-w 0 2008-04-07 15:29:05 C:\WINDOWS\nsreg.dat ----a-w 1,409 2008-03-26 13:50:22 C:\WINDOWS\QTFont.for ---ha-w 54,156 2008-04-11 15:42:16 C:\WINDOWS\QTFont.qfn ----a-w 11,664 2008-04-07 18:35:12 C:\WINDOWS\setupapi.log ----a-w 0 2008-04-07 18:11:32 C:\WINDOWS\Sti_Trace.log ----a-w 227 2008-04-11 13:58:29 C:\WINDOWS\system.ini ----a-w 159 2008-04-11 15:42:22 C:\WINDOWS\wiadebug.log ----a-w 49 2008-04-11 15:42:20 C:\WINDOWS\wiaservc.log ----a-w 599 2008-04-11 13:58:29 C:\WINDOWS\win.ini ----a-w 32,401 2008-04-11 15:42:27 C:\WINDOWS\WindowsUpdate.log Entries: 14 (11) Directories: 0 Files: 14 Bytes: 104,100 Blocks: 208 ======C:\WINDOWS\system32===== ----a-w 0 2008-04-11 15:42:30 C:\WINDOWS\System32\nmp.log ----a-w 40,836 2008-03-30 11:33:29 C:\WINDOWS\System32\perfc009.dat ----a-w 54,464 2008-03-30 11:33:29 C:\WINDOWS\System32\perfc013.dat ----a-w 314,508 2008-03-30 11:33:29 C:\WINDOWS\System32\perfh009.dat ----a-w 367,286 2008-03-30 11:33:29 C:\WINDOWS\System32\perfh013.dat ----a-w 784,704 2008-03-30 11:33:29 C:\WINDOWS\System32\PerfStringBackup.INI ----a-w 787,789 2008-04-10 15:56:44 C:\WINDOWS\System32\RVAXO.bat ----a-w 52 2008-04-11 13:48:58 C:\WINDOWS\System32\svchost.t__ ----a-w 2,206 2008-04-08 15:02:41 C:\WINDOWS\System32\wpa.dbl ----a-w 7,680 2008-04-07 14:39:04 C:\WINDOWS\System32\yrjz463.exe ----a-w 14,336 2008-04-07 14:38:34 C:\WINDOWS\System32\yrjz472.exe ----a-w 96,360 2008-04-07 17:08:12 C:\WINDOWS\System32\yrjz487.exe ----a-w 4,380 2008-04-07 17:08:34 C:\WINDOWS\System32\yrjz491.exe ----a-w 233,984 2008-04-07 14:38:23 C:\WINDOWS\System32\yrjz497.exe ----a-w 16,336 2008-04-07 14:39:40 C:\WINDOWS\System32\yrjz498.exe ----a-w 7,168 2008-04-07 14:39:27 C:\WINDOWS\System32\yrjz501.exe ----a-w 32,231 2008-04-11 13:48:53 C:\WINDOWS\System32\yrjz507.exe ----a-w 1 2008-04-11 13:48:59 C:\WINDOWS\System32\zzxbkb.tmp Entries: 18 (18) Directories: 0 Files: 18 Bytes: 2,764,321 Blocks: 5,406 ======C:\WINDOWS\system32\drivers===== Entries: 0 (0) Directories: 0 Files: 0 Bytes: 0 Blocks: 0 =======C:\Program Files===== Entries: 0 (0) Directories: 0 Files: 0 Bytes: 0 Blocks: 0 =======C:===== ----a-w 65,536 2008-03-27 15:01:18 C:\asusdisp.log --sha-r 211 2008-04-11 13:58:29 C:\boot.ini ----a-w 545 2008-04-11 13:56:39 C:\firstrun5.log --sha-w 1,610,612,736 2008-04-11 15:41:54 C:\pagefile.sys ----a-w 680 2008-04-11 13:59:21 C:\RVAXO-results.log ----a-w 4,328 2008-04-11 13:59:43 C:\RVAXO-Vfind.log Entries: 6 (4) Directories: 0 Files: 6 Bytes: 1,610,684,036 Blocks: 3,145,870 ======C:\Documents and Settings\Laura R\Application Data====== Entries: 0 (0) Directories: 0 Files: 0 Bytes: 0 Blocks: 0 ======C:\Temp====== Entries: 0 (0) Directories: 0 Files: 0 Bytes: 0 Blocks: 0 ======C:\Documents and Settings\Laura R====== ----a-w 3,272,704 2008-04-11 14:05:09 C:\Documents and Settings\Laura R\ntuser.dat ---ha-w 61,440 2008-04-11 15:43:17 C:\Documents and Settings\Laura R\ntuser.dat.LOG --sh--w 288 2008-04-11 14:05:09 C:\Documents and Settings\Laura R\ntuser.ini Entries: 3 (1) Directories: 0 Files: 3 Bytes: 3,334,432 Blocks: 6,513 ======C:\WINDOWS\Downloaded Program Files==== Entries: 0 (0) Directories: 0 Files: 0 Bytes: 0 Blocks: 0 =============
  • Open een kladblokbestand. Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand. [b:bda9abf15d]@ECHO OFF sc delete "Google Online Services" sc delete MSSysInterv IF EXIST log.txt DEL log.txt ECHO Deleting files>>log.txt FOR %%g in ( C:\WINDOWS\ky.sxc C:\WINDOWS\systime C:\WINDOWS\systime.exe C:\Program Files\cjb\cjb8.exe C:\WINDOWS\system32\drivers\spools.exe "C:\Documents and Settings\Laura R\cftmon.exe" C:\WINDOWS\TEMP\winlogan.exe C:\WINDOWS\TEMP\load2.exe C:\WINDOWS\System32\svchost.t__ C:\WINDOWS\System32\yrjz463.exe C:\WINDOWS\System32\yrjz472.exe C:\WINDOWS\System32\yrjz487.exe C:\WINDOWS\System32\yrjz491.exe C:\WINDOWS\System32\yrjz497.exe C:\WINDOWS\System32\yrjz498.exe C:\WINDOWS\System32\yrjz501.exe C:\WINDOWS\System32\yrjz507.exe C:\WINDOWS\System32\zzxbkb.tmp) DO ( DEL /Q %%gHJTNL IF EXIST %%g ( ATTRIB -r -s -h %%g DEL %%g REN %%g *HJTNL IF EXIST %%gHJTNL ( ECHO renamed to %%gHJTNL>>log.txt) IF EXIST %%g ( ECHO %%g not deleted>>log.txt ) ELSE ( ECHO %%g deleted>>log.txt) ) ELSE ( ECHO %%g not found>>log.txt)) rd /s /q "C:\Program Files\cjb" START NOTEPAD.EXE log.txt [/b:bda9abf15d] Ga naar Bestand - Opslaan als. Bij "Opslaan in" kies je: Bureaublad Bij "Bestandsnaam" zet je: del.bat Bij "Opslaan als type" selecteer je: Alle bestanden (*.*). Klik op de knop Opslaan. Dubbelklik op del.bat en post de inhoud van de logfile die opent.
  • Oké gedaan: Deleting files C:\WINDOWS\ky.sxc deleted C:\WINDOWS\systime not found C:\WINDOWS\systime.exe not found C:\Program not found Files\cjb\cjb8.exe not found C:\WINDOWS\system32\drivers\spools.exe not found "C:\Documents and Settings\Laura R\cftmon.exe" not found renamed to C:\WINDOWS\TEMP\winlogan.exeHJTNL C:\WINDOWS\TEMP\winlogan.exe deleted renamed to C:\WINDOWS\TEMP\load2.exeHJTNL C:\WINDOWS\TEMP\load2.exe deleted C:\WINDOWS\System32\svchost.t__ deleted C:\WINDOWS\System32\yrjz463.exe deleted C:\WINDOWS\System32\yrjz472.exe deleted C:\WINDOWS\System32\yrjz487.exe deleted C:\WINDOWS\System32\yrjz491.exe deleted C:\WINDOWS\System32\yrjz497.exe deleted C:\WINDOWS\System32\yrjz498.exe deleted C:\WINDOWS\System32\yrjz501.exe deleted C:\WINDOWS\System32\yrjz507.exe deleted C:\WINDOWS\System32\zzxbkb.tmp deleted
  • Herstart je computer. Dubbelklik na de herstart nog een keer op del.bat Download [url=http://www.techsupportforum.com/sectools/Deckard/dss.exe][color=blue:dca411fe44][b:dca411fe44]Deckard's System Scanner[/b:dca411fe44][/color:dca411fe44][/url] naar je [b:dca411fe44]Bureaublad[/b:dca411fe44].[list:dca411fe44] [*:dca411fe44][b:dca411fe44]Sluit[/b:dca411fe44] alle toepassingen en vensters. [*:dca411fe44][b:dca411fe44]Dubbelklik[/b:dca411fe44] op [b:dca411fe44]dss.exe[/b:dca411fe44] om het te activeren, en volg de aanwijzingen. [*:dca411fe44]Wanneer de scan volledig is, zal een tekstbestand - [b:dca411fe44]main.txt[/b:dca411fe44] - openen. [*:dca411fe44]Kopieer [b:dca411fe44](Ctrl+A gevolgd door Ctrl+C)[/b:dca411fe44] en plak [b:dca411fe44](Ctrl+V)[/b:dca411fe44] de inhoud van [b:dca411fe44]main.txt[/b:dca411fe44] in je volgende antwoord evenals extra.txt.[/list:u:dca411fe44] [color=red:dca411fe44][b:dca411fe44]Opmerking:[/b:dca411fe44][/color:dca411fe44] Sommige firewalls [b:dca411fe44]kunnen[/b:dca411fe44] waarschuwen dat [b:dca411fe44]sigcheck.exe[/b:dca411fe44] probeert verbinding te maken met het internet - zorg dat [b:dca411fe44]sigcheck.exe[/b:dca411fe44] toestemming krijgt om dit te doen ! Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen. Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)
  • Voila: Deckard's System Scanner v20071014.68 Run by Laura R on 2008-04-11 19:10:26 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 25: 2008-04-11 17:10:29 UTC - RP88 - Deckard's System Scanner Restore Point 24: 2008-04-08 15:01:41 UTC - RP87 - Herstelbewerking 23: 2008-04-07 18:34:39 UTC - RP86 - Installed ESET Smart Security 22: 2008-04-07 17:10:07 UTC - RP85 - ComboFix created restore point 21: 2008-04-07 17:09:58 UTC - RP84 - 7-4 -- First Restore Point -- 1: 2008-01-28 10:17:25 UTC - RP64 - Installed Windows Media Player 10 Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Laura R.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:10, on 2008-04-11 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe E:\Norton Internet Security 2005\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe E:\Ad-Aware 2007\aawservice.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\vsnpstd.exe C:\WINDOWS\system32\RUNDLL32.EXE E:\Java\bin\jusched.exe C:\WINDOWS\system32\spoolsv.exe E:\iTunes\iTunesHelper.exe C:\Program Files\cjb\cjb8.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe E:\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe E:\Norton Internet Security 2005\Norton AntiVirus\navapsvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Laura R\Bureaublad\dss.exe C:\WINDOWS\system32\wuauclt.exe E:\HIJACK~1\Laura R.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat Reader 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java\bin\ssv.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: (no name) - {B5AC49A2-94F2-42BD-F434-2604812C897D} - (no file) O2 - BHO: (no name) - {B5AF0562-94F3-42BD-F434-2604812C797D} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Norton Internet Security 2005\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Norton Internet Security 2005\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Java\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb8.exe O4 - HKLM\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlogan.exe O4 - HKLM\..\Run: [advap32] "C:\WINDOWS\TEMP\load2.exe" /r O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlogan.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Acrobat Reader 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = E:\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - E:\Norton Internet Security 2005\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Norton Internet Security 2005\Norton AntiVirus\navapsvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - E:\Norton Internet Security 2005\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 9681 bytes -- HijackThis Fixed Entries (E:\HIJACK~1\backups\) ----------------------------- backup-20080411-155255-189 O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor backup-20080411-155255-399 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) backup-20080411-155255-409 O2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing) backup-20080411-155255-492 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) backup-20080411-155255-584 O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\wind32.exe backup-20080411-155256-173 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) backup-20080411-155256-191 O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documenten\Settings\partnership.dll backup-20080411-155256-744 O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.> R2 ACEDRV06 - c:\windows\system32\drivers\acedrv06.sys <Not Verified; Protect Software GmbH; > R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT> R3 snpstd (Trust 120 SpaceCam) - c:\windows\system32\drivers\snpstd.sys <Not Verified; ; PC Camera driver> S3 catchme - c:\docume~1\laurar~1\locals~1\temp\catchme.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service> R2 Bonjour Service (Bonjour-service) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: USB-controller Device ID: PCI\VEN_10DE&DEV_03F2&SUBSYS_82341043&REV_A2\3&267A616A&0&11 Manufacturer: Name: USB-controller PNP Device ID: PCI\VEN_10DE&DEV_03F2&SUBSYS_82341043&REV_A2\3&267A616A&0&11 Service: -- Scheduled Tasks ------------------------------------------------------------- 2008-02-01 21:00:20 534 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Laura R.job -- Files created between 2008-03-11 and 2008-04-11 ----------------------------- 2008-04-11 17:48:20 1212 --a------ C:\WINDOWS\mozver.dat 2008-04-11 17:46:59 0 dr-h----- C:\Documents and Settings\Laura R\Onlangs geopend 2008-04-11 15:59:13 0 d-------- C:\RVAXO 2008-04-11 15:55:30 787789 --a------ C:\WINDOWS\system32\RVAXO.bat 2008-04-11 15:55:30 69632 --a------ C:\WINDOWS\system32\remove.exe 2008-04-10 16:38:57 0 d-------- C:\Program Files\cjb 2008-04-08 17:01:48 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-04-07 20:34:41 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-04-07 20:04:12 0 d-------- C:\RECYCLER(2) 2008-04-07 19:43:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-07 19:39:31 0 dr------- C:\Documents and Settings\LocalService\Favorieten 2008-04-07 19:23:33 0 d-------- C:\ComboFix(2) 2008-04-07 19:10:06 233472 --a------ C:\Documents and Settings\LocalService\ntuser.dat 2008-04-07 19:10:06 3272704 --a------ C:\Documents and Settings\Laura R\ntuser.dat 2008-04-07 19:09:41 68096 --a------ C:\WINDOWS\zip.exe 2008-04-07 19:09:41 49152 --a------ C:\WINDOWS\VFind.exe 2008-04-07 19:09:41 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-04-07 19:09:41 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-04-07 19:09:41 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-04-07 19:09:41 98816 --a------ C:\WINDOWS\sed.exe 2008-04-07 19:09:41 80412 --a------ C:\WINDOWS\grep.exe 2008-04-07 19:09:41 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-04-07 17:31:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-07 17:30:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-07 17:29:05 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-07 17:29:01 0 d-------- C:\Documents and Settings\Laura R\Application Data\Mozilla 2008-04-07 16:39:05 0 d-------- C:\Program Files\iSecurity 2008-03-26 15:48:22 0 d-------- C:\Documents and Settings\Laura R\Application Data\Apple Computer 2008-03-26 15:48:14 0 d-------- C:\Program Files\iPod 2008-03-26 15:47:34 0 d-------- C:\Program Files\Bonjour 2008-03-26 15:46:00 0 d-------- C:\Program Files\Apple Software Update 2008-03-26 15:45:36 0 d-------- C:\Program Files\Common Files\Apple 2008-03-26 15:45:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple -- Find3M Report --------------------------------------------------------------- 2008-04-11 19:10:48 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-04-11 19:09:31 0 d-------- C:\Program Files\Common Files 2008-03-30 13:33:29 367286 --a------ C:\WINDOWS\system32\perfh013.dat 2008-03-30 13:33:29 54464 --a------ C:\WINDOWS\system32\perfc013.dat 2008-03-24 20:18:11 0 d-------- C:\Documents and Settings\Laura R\Application Data\LimeWire -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5AC49A2-94F2-42BD-F434-2604812C897D}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5AF0562-94F3-42BD-F434-2604812C797D}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41] "nwiz"="nwiz.exe" [2007-12-05 02:41 C:\WINDOWS\system32\nwiz.exe] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 00:00] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-07-26 09:54] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-08 17:03] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-05-03 16:06] "snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 16:39] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41] "SunJavaUpdateSched"="E:\Java\bin\jusched.exe" [2007-09-25 02:11] "QuickTime Task"="E:\QuickTime\qttask.exe" [2008-02-01 00:13] "iTunesHelper"="E:\iTunes\iTunesHelper.exe" [2008-02-19 14:10] "cjb"="C:\Program Files\cjb\cjb8.exe" [2008-04-10 16:38] "Hhjg5jfd93dftdf"="C:\WINDOWS\TEMP\winlogan.exe" [] "advap32"="C:\WINDOWS\TEMP\load2.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "Hhjg5jfd93dftdf"="C:\WINDOWS\TEMP\winlogan.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Hhjg5jfd93dftdf"=C:\WINDOWS\TEMP\winlogan.exe C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Speed Launch.lnk - E:\Acrobat Reader 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06] Logitech SetPoint.lnk - E:\Logitech\SetPoint\SetPoint.exe [2007-04-27 10:02:02] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSplayer_WhenUSave_Installer] C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background -- End of Deckard's System Scanner: finished at 2008-04-11 19:11:41 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: Dutch CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ Percentage of Memory in Use: 40% Physical Memory (total/avail): 1023.29 MiB / 610.13 MiB Pagefile Memory (total/avail): 2461.29 MiB / 2079.99 MiB Virtual Memory (total/avail): 2047.88 MiB / 1943.96 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 9.82 GiB total, 3.89 GiB free. D: is CDROM (No Media) E: is Fixed (NTFS) - 29.31 GiB total, 26.84 GiB free. F: is Fixed (NTFS) - 88.87 GiB total, 66.72 GiB free. G: is CDROM (No Media) \\.\PHYSICALDRIVE0 - Hitachi HDS721616PLA380 - 153.38 GiB - 3 partitions \PARTITION0 (bootable) - Installable File System - 9.82 GiB - C: \PARTITION1 - Extended w/Extended Int 13 - 118.18 GiB - E: - F: -- Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is disabled. AntiVirusDisableNotify is set. FirewallDisableNotify is set. FW: ActiveArmor Firewall v1.0 (NVIDIA Corporation) [color=RED:93f0dfb04c]Disabled[/color:93f0dfb04c] FW: Norton Internet Security v2005 (Symantec Corporation) AV: Norton Internet Security v2005 (Symantec Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Laura R\Application Data CLASSPATH=.;E:\Java\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=LAURA ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Laura R LOGONSERVER=\\LAURA NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;E:\QuickTime\QTSystem;E:\QuickTime\QTSystem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=4b02 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=E:\Java\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\LAURAR~1\LOCALS~1\Temp TMP=C:\DOCUME~1\LAURAR~1\LOCALS~1\Temp USERDOMAIN=LAURA USERNAME=Laura R USERPROFILE=C:\Documents and Settings\Laura R windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Laura R [i:93f0dfb04c](admin)[/i:93f0dfb04c] -- Add/Remove Programs --------------------------------------------------------- --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35D8D1B9-DAD1-4505-8A33-78095885CF6B}\Setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Ankh --> "F:\Ankh\uninstall.exe" Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} ASUS Enhanced Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly Bejeweled 2 Deluxe --> "F:\Bejeweled 2 Deluxe\Bejeweled 2 Deluxe\GameInstaller.exe" --uninstall UnInstall.log Biologie voor jou Leerlingen-cd-rom 2 Havo Vwo --> C:\WINDOWS\IsUn0413.exe -f"E:\MalmbergBio2\Biologie voor jou Leerlingen-cd-rom 2 Havo Vwo\Uninst.isu" Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} BSPlayer --> "E:\BSplayerPro\uninstall.exe" CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919} ccCommon --> MsiExec.exe /I{D8F6834B-D5E7-4451-8681-B051ABD8561D} CCleaner (remove only) --> "E:\CCleaner\uninst.exe" ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917} Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini" De Sims 2 --> F:\Sims 2\EAUninstall.exe EPN werkboek-i Getal en Ruimte/1 vmbo-TH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73DD4189-31AA-4B0C-8C0F-42E6CB13F2C9}\setup.exe" -l0x13 UNINSTALL EPN werkboek-i Getal en Ruimte/2 havo vwo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{720C111C-A61C-4953-A3D7-3589D18D83C0}\setup.exe" -l0x13 UNINSTALL Franconville 2 (t)hv --> E:\Frans2HV\UNWISE.EXE E:\Frans2HV\INSTALL.LOG High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe HijackThis 2.0.2 --> "E:\Hijackthis\HijackThis.exe" /uninstall iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} K-Lite Codec Pack 2.89 Full --> "E:\K-Lite Codec Pack\unins000.exe" LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x13 -removeonly Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Microsoft Office Professional Editie 2003 --> MsiExec.exe /I{90110413-6000-11D3-8CFE-0150048383C9} Mozilla Firefox (2.0.0.13) --> E:\Mozilla Firefox\uninstall\helper.exe MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69} Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519} Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F} Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B} Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125} Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B} Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F} Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20} Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555} Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43} Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22} Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0} Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4} NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033 QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067} RCT3 Soaked --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\setup.exe" -l0x13 RollerCoaster Tycoon 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x13 SeaWorld Adventure Park Tycoon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48A6E89E-D2D3-4DA7-8A7C-FBB8F1083409}\setup.exe" Sfinx 2 vmbo-t/havo --> E:\sfinx\2vmbo-th\UNWISE.EXE E:\sfinx\2vmbo-th\INSTALL.LOG SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x13 -removeonly SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Spybot - Search & Destroy --> "E:\Spybot - Search & Destroy\unins000.exe" Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138} SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe Trust 120 SpaceCam --> C:\WINDOWS\CleanDev.exe C:\WINDOWS\DC2110.txt Van Dale Groot woordenboek hedendaags Nederlands --> C:\WINDOWS\ISUN0413.EXE -f"e:\Van Dale Groot woordenboek\Uninst.isu" -c"e:\Van Dale Groot woordenboek\setupnn.dll" Van Dale Grote woordenboeken Duits --> C:\WINDOWS\ISUN0413.EXE -f"e:\Van Dale Duits\Uninst.isu" -c"e:\Van Dale Duits\setupdnnd.dll" Van Dale Grote woordenboeken Engels --> C:\WINDOWS\ISUN0413.EXE -f"e:\Van Dale Engels\Uninst.isu" -c"e:\Van Dale Engels\setupenne.dll" Van Dale Grote woordenboeken Frans --> C:\WINDOWS\ISUN0413.EXE -f"e:\Van Dale Frans\Uninst.isu" -c"e:\Van Dale Frans\setupfnnf.dll" VU Leerling Bovenbouw EPN --> MsiExec.exe /I{97A80FD4-8EEC-402F-ABFE-8D8A3ACDBE4E} Weet wat je eet --> C:\WINDOWS\IsUn0413.exe -f"C:\Program Files\Voeding1\Uninst.isu" Winamp (remove only) --> "E:\Winamp\UninstWA.exe" Windows Live Messenger --> MsiExec.exe /I{9816B8B8-4B53-4D3D-9235-AD931252001D} WinRAR archiver --> E:\Winrar\uninstall.exe Zoo Tycoon 2 - African Adventure --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{CE7062BD-BE6F-4153-9654-3D72D0C1CC17} -- Application Event Log ------------------------------------------------------- Event Record #/Type15519 / Error Event Submitted/Written: 04/10/2008 06:02:33 PM Event ID/Source: 1000 / Application Error Event Description: Vastgelopen toepassing: iexplore.exe, versie: 6.0.2900.2180, vastgelopen module: shlwapi.dll, versie: 6.0.2900.2180, vastgelopen op: 0x00007358. Verwerken van mediaspecifieke gebeurtenis voor [iexplore.exe!ws!] Event Record #/Type15502 / Error Event Submitted/Written: 04/10/2008 04:46:32 PM Event ID/Source: 1002 / Application Hang Event Description: Vastgelopen toepassing: explorer.exe, versie: 6.0.2900.2180, vastgelopen module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000. Event Record #/Type15474 / Error Event Submitted/Written: 04/09/2008 04:40:32 PM Event ID/Source: 1002 / Application Hang Event Description: Vastgelopen toepassing: msnmsgr.exe, versie: 8.1.178.0, vastgelopen module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000. Event Record #/Type15468 / Success Event Submitted/Written: 04/09/2008 04:38:59 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type15444 / Error Event Submitted/Written: 04/09/2008 03:09:21 PM Event ID/Source: 1000 / Windows Live Messenger Event Description: msnmsgr.exe8.1.178.045b12d6amshtml.dll6.0.2900.21804110987800012be92 -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type20119 / Warning Event Submitted/Written: 04/11/2008 07:09:22 PM Event ID/Source: 1003 / Dhcp Event Description: Deze computer kan het netwerkadres niet vernieuwen (van de DHCP- server) voor de netwerkkaart met netwerkadres 0018F3B0A1F1. De volgende fout is opgetreden: %%1223. De computer zal doorgaan om zelf een adres van de netwerkadresserver (DHCP-server) proberen te krijgen. Event Record #/Type20114 / Error Event Submitted/Written: 04/11/2008 07:02:13 PM Event ID/Source: 7023 / Service Control Manager Event Description: De Computer Browser-service is gestopt met de volgende foutcode: %%1460. Event Record #/Type20084 / Warning Event Submitted/Written: 04/11/2008 06:56:53 PM Event ID/Source: 1003 / Dhcp Event Description: Deze computer kan het netwerkadres niet vernieuwen (van de DHCP- server) voor de netwerkkaart met netwerkadres 0018F3B0A1F1. De volgende fout is opgetreden: %%1223. De computer zal doorgaan om zelf een adres van de netwerkadresserver (DHCP-server) proberen te krijgen. Event Record #/Type20079 / Error Event Submitted/Written: 04/11/2008 05:47:22 PM Event ID/Source: 7023 / Service Control Manager Event Description: De Computer Browser-service is gestopt met de volgende foutcode: %%1460. Event Record #/Type20045 / Error Event Submitted/Written: 04/11/2008 04:04:26 PM Event ID/Source: 7023 / Service Control Manager Event Description: De Computer Browser-service is gestopt met de volgende foutcode: %%1460. -- End of Deckard's System Scanner: finished at 2008-04-11 19:11:41 ------------
  • Open een kladblokbestand. Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand. [b:d2eaf1d368]@ECHO OFF IF EXIST log.txt DEL log.txt ECHO Deleting files>>log.txt FOR %%g in ( "C:\Program Files\iSecurity" "C:\Program Files\cjb") DO ( IF EXIST %%g ( ATTRIB -r -s -h %%g RD /S /Q %%g ATTRIB -r -s -h %%g\*.* REN %%g\*.* *.HJTNL IF EXIST %%g ( ECHO %%g not deleted>>log.txt ) ELSE ( ECHO %%g deleted>>log.txt) ) ELSE ( ECHO %%g not found>>log.txt)) START NOTEPAD.EXE log.txt [/b:d2eaf1d368] Ga naar Bestand - Opslaan als. Bij "Opslaan in" kies je: Bureaublad Bij "Bestandsnaam" zet je: del.bat Bij "Opslaan als type" selecteer je: Alle bestanden (*.*). Klik op de knop Opslaan. Dubbelklik op del.bat en post de inhoud van de logfile die opent.
  • Deleting files "C:\Program Files\iSecurity" deleted "C:\Program Files\cjb" not deleted Voila :D
  • Start Hijackthis en vink alleen de volgende regels aan: [b:fe263fcb90]O2 - BHO: (no name) - {B5AC49A2-94F2-42BD-F434-2604812C897D} - (no file) O2 - BHO: (no name) - {B5AF0562-94F3-42BD-F434-2604812C797D} - (no file) O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb8.exe O4 - HKLM\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlogan.exe O4 - HKLM\..\Run: [advap32] "C:\WINDOWS\TEMP\load2.exe" /r O4 - HKCU\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlogan.exe [/b:fe263fcb90] Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked". Herstart de computer. Post na de herstart een nieuw logje van Hijackthis :) Dubbelklik nog een keer op de laatste del.bat en post dat logje ook.
  • Deleting files "C:\Program Files\iSecurity" not found "C:\Program Files\cjb" deleted Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:53, on 2008-04-11 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe E:\Norton Internet Security 2005\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe E:\Ad-Aware 2007\aawservice.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\vsnpstd.exe C:\WINDOWS\system32\RUNDLL32.EXE E:\Java\bin\jusched.exe C:\WINDOWS\system32\spoolsv.exe E:\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe E:\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe E:\Norton Internet Security 2005\Norton AntiVirus\navapsvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe E:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat Reader 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java\bin\ssv.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Norton Internet Security 2005\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Norton Internet Security 2005\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Java\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb8.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Acrobat Reader 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = E:\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - E:\Norton Internet Security 2005\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Norton Internet Security 2005\Norton AntiVirus\navapsvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - E:\Norton Internet Security 2005\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 9260 bytes Al een beetje schoon? :P
  • Deze staat er nog: [b:c4308ea1c8]O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb8.exe[/b:c4308ea1c8] Die kan je met Hijackthis nog verwijderen ;) Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF cleaner[/url] ([url=http://www.majorgeeks.com/ATF_Cleaner_d4949.html]mirror[/url])(gemaakt door Atribune) [b:c4308ea1c8]Belangrijk:[/b:c4308ea1c8] Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken. Dubbelklik op ATF cleaner om het programma te starten. Op het tabblad "Main", plaats je een vinkje bij [b:c4308ea1c8]Select All[/b:c4308ea1c8]. Klik op de knop [b:c4308ea1c8]Empty Selected[/b:c4308ea1c8]. Het volgende doen als je ook FireFox als browser hebt: Klik op tabblad "Firefox", plaats een vinkje bij [b:c4308ea1c8]Select All[/b:c4308ea1c8]. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit haalt het vinkje weer weg bij "Firefox saved passwords") Klik op de knop [b:c4308ea1c8]Empty Selected[/b:c4308ea1c8]. Het volgende doen als je ook Opera als browser hebt: Klik op tabblad "Opera", plaats een vinkje bij [b:c4308ea1c8]Select All[/b:c4308ea1c8]. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop [b:c4308ea1c8]Empty Selected[/b:c4308ea1c8]. Ga naar het tabblad "Main" en klik op de knop [b:c4308ea1c8]Exit[/b:c4308ea1c8] om het programma af te sluiten. Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in. [url=http://users.pandora.be/marcvn/spyware/1852808.htm]Kijk hier hoe je je systeemherstel moet uitschakelen[/url]. Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel. Vertel dan maar of je nog problemen ondervindt :) P.S. ik ga een paar uurtjes offline, ik kijk later vanavond nog wel even naar je topic ;)
  • O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb8.exe heb ik verwijderd, na een nieuwe scan staat deze er ook niet meer tussen. Met ATF cleaner kan ik alleen niet naar het tabblad "Firefox", deze is grijs/ingedrukt. Uit- aanzetten van systeemherstel heb ik ook gedaan. Verder heb ik (naja mijn zusje ;)) helemaal geen problemen meer :D
  • Dat is goed nieuws :D
  • Haha inderdaad :D Nu kan ik eindelijk (veilig) Norton eraf gooien en ESET Smart Security installeren. Super bedankt voor de hulp!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.