Vraag & Antwoord

Beveiliging & privacy

HijackThis

4 antwoorden
  • Ik hoop. dat iemand mij wil helpen. Regel O20 - AppInit_DLLs: tisqetyu.dll,zxmshwin.dll,rijxckin.dll,arjrller.dll,jlgejgei32fg.dll in onderstaande log bevalt me allerminst. HighJackThis kan de bestanden niet verwijderen. Daarnaast werkt mijn taskmanager niet meer, net zo min als systeemherstel. Ik weet niet wat er allemaal aan de hand is. Wie heeft een suggestie? Daarnaast heb ik nog een andere vraag over een nieuwe versie van windows die ik heb aangeschaft. Kan ik die zo over de oude heen schrijven? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:19:50, on 21-9-2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Creative\TaskBar\CTLTray.exe C:\Program Files\Creative\TaskBar\CTLTask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe" O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user') O4 - Global Startup: Adapter Utility.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch/richtplan3d/pages/plugin/gvista30161.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0 O16 - DPF: {5D2CF9D0-113A-476B-986F-288B54571614} (DevalVR Control) - http://www.devalvr.com/instalacion/plugin/devalocx.cab O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://195.73.15.148:82/activex/AMC.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-d5c1368831c9a595.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://209.226.48.74:82/activex/AMC.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/xupload/XUpload.ocx O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O20 - AppInit_DLLs: tisqetyu.dll,zxmshwin.dll,rijxckin.dll,arjrller.dll,jlgejgei32fg.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing) O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe -- End of file - 14087 bytes
  • Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd: [b:b7923b4dea]O20 - AppInit_DLLs: tisqetyu.dll,zxmshwin.dll,rijxckin.dll,arjrller.dll,jlgejgei32fg.dll O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)[/b:b7923b4dea] Klik op 'Fix checked' om de items te verwijderen. Verwijder volgende vetgedrukt bestand (indien nog te vinden) via Windows Verkenner C:\WINDOWS\SYSTEM32\[b:b7923b4dea]RUNDLLFROMWIN2000.EXE[/b:b7923b4dea] Mogelijk moet je dit ook eerst uitschakelen bij je services. Lukt dit niet in gewone modus, probeer het dan opnieuw in veilige modus. Download [b:b7923b4dea]MBAM (Malwarebytes' Anti-Malware)[/b:b7923b4dea] hier : http://www.besttechie.net/tools/mbam-setup.exe Dubbelklik op mbam-setup.exe om het programma te installeren. Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien". Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden. Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan. Het scannen kan een tijdje duren, dus wees geduldig. Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien. Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde. Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder) De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM. Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart. Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.
  • Hi Kape, Bedankt dat je wilde reageren. Ik heb handmatig de bestanden van het eerste HijackThis logje in regel 020 moeten verwijderen. Het bestand in O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing) is niet te verwijderen, maar ook niet te vinden. Daarna heb ik je overige instructies opgevolgd. Taskmanager en Systeemherstel werken nog steeds niet. Hier zijn de logjes Malwarebytes' Anti-Malware 1.28 Database versie: 1194 Windows 5.1.2600 22-9-2008 22:03:37 mbam-log-2008-09-22 (22-03-37).txt Scan type: Snelle Scan Objecten gescand: 231593 Verstreken tijd: 1 hour(s), 31 minute(s), 2 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 17 Registersleutels geïnfecteerd: 28 Registerwaarden geïnfecteerd: 20 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 21 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: C:\WINDOWS\Fonts\oohxfbyt.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\zywmjime.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\ypcqihlp.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\ptjhfhlp.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\ozfygbyt.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\akjsgkaq.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\ietzepaq.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\mndhhdwd.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\detxfiua.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\zptlesys.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\zycbeime.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\lopdfeab.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\yxcsehlp.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\ypdjibmp.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\zywleime.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\mpwdgapi.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\aekdaolf.dll (Spyware.OnlineGames) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\CLSID\{7b1aef69-ddae-fdad-dcab-698f026abdb7} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a319a1f1-9410-9654-3201-345ffa34913a} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a0af1289-f140-a140-d012-c1458759fc0a} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{628df602-9541-a985-210a-984a698c6f26} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7a069845-2036-6084-9054-6087502480a7} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7a908760-8000-4000-a000-9000322145a7} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{59109876-7619-9101-7012-901938475195} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8c648541-1025-9650-9057-6541258720c8} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{60618412-c528-c784-c056-c164d1f7c506} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{70940f85-f015-14f1-a05f-f69858ac6d07} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5a698102-5904-afd0-20df-cd1a65829ca5} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c629ff4f-acdb-5c90-a098-facb3456a26c} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{55671234-7890-abcd-cdef-567801237655} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b1954fac-1023-154f-895a-1458258ad81b} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{57a924af-1a5f-cf21-ab1d-1d5cf82a8a75} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{75694105-5108-9405-3695-954187462157} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{10658451-2036-6541-2068-698745214601} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} (Adware.NetOptimizer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} (Adware.NetOptimizer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a9895933-6636-4281-bc58-ee6de2af96e3} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7b1aef69-ddae-fdad-dcab-698f026abdb7} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a319a1f1-9410-9654-3201-345ffa34913a} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a0af1289-f140-a140-d012-c1458759fc0a} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{628df602-9541-a985-210a-984a698c6f26} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7a069845-2036-6084-9054-6087502480a7} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7a908760-8000-4000-a000-9000322145a7} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{59109876-7619-9101-7012-901938475195} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8c648541-1025-9650-9057-6541258720c8} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{60618412-c528-c784-c056-c164d1f7c506} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{70940f85-f015-14f1-a05f-f69858ac6d07} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5a698102-5904-afd0-20df-cd1a65829ca5} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c629ff4f-acdb-5c90-a098-facb3456a26c} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{55671234-7890-abcd-cdef-567801237655} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b1954fac-1023-154f-895a-1458258ad81b} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{57a924af-1a5f-cf21-ab1d-1d5cf82a8a75} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{75694105-5108-9405-3695-954187462157} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{10658451-2036-6541-2068-698745214601} (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: C:\WINDOWS\system32\AppCert (Trojan.Downloader) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\Fonts\oohxfbyt.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\zywmjime.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\ypcqihlp.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\ptjhfhlp.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\ozfygbyt.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\akjsgkaq.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\ietzepaq.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\mndhhdwd.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\detxfiua.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\zptlesys.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\zycbeime.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\lopdfeab.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\yxcsehlp.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\ypdjibmp.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\zywleime.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\mpwdgapi.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\Fonts\aekdaolf.dll (Spyware.OnlineGames) -> Delete on reboot. C:\WINDOWS\system32\AppCert\filter.drv (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\AppCert\prx66f.bak (Trojan.Downloader) -> Quarantined and deleted successfully. C:\install.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Elize\Favorieten\adult sites\Hardcore\yvon's training.lnk (Adware.SurfAssistant) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:15:19, on 22-9-2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Creative\TaskBar\CTLTray.exe C:\Program Files\Creative\TaskBar\CTLTask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe" O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user') O4 - Global Startup: Adapter Utility.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch/richtplan3d/pages/plugin/gvista30161.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0 O16 - DPF: {5D2CF9D0-113A-476B-986F-288B54571614} (DevalVR Control) - http://www.devalvr.com/instalacion/plugin/devalocx.cab O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://195.73.15.148:82/activex/AMC.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-d5c1368831c9a595.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://209.226.48.74:82/activex/AMC.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/xupload/XUpload.ocx O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing) O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe -- End of file - 13827 bytes
  • Download Combofix hier http://download.bleepingcomputer.com/sUBs/ComboFix.exe en zet het op je Bureaublad. Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. Indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Hang het log van Combofix aan je volgende bericht.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.