Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Help! worm volgens mij +hjklog

dewit
52 antwoorden
  • Hallo allemaal,
    ik ben bang te zijn geinfecteerd door een worm oid.
    Mijn emailprogramma heeft volgens mij ontzettend veel mails gestuurd,
    die mijn virusscanner (gelukkig) niet aflevert omdat ze geïnfecteerd zijn.

    Ik heb virusscanner, adaware, spybot en ccleaner gedraaid, maar het probleem blijft.

    Hebben jullie aub een oplossing?
    Hieronder ons hijacklog.

    Alvast ontzettend bedankt.

    Logfile of HijackThis v1.99.1
    Scan saved at 13:02:11, on 16-12-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Documents and Settings\De Wit\Mijn documenten\Picasa2\PicasaMediaDetector.exe
    D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ilse.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ilse.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {F1F27AA3-0D74-96BB-5849-4BA67145ECAF} - ATLIEHELPER.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Documents and Settings\De Wit\Mijn documenten\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [USBToolTip] "D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [dmkut.exe] C:\WINDOWS\system32\dmkut.exe
    O4 - HKLM\..\Run: [ssweeper] atl_helper.exe
    O4 - HKLM\..\Run: [StartCpl] ActionScr.exe
    O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
    O4 - HKCU\..\Run: [bnui] WinInitDll.exe
    O4 - HKCU\..\Run: [InpriseMon] forces_elite.exe
    O4 - HKCU\..\Run: [KeywordFinder] MsNetHelper.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin
    pjpi142_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin
    pjpi142_06.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8FD7A27C-BC61-45F4-AA71-DDE9A00AA13A}: NameServer = 85.255.115.109,85.255.112.129
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9F9439C6-2E22-40B9-9264-51FAC682EC1B}: NameServer = 85.255.115.109,85.255.112.129
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EB6F838D-3B58-4851-A720-E98DE56F6312}: NameServer = 85.255.115.109,85.255.112.129
    O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe



  • Print deze instructies uit, want tijdens deze fix ben je genoodzaakt de computer te herstarten.
    Download FixWareout van één van deze locaties:
    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe
    Plaatst het op de bureaublad en start het.
    Klik op "Next", daarna op "Install".
    Zorg dat "Run Fixit" aangevinkt is en klik dan op "Finish".
    Volg de aanwijzingen op het scherm.
    Als je gevraagd wordt om de computer opnieuw te starten doe je dit.
    Het zal wat langer duren voor de computer opnieuw volledig opgestart is. Dit is normaal.
    Wanneer de computer opnieuw start, volg je de aanwijzingen op het scherm.
    Als hijackthis opent klik je op "Scan" en daarna vink je de volgende sleutels aan om te fixen:
    [b:c6e36ada6f]R3 - URLSearchHook: (no name) - {F1F27AA3-0D74-96BB-5849-4BA67145ECAF} - ATLIEHELPER.dll (file missing)
    O4 - HKLM\..\Run: [dmkut.exe] C:\WINDOWS\system32\dmkut.exe
    O4 - HKLM\..\Run: [ssweeper] atl_helper.exe
    O4 - HKLM\..\Run: [StartCpl] ActionScr.exe
    O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
    O4 - HKCU\..\Run: [bnui] WinInitDll.exe
    O4 - HKCU\..\Run: [InpriseMon] forces_elite.exe
    O4 - HKCU\..\Run: [KeywordFinder] MsNetHelper.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8FD7A27C-BC61-45F4-AA71-DDE9A00AA13A}: NameServer = 85.255.115.109,85.255.112.129
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9F9439C6-2E22-40B9-9264-51FAC682EC1B}: NameServer = 85.255.115.109,85.255.112.129
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EB6F838D-3B58-4851-A720-E98DE56F6312}: NameServer = 85.255.115.109,85.255.112.129
    O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll[/b:c6e36ada6f]
    Klik daarna op "Fix Checked".
    Sluit Hijackthis en klik op de knop "Proceed".

    Ga naar het Configuratiescherm en klik op "Netwerkverbindingen". Rechtsklik op je standaard verbinding en kies "Eigenschappen".
    Klik op het tabblad "Algemeen" en dubbelklik op "Internet-Protocol (TCP/IP)". Selecteer "Automatisch een DNS-serveradres laten toewijzen".

    Herstart de computer.

    Zoek het bestand c\fixwareout\report.txt en post de inhoud van dit bestandje.
    Maak een nieuwe hijackthislog en post deze.
  • [b:d0d7b4dbcd]De inhoud van c\fixwareout\report.txt[/b:d0d7b4dbcd]

    Fixwareout ver 1.003
    Last edited 12/5/2005
    Post this report in the forums please

    Reg Entries that were deleted
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd

    PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

    »»»»» Search by size and names…

    »»»»» Misc files

    »»»»» Checking for older varients covered by the Rem3 tool


    [b:d0d7b4dbcd]De nieuwe hijacklog[/b:d0d7b4dbcd]

    Logfile of HijackThis v1.99.1
    Scan saved at 17:49:54, on 16-12-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ilse.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [USBToolTip] "D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin
    pjpi142_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin
    pjpi142_06.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


    We konden [b:d0d7b4dbcd]04 - HKLM\..\Run: [UnSpyPC] "C:\program Files \ UnspyPC\UnspyPC.exe[/b:d0d7b4dbcd]" niet vinden bij het verwijderen.




  • Lijkt me ok.
    Zijn er nog problemen?
  • :S het lijkt erop dat er nog steeds mailtjes verstuurd worden.
    Dan zou de worm er nog in moeten zitten :(
    We hadden wel gelezen dat er een nieuwe variant van die bagelworm rondwaart, maar we kunnen nog geen programmas oid vinden die de worm verwijderen.

    Ondertussen ook met Panda online gescand, maar dus nog geen resultaat…
  • Ik dacht dat het weg was.
    Kan je even een hijackthislog posten?
  • Logfile of HijackThis v1.99.1
    Scan saved at 19:31:35, on 16-12-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ilse.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ilse.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [USBToolTip] "D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin
    pjpi142_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin
    pjpi142_06.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe



  • Logje lijkt me ok. Probleem is er nog steeds?
  • Ja, helaas…
    Deze AVG melding verschijnt. Later geeft hij dan ook adressen aan waar naar verzonden schijnt te worden.

    [img:d2d2d02493]http://zfc-zaandijk.nl/melding.JPG[/img:d2d2d02493]
  • Op je bureaublad maak je een nieuwe map. Noem die sysclean.
    Ga naar http://www.trendmicro.com/download/dcs.asp en download de "sysclean package".
    Plaats het in de map sysclean die op je bureaublad staat.
    Ga naar http://www.trendmicro.com/download/pattern.asp en download de "Virus Pattern File (Official Pattern Release)" naar je bureaublad.
    Dit bestandje noemt lptXXX.zip, waar bij de xxx staat voor de versie.
    Unzip lptXXX.zip en je krijgt een bestand dat lpt$vpn.XXX noemt.
    verplaats lpt$vpn.XXX naar de map sysclean op je bureaublad.
    start de computer in veilige modus. (zonder netwerkondersteuning)
    Open de map sysclean op je bureaublad en dubbelklik op sysclean.com.
    plaats een vinkje bij "Automatically clean or delete detected files".
    Klik op "Scan".
    Als de scan klaar is wordt er een logje gemaakt in de map sysclean.
    Start de computer in normale modus post dit logje.
    Maak een nieuwe hijackthislog en post deze.
    Vertel even hoe de situatie is.
  • De log:


    /————————————————————–\
    | Trend Micro Sysclean Package |
    | Copyright 2002, Trend Micro, Inc. |
    | http://www.trendmicro.com |
    \————————————————————–/


    2005-12-17, 12:35:05, Auto-clean mode specified.
    2005-12-17, 12:35:05, Running scanner "C:\Documents and Settings\De Wit\Bureaublad\sysclean\TSC.BIN"…
    2005-12-17, 12:38:09, Scanner "C:\Documents and Settings\De Wit\Bureaublad\sysclean\TSC.BIN" has finished running.
    2005-12-17, 12:38:09, TSC Log:

    Damage Cleanup Engine (DCE) 3.9(Build 1020)
    Windows XP(Build 2600: Service Pack 2)

    Start time : za dec 17 2005 12:35:05

    Load Damage Cleanup Template (DCT) "C:\Documents and Settings\De Wit\Bureaublad\sysclean\tsc.ptn" (version 688) [success]

    Complete time : za dec 17 2005 12:38:09
    Execute pattern count(4590), Virus found count(0), Virus clean count(0), Clean failed count(0)

    2005-12-17, 13:29:12, An error occurred while scanning file "C:\Documents and Settings\De Wit\NTUSER.DAT": Toegang geweigerd.
    2005-12-17, 13:29:12, An error occurred while scanning file "C:\Documents and Settings\De Wit
    tuser.dat.LOG": Toegang geweigerd.
    2005-12-17, 14:13:32, An error occurred while scanning file "C:\Documents and Settings\De Wit\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Toegang geweigerd.
    2005-12-17, 14:13:32, An error occurred while scanning file "C:\Documents and Settings\De Wit\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Toegang geweigerd.
    2005-12-17, 15:04:02, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Toegang geweigerd.
    2005-12-17, 15:04:02, An error occurred while scanning file "C:\Documents and Settings\NetworkService
    tuser.dat.LOG": Toegang geweigerd.
    2005-12-17, 15:04:02, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Toegang geweigerd.
    2005-12-17, 15:04:02, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Toegang geweigerd.
    2005-12-17, 16:29:09, Could not set file for reading on "C:\Program Files\Webroot\Spy Sweeper\Quarantine\cx3sa[1].ssq": Toegang geweigerd.
    2005-12-17, 16:31:09, An error was detected on "C:\System Volume Information\*.*": Toegang geweigerd.
    2005-12-17, 16:38:47, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32.EXE-20C463C1.pf": Toegang geweigerd.
    2005-12-17, 16:38:47, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-0B387BE8.pf": Toegang geweigerd.
    2005-12-17, 16:38:47, Could not set file for reading on "C:\WINDOWS\Prefetch\AGE3.EXE-203E5D99.pf": Toegang geweigerd.
    2005-12-17, 16:38:47, Could not set file for reading on "C:\WINDOWS\Prefetch\AGE3.EXE-2AF981FD.pf": Toegang geweigerd.
    2005-12-17, 16:38:47, Could not set file for reading on "C:\WINDOWS\Prefetch\AUTOPATCHER.EXE-29F33733.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\AUTORUN.EXE-08A9DED1.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGEMC.EXE-361B4758.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGW.EXE-00A2F684.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\BEARSHARE.EXE-35739D34.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\CCLEANER.EXE-09CFC2BC.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\CHKTRUST.EXE-08E53633.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\CLEANMGR.EXE-1F86EA8E.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\CWSHREDDER.EXE-2A5C78F3.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\DCSETUP.EXE-055EF2F9.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\DW15.EXE-14986EB8.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\DXDIAG.EXE-220E128D.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\EBU3.EXE-3272066A.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\EXCEL.EXE-1C75F8D6.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\FLMODMANAGER.EXE-175C1199.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\FREELANCER.EXE-33C1BB1C.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\GOOGLEEARTH.EXE-038E3B0E.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\GOOGLEEARTHSETUP.EXE-2341BB29.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\HITMANPRO2.EXE-002E39B0.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\IDRIVER.EXE-078074A8.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\IDRIVER.EXE-20D017F5.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\IDRIVERT.EXE-28903C83.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\IEDW.EXE-1880380E.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\INS1F.TMP-1C05C75F.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\INS2.TMP-09561CC5.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\INS26.TMP-2E76DF5B.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\INSA6.TMP-061C47E6.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\INSTALL.EXE-3AEF1D3F.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\KONINGKERK.EXE-222AFBDC.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\LAUNCHER.EXE-2338774F.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\LIVEUPDATE.EXE-36641ECB.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGAGENT.EXE-027AF92B.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\LXBHJSWX.EXE-15444448.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\LXBHPSWX.EXE-1D80C624.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\MJ3PRO.EXE-07482CCB.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\MMC.EXE-39071BCC.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\MOVIETHUMB.EXE-1014CF6E.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\MSI25.TMP-1ACDCD58.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\MSI6E.TMP-3420B67E.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIMN.EXE-38BA891D.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNMSGR.EXE-366A1A81.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\NERO.EXE-30D5F6F2.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\NEROSTARTSMART.EXE-3289D1AD.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\PACOMP.EXE-00B3DDB5.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\PACRYPT.EXE-2B5988BA.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\PAEXT.EXE-0CFF9873.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\PICASA2.EXE-071EE291.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\PICASAUPDATE.EXE-3AF4C542.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\POWERPNT.EXE-17CE3F4E.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\REGINCD2.EXE-04F8CC5F.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\REGINI.EXE-2BB3D52B.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E27DD0.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-132038E1.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-13503E51.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-14F3136F.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-18FA5081.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-193066A2.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-197DC677.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1C2CBBF3.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1E743BB3.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1EDA2CF6.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-201C3196.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-23083AE6.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-241163D8.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-24DBE541.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-291868A7.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A94BB85.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2DCEDB30.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E5AF1D7.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E63B614.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2EF1189C.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3262DA63.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-33A78B25.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-39B7B8E6.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3E4BB819.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-438F8D2A.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-43970586.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-48DADA97.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4957EBA5.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-0781A665.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-0F40F254.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-279EF08B.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SOL.EXE-1C0C14EB.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SPLASH.EXE-06215C03.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1344276B.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYSWEEPER.EXE-15D18B6A.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYWAREBLASTER.EXE-20CF1E62.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SWDOCTOR.EXE-3205F7BD.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\SWKOTOR2.EXE-27BE031F.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\TEAMSPEAK.EXE-3A2528B1.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-3076CD0A.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-10D55173.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMAD.EXE-300A8CDF.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMINF.EXE-18504990.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEF9D.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA2.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA3.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA5.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA6.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WRSSSDK.EXE-053DAB7A.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Toegang geweigerd.
    2005-12-17, 16:38:48, Could not set file for reading on "C:\WINDOWS\Prefetch\_WMANSCP.EXE-01383E00.pf": Toegang geweigerd.
    2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Toegang geweigerd.
    2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Toegang geweigerd.
    2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Toegang geweigerd.
    2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Toegang geweigerd.
    2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Toegang geweigerd.
    2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Toegang geweigerd.
    2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Toegang geweigerd.
    2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Toegang geweigerd.
    2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Toegang geweigerd.
    2005-12-17, 16:42:59, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Toegang geweigerd.
    2005-12-17, 16:45:16, An error was detected on "C:\WINDOWS\system32\W?nSxS\*.*": De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist.
    2005-12-17, 16:45:16, An error was detected on "C:\WINDOWS\system32\?ppPatch\*.*": De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist.
    2005-12-17, 16:45:16, An error was detected on "C:\WINDOWS\system32\??curity\*.*": De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist.
    2005-12-17, 16:45:25, Running scanner "C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN"…
    2005-12-17, 18:12:39, Files Detected:
    Copyright © 1990 - 2004 Trend Micro Inc.
    Report Date : 12/17/2005 16:45:26
    VSAPI Engine Version : 7.510-1002
    VSCANTM Version : 1.1-1001
    Virus Pattern Version : 111 (115807 Patterns) (2005/12/15) (311100)
    Command Line: C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\De Wit\Bureaublad\sysclean

    179027 files have been read.
    179027 files have been checked.
    164284 files have been scanned.
    310057 files have been scanned. (including files in archived)
    0 files containing viruses.
    Found 0 viruses totally.
    Maybe 0 viruses totally.
    Stop At : 12/17/2005 18:12:39
    ———*———*———*———*———*———*———*———*
    2005-12-17, 18:12:39, Files Clean:
    Copyright © 1990 - 2004 Trend Micro Inc.
    Report Date : 12/17/2005 16:45:25
    VSAPI Engine Version : 7.510-1002
    VSCANTM Version : 1.1-1001
    Virus Pattern Version : 111 (115807 Patterns) (2005/12/15) (311100)
    Command Line: C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\De Wit\Bureaublad\sysclean

    179027 files have been read.
    179027 files have been checked.
    164284 files have been scanned.
    310057 files have been scanned. (including files in archived)
    0 files containing viruses.
    Found 0 viruses totally.
    Maybe 0 viruses totally.
    Stop At : 12/17/2005 18:12:39 1 hour 27 minutes 8 seconds (5227.89 seconds) has elapsed.

    ———*———*———*———*———*———*———*———*
    2005-12-17, 18:12:39, Clean Fail:
    Copyright © 1990 - 2004 Trend Micro Inc.
    Report Date : 12/17/2005 16:45:25
    VSAPI Engine Version : 7.510-1002
    VSCANTM Version : 1.1-1001
    Virus Pattern Version : 111 (115807 Patterns) (2005/12/15) (311100)
    Command Line: C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\De Wit\Bureaublad\sysclean

    179027 files have been read.
    179027 files have been checked.
    164284 files have been scanned.
    310057 files have been scanned. (including files in archived)
    0 files containing viruses.
    Found 0 viruses totally.
    Maybe 0 viruses totally.
    Stop At : 12/17/2005 18:12:39 1 hour 27 minutes 8 seconds (5227.89 seconds) has elapsed.

    ———*———*———*———*———*———*———*———*
    2005-12-17, 18:12:39, Scanner "C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN" has finished running.
    2005-12-17, 19:57:32, An error was detected on "D:\System Volume Information\*.*": Toegang geweigerd.
    2005-12-17, 19:58:30, Running scanner "C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN"…
    2005-12-17, 20:23:51, Files Detected:
    Copyright © 1990 - 2004 Trend Micro Inc.
    Report Date : 12/17/2005 19:58:30
    VSAPI Engine Version : 7.510-1002
    VSCANTM Version : 1.1-1001
    Virus Pattern Version : 111 (115807 Patterns) (2005/12/15) (311100)
    Command Line: C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\De Wit\Bureaublad\sysclean

    57025 files have been read.
    57025 files have been checked.
    49788 files have been scanned.
    56775 files have been scanned. (including files in archived)
    0 files containing viruses.
    Found 0 viruses totally.
    Maybe 0 viruses totally.
    Stop At : 12/17/2005 20:23:51
    ———*———*———*———*———*———*———*———*
    2005-12-17, 20:23:51, Files Clean:
    Copyright © 1990 - 2004 Trend Micro Inc.
    Report Date : 12/17/2005 19:58:30
    VSAPI Engine Version : 7.510-1002
    VSCANTM Version : 1.1-1001
    Virus Pattern Version : 111 (115807 Patterns) (2005/12/15) (311100)
    Command Line: C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\De Wit\Bureaublad\sysclean

    57025 files have been read.
    57025 files have been checked.
    49788 files have been scanned.
    56775 files have been scanned. (including files in archived)
    0 files containing viruses.
    Found 0 viruses totally.
    Maybe 0 viruses totally.
    Stop At : 12/17/2005 20:23:51 25 minutes 15 seconds (1515.09 seconds) has elapsed.

    ———*———*———*———*———*———*———*———*
    2005-12-17, 20:23:51, Clean Fail:
    Copyright © 1990 - 2004 Trend Micro Inc.
    Report Date : 12/17/2005 19:58:30
    VSAPI Engine Version : 7.510-1002
    VSCANTM Version : 1.1-1001
    Virus Pattern Version : 111 (115807 Patterns) (2005/12/15) (311100)
    Command Line: C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\De Wit\Bureaublad\sysclean

    57025 files have been read.
    57025 files have been checked.
    49788 files have been scanned.
    56775 files have been scanned. (including files in archived)
    0 files containing viruses.
    Found 0 viruses totally.
    Maybe 0 viruses totally.
    Stop At : 12/17/2005 20:23:51 25 minutes 15 seconds (1515.09 seconds) has elapsed.

    ———*———*———*———*———*———*———*———*
    2005-12-17, 20:23:51, Scanner "C:\Documents and Settings\De Wit\Bureaublad\sysclean\VSCANTM.BIN" has finished running.

    en het probleem is nog niet verholpen

    helaas :cry:

  • hier maak ik me zorgen over:
    2005-12-17, 16:45:16, An error was detected on "C:\WINDOWS\system32\W?nSxS\*.*": De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist.
    2005-12-17, 16:45:16, An error was detected on "C:\WINDOWS\system32\?ppPatch\*.*": De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist.
    2005-12-17, 16:45:16, An error was detected on "C:\WINDOWS\system32\??curity\*.*": De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist.

    Kijk eens of je deze mappen kan vinden. De vraagtekens zullen vervangen zijn door een letter van ons alfabet (dit is slechts schijn).
    Waarschijnlijk zit daar de boosdoener in verstopt.
    Laat even weten hoe de namen van die mappen luiden en welke bestanden je daar vindt.
    Kan zijn dat je dit in veilige modus moet proberen.
  • In veilige modus bekeken:

    [quote:d5298106ef]2005-12-17, 16:45:16, An error was detected on "C:\WINDOWS\system32\W?nSxS\*.*": De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist. [/quote:d5298106ef]
    Map: Winsxs alleen-lezen en verder leeg.

    [quote:d5298106ef]2005-12-17, 16:45:16, An error was detected on "C:\WINDOWS\system32\?ppPatch\*.*": De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist. [/quote:d5298106ef]
    Map: appPatch. Alleen-lezen map. Daarin zit winword.exe als verborgen bestand. Bestandje is 392 kb

    [quote:d5298106ef]2005-12-17, 16:45:16, An error was detected on "C:\WINDOWS\system32\??curity\*.*": De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist. [/quote:d5298106ef]
    Map: security. Alleen-lezen map en leeg.
  • Ik kan deze mappen niet thuisbrengen in de system32-map. (wel in de windows map)
    Kan je eens iets proberen.
    Open de system32 map, rechtsklik en kies Nieuw - Nieuwe map.
    Noem deze map Securtiy.
    Probeer dit ook voor Winsxs en voor AppPatch.

    Laat me weten of dit lukt zonder meldingen dat de map al bestaat.
  • De mappen kunnen zonder problemen worden aangemaakt.
  • Ik dacht wel dat dit zou lukken.

    Probeer die andere mappen te verwijderen. Doe dit in veilige modus.
    Laat even weten of het lukt.
    Kan je die mappen niet verwijderen, dan hernoem je de mappen.
    Kijk of dit je probleem oplost.
  • Alle 3 de mappen zijn verwijderd.

    Het probleem blijft helaas bestaan :cry:
  • Maak even een hijackthislog en post deze.
  • De nieuwe log:

    Logfile of HijackThis v1.99.1
    Scan saved at 18:43:10, on 18-12-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ilse.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ilse.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [USBToolTip] "D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin
    pjpi142_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin
    pjpi142_06.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4650/mcfscan.cab
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    Kaspersky vond 1 virus:
    Trojan.win32.qhost.el

    Het lijkt er op dat het probleem verholpen is :)



  • Logje ziet er goed uit.
    Kasperksy heeft de trojan kunnen verwijderen?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.