Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

HijackThis log (spyware)

Anoniem
smeenk
17 antwoorden
  • Zit je even rustig op de computer, hoor je opeens je pc flink denken en voor je het weet vliegen de setups je om de oren en ben je de sigaar. Ad-Aware hielp niks en systeem herstellen naar paar dagen geleden via systeemherstel ook niet, want 'Titan Poker' en 'REMOVE SPYWARE' staan nog steeds op mijn bureaublad. Hier mijn HijackThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 18:40:48, on 27-1-2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    E:\Norton AntiVirus 2005 Nl - Michiel
    avapsvc.exe
    E:\Norton AntiVirus 2005 Nl - Michiel\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\UAService7.exe
    E:\Logitech\iTouch\iTouch.exe
    E:\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\System32\ctfmon.exe
    H:\RealPopup\RealPopup.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    H:\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\MICHIE~1.REM\LOCALS~1\Temp\se.dll/space.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Adobe Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7B6B6329-FB7F-4C0A-BC3D-B6F6EADD94B3} - C:\WINDOWS\System32\fidi.dll (file missing)
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Norton AntiVirus 2005 Nl - Michiel\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Norton AntiVirus 2005 Nl - Michiel\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE
    un
    O4 - HKLM\..\Run: [zBrowser Launcher] E:\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] E:\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [RealPopup] "H:\RealPopup\RealPopup.exe" BOOT
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = H:\Adobe Reader\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: Download all by Free Download Manager - file://H:\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected by Free Download Manager - file://H:\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site met Free Download Manager - file://H:\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Gedownload met Free Download Manager - file://H:\Free Download Manager\dllink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O21 - SSODL: dQgwjD - {DC2E220D-7684-88A7-A2BA-08AAB7AD13D8} - C:\WINDOWS\System32\pgvs.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - E:\Norton AntiVirus 2005 Nl - Michiel
    avapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Norton AntiVirus 2005 Nl - Michiel\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - E:\Norton AntiVirus 2005 Nl - Michiel\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

    Wat te doen?




  • Print deze instructies uit of sla ze op in een kladblokbestand en plaatst dit op je bureaublad.

    Download, installeer en update de free trial versie van ewido anti-malware.
    Tijdens de installatie, onder "Additional Options", haal je de vinkjes weg bij "Install background guard" en "Install scan via context menu".
    Als je Ewido voor de eerste keer start, zal je een foutmelding krijgen "Database could not be found!". Deze melding is normaal. Klik op "OK".
    In het hoofdscherm van Ewido, klik je op "Update" in het linkse menu, en vervolgens op de knop "Start update".
    Als de updates gedaan zijn, zal er in de statusbalk beneden staan "Update successful".
    Sluit Ewido. Laat het nog [b:262485c6db]niet[/b:262485c6db] scannen.

    Download smitRem.exe.
    Dubbelklik op het bestand om het uit te pakken naar een eigen map op je bureaublad.

    Download dit programma: SpSeHjfix112.exe.
    Plaats het op je bureaublad maar gebruik het nu nog niet.

    Start je computer op in veilige modus.

    Start HijackThis nog een keer kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
    [b:262485c6db]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\MICHIE~1.REM\LOCALS~1\Temp\se.dll/space.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O2 - BHO: (no name) - {7B6B6329-FB7F-4C0A-BC3D-B6F6EADD94B3} - C:\WINDOWS\System32\fidi.dll (file missing)
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O21 - SSODL: dQgwjD - {DC2E220D-7684-88A7-A2BA-08AAB7AD13D8} - C:\WINDOWS\System32\pgvs.dll[/b:262485c6db]
    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    Open de smitrem-map op je bureaublad, en dubbelklik op RunThis.bat. Volg de aanwijzigingen op het scherm.
    Je bureaublad en ikoontjes zullen even verdwijnen en daarna terug verschijnen, dit is normaal.
    Wacht tot het tooltje zijn werk heeft gedaan en Disk Cleanup afgelopen is. Dit kan enige tijd duren, dus wees geduldig.

    Dubbelklik op [b:262485c6db]SpSeHjfix112.exe[/b:262485c6db] en klik op de knop "Start disinfection".
    Laat het tooltje zijn werk doen.

    Open Ewido Security Suite.
    klik op "Scanner".
    Klik op "complete system scan".
    Laat het programma je pc scannen.

    Tijdens de scan zal je gevraagd worden of je de gevonden bestanden wil verwijderen. Klik dan op "OK".
    Als de scan beëindigd is, zal je een knop zien "Bewaar rapport".
    Klik op Bewaar rapport en sla het rapport op, op je bureaublad.
    Sluit Ewido af.


    Ga naar Start - configuratiescherm - vormgeving en thema's (als dat er niet staat moet je even op "Categorieweergave" klikken) - bureaublad - bureaublad aanpassen - Website .
    Verwijder alles wat daar eventueel staat (behalve "Mijn huidige pagina").

    Herstart je computer in normale modus.

    Doe een online scan via Panda's online virus scan.
    Krijg je de mogelijkheid om een logje op te slaan dan doe je dit.

    Maak een nieuw HijackThislog en post deze(volledig).
    Post ook het rapport (logje) van Ewido en Panda.
    Zoek naar c:\[b:262485c6db]smitfiles.txt[/b:262485c6db] en post de inhoud van dit bestand ook.
    Vertel even hoe de situatie nu is.

    Groeten smeenk ;)
  • Bedankt voor de reactie en sorry voor de late reactie van mij, maar ik er dit weekend niet. Ik heb gedaan wat je zei en nu is grotendeels de sypware wel weg. Nog niet alles want soms start IE op en gaat naar een onbekende site.

    Hier mijn HijackThis logfile:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:09:40, on 29-1-2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    E:\Logitech\iTouch\iTouch.exe
    E:\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\ctfmon.exe
    H:\RealPopup\RealPopup.exe
    I:\Tempp\ewido anti-malware\ewidoctrl.exe
    E:\Norton AntiVirus 2005 Nl - Michiel
    avapsvc.exe
    E:\Norton AntiVirus 2005 Nl - Michiel\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    H:\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Norton AntiVirus 2005 Nl - Michiel\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE
    un
    O4 - HKLM\..\Run: [zBrowser Launcher] E:\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] E:\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [RealPopup] "H:\RealPopup\RealPopup.exe" BOOT
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = H:\Adobe Reader\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: Download all by Free Download Manager - file://H:\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected by Free Download Manager - file://H:\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site met Free Download Manager - file://H:\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Gedownload met Free Download Manager - file://H:\Free Download Manager\dllink.htm
    O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\gp88l3lu1.dll
    O20 - Winlogon Notify: winyvn32 - C:\WINDOWS\SYSTEM32\winyvn32.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - I:\Tempp\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - E:\Norton AntiVirus 2005 Nl - Michiel
    avapsvc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor
    etmon.exe (file missing)
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Norton AntiVirus 2005 Nl - Michiel\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - E:\Norton AntiVirus 2005 Nl - Michiel\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe



    ———————————————————
    ewido anti-malware - Scan rapport
    ———————————————————

    + Gemaakt op: 20:47:51, 29-1-2006
    + Rapport samenvatting: 1EAE6E13

    + Scan resultaten:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> Trojan.Small : Schoongemaakt met een backup
    HKU\S-1-5-21-117609710-113007714-682003330-1003\Software\DNS -> Adware.Shorty : Schoongemaakt met een backup
    [664] C:\WINDOWS\system32\mgsign32.dll -> Spyware.Look2Me : Schoongemaakt met een backup
    [880] C:\WINDOWS\system32\mgsign32.dll -> Spyware.Look2Me : Fout gedurende het schoonmake
    C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
    C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
    C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@atdmt[2].txt -> Spyware.Cookie.Atdmt : Schoongemaakt met een backup
    C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Schoongemaakt met een backup
    C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@burstnet[2].txt -> Spyware.Cookie.Burstnet : Schoongemaakt met een backup
    C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@com[2].txt -> Spyware.Cookie.Com : Schoongemaakt met een backup
    C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Schoongemaakt met een backup
    C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Schoongemaakt met een backup
    C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@revenue[1].txt -> Spyware.Cookie.Revenue : Schoongemaakt met een backup
    C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Schoongemaakt met een backup
    C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@statcounter[1].txt -> Spyware.Cookie.Statcounter : Schoongemaakt met een backup
    C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Schoongemaakt met een backup
    C:\drsmartload46a.exe -> Downloader.Adload.j : Schoongemaakt met een backup
    C:\Installer.exe -> Spyware.Look2Me : Schoongemaakt met een backup
    C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Schoongemaakt met een backup
    C:\Program Files\Common Files\fzir\fzira.exe -> Downloader.TSUpdate.l : Schoongemaakt met een backup
    C:\Program Files\Common Files\fzir\fzirl.exe -> Downloader.TSUpdate.p : Schoongemaakt met een backup
    C:\Program Files\Common Files\fzir\fzirm.exe -> Downloader.TSUpdate.n : Schoongemaakt met een backup
    C:\Program Files\Common Files\fzir\~GLH0009.TMP -> Downloader.TSUpdate.f : Schoongemaakt met een backup
    C:\Program Files\Common Files\fzir\~GLH000a.TMP -> Downloader.TSUpdate.f : Schoongemaakt met een backup
    C:\Program Files\Common Files\InetGet\freeprodtb.exe -> Spyware.Maxifiles : Schoongemaakt met een backup
    C:\Program Files\Common Files\InetGet\mc-110-12-0000169.exe -> Spyware.Maxifiles : Schoongemaakt met een backup
    C:\Program Files\Common Files\Windows\mc-110-12-0000169.exe -> Spyware.Maxifiles : Schoongemaakt met een backup
    C:\Program Files\Common Files\Windows\services32.exe -> Spyware.Maxifiles : Schoongemaakt met een backup
    C:\Program Files\Everest Poker\CStart.exe -> Spyware.Casino : Schoongemaakt met een backup
    C:\Program Files\Network Monitor
    etmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Schoongemaakt met een backup
    C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Schoongemaakt met een backup
    C:\ucmoreiex.exe/UCMTSAIE.DLL -> Spyware.UCmore : Schoongemaakt met een backup
    C:\ucmoreiex.exe/IUCMORE.DLL -> Spyware.UCmore : Schoongemaakt met een backup
    C:\WINDOWS\MTE4MTU6ODoxNg.exe -> Downloader.Small.buy : Schoongemaakt met een backup
    C:\WINDOWS\system32\gstuname.dll -> Spyware.Look2Me : Schoongemaakt met een backup
    C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Schoongemaakt met een backup
    C:\WINDOWS\system32\ioagXRA7.dll -> Spyware.Look2Me : Schoongemaakt met een backup
    C:\WINDOWS\system32\mgsign32.dll -> Spyware.Look2Me : Schoongemaakt met een backup
    C:\WINDOWS\system32
    xhtml.dll -> Spyware.Look2Me : Schoongemaakt met een backup
    C:\WINDOWS\system32\pgvs.dll -> Proxy.Agent.df : Schoongemaakt met een backup
    C:\WINDOWS\system32\spool.exe -> Backdoor.Rbot : Schoongemaakt met een backup
    C:\WINDOWS\TWljaGllbA\asappsrv.dll -> Spyware.CommAd : Schoongemaakt met een backup
    C:\WINDOWS\TWljaGllbA\command.exe -> Adware.CommAd : Schoongemaakt met een backup


    ::Einde rapport

    ————————————————————————–
    en als laatste:


    smitRem © log file
    version 2.8

    by noahdfear


    Microsoft Windows XP [versie 5.1.2600]

    Running from
    I:\Tempp\smitrem\smitRem
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    checking for ShudderLTD key

    ShudderLTD key not present!

    checking for PSGuard.com key


    PSGuard.com key not present!


    checking for WinHound.com key


    WinHound.com key not present!

    spyaxe uninstaller NOT present
    Winhound uninstaller NOT present
    SpywareStrike uninstaller NOT present

    Existing Pre-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~

    atmtd.dll
    atmtd.dll._


    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 776 'explorer.exe'

    Starting registry repairs

    Registry repairs complete

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SharedTask Export after registry fix

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Deleting files


    Remaining Post-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~

    atmtd.dll
    atmtd.dll._


    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~



    ~~~ Miscellaneous Files/folders ~~~




    ~~~ Wininet.dll ~~~

    wininet.dll is missing!!

    ————————————————————-

    De Panda scan kan ik niet doen omdat mijn Java het niet meer doet :|

    Wat moet ik nu doen?







  • Download de L2Mfix hier.
    Plaats het bestand op je buroblad. Klik op l2mfix.exe.
    Klik op "Accept". Zorg dat de l2mfix-map op je bureaublad geplaatst wordt. Klik op "Install".
    Op je bureaublad open je de map l2mfix.
    Klik op l2fix.bat.
    Klik op "1" om optie te 1 selecteren: Run Find Log.
    Dit gaat even duren. Na een tijdje wordt er een kladblokbestand geopend.
    Kopieer en plak de inhoud van dit bestand in je volgende post.

    Let op: Optie 2 mag je voorlopig NIET gebruiken. Gebruik ook geen andere bestanden die zich in de map l2mfix bevinden!
  • Heb ik gedaan (alleen ging het wel erg snel hoor) :

    L2MFIX find log 010406
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\gp88l3lu1.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winyvn32]
    "Asynchronous"=dword:00000001
    "DllName"="winyvn32.dll"
    "Impersonate"=dword:00000000
    "Startup"="EvtStartup"
    "Shutdown"="EvtShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{EBF3315E-35DC-4382-662D-ECAFDF962A3E}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Eigenschappenvenster van multimediabestand"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerbeheer"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Het tabblad Beveiliging"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Eigenschappenblad voor OLE-docbestand"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell-uitbreidingen voor delen"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldschermadapter"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Monitor"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldscherm-panning"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Het tabblad Beveiliging"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibiliteitspagina"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Knipselgegevensverwerker van shell"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Schijfkopieer-uitbreiding"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell-uitbreidingen voor Microsoft Windows Network-objecten"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-monitorbeheer"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerbeheer"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell-uitbreidingen voor bestandscompressie"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shell-uitbreiding voor Web Printer"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Snelmenu Codering"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Werkmap"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-pictogramuitbreiding"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiel"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Het tabblad Beveiliging voor printers"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell-uitbreidingen voor delen"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-extensie"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto-handtekeningextensie"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netwerkverbindingen"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netwerkverbindingen"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners en camera's"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners en camera's"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners en camera's"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners en camera's"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners en camera's"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Uitbreiding voor AutoUpdate-eigenschappenvenster"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell-uitbreidingen voor Windows Script Host"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplande taken"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taakbalk en menu Start"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Zoeken"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uitvoeren…"
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Lettertypen"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Systeembeheer"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-werkbalk"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Downloadstatus"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Uitgebreide shell-map"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Uitgebreide shell-map 2"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft-browserbalk"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Zoekbalk"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Mediabalk"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Zoeken binnen deelvenster"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Zoeken op het web"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Hulpprogramma met opties voor registerboomstructuur"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoAanvullen"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU-lijst voor AutoAanvullen"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Aangepaste MRU-lijst voor AutoAanvullen"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Toegankelijk"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Pop-upbalk Volgen"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Parser voor adresbalk"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lijst voor AutoAanvullen: Microsoft Geschiedenis"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Lijst voor AutoAanvullen: Microsoft Shell-map"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft-container met meervoudige lijst voor AutoAanvullen"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Sitemenu van shell-band"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Gebruikersondersteuning"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globale mapinstellingen"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url-geschiedenisservice"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Geschiedenis"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url-zoeken Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-welkomstscherm"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Het Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="Cachemap van ActiveX"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Map met abonnementen"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Toepassingsbeheer"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Programma voor inventarisatie van ge‹nstalleerde toepassingen"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI- en bestandsextractieprogramma voor miniaturen"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informatie over de handler voor miniatuurweergaven (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-extractie voor miniatuurweergaven"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Wizard Webpublicaties"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Afdrukken via het web bestellen"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell-object voor publicatiewizard"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Wizard Passport"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Gebruikersaccounts"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanaal-bestand"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanaal-snelkoppeling"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Handler-object voor kanalen"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Map Off line bestanden"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Personen…"
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
    "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webmappen"
    "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
    "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
    "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
    "{B327765E-D724-4347-8B16-78AE18552FC3}"="NeroDigitalIconHandler"
    "{7F1CF152-04F8-453A-B34C-E609530A9DC8}"="NeroDigitalPropSheetHandler"
    "{95111C09-805F-4CEE-A3D5-202B4C1D645B}"="AZR Context Menu Shell Extension"
    "{61AEFDC0-6C22-4F37-9D27-258ED094715F}"=""
    "{BC954DA6-983C-4080-8D89-1CCD7280AE61}"=""
    "{A6AC63E9-07EF-4B6B-96F2-AB8461ABA42D}"=""
    "{B3D93B8B-34EB-44F4-9EBB-6242C381539D}"=""
    "{1D2A24E8-0F54-487A-8FEB-2943ED800324}"=""

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{BC954DA6-983C-4080-8D89-1CCD7280AE61}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BC954DA6-983C-4080-8D89-1CCD7280AE61}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BC954DA6-983C-4080-8D89-1CCD7280AE61}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BC954DA6-983C-4080-8D89-1CCD7280AE61}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ioagXRA7.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{A6AC63E9-07EF-4B6B-96F2-AB8461ABA42D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A6AC63E9-07EF-4B6B-96F2-AB8461ABA42D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A6AC63E9-07EF-4B6B-96F2-AB8461ABA42D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A6AC63E9-07EF-4B6B-96F2-AB8461ABA42D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\gstuname.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{B3D93B8B-34EB-44F4-9EBB-6242C381539D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B3D93B8B-34EB-44F4-9EBB-6242C381539D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B3D93B8B-34EB-44F4-9EBB-6242C381539D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B3D93B8B-34EB-44F4-9EBB-6242C381539D}\InprocServer32]
    @="C:\\WINDOWS\\system32\
    xhtml.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{1D2A24E8-0F54-487A-8FEB-2943ED800324}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1D2A24E8-0F54-487A-8FEB-2943ED800324}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1D2A24E8-0F54-487A-8FEB-2943ED800324}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1D2A24E8-0F54-487A-8FEB-2943ED800324}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    adserv~1.dll Sun 29 Jan 2006 10:03:58 A…. 16.896 16,50 K
    bassmod.dll Sat 28 Jan 2006 18:12:42 A…. 15.360 15,00 K
    gp88l3~1.dll Sun 29 Jan 2006 20:14:34 ..S.R 234.818 229,31 K
    lmfax13n.dll Sun 29 Jan 2006 20:54:58 ….. 234.818 229,31 K
    lvl609~1.dll Sun 29 Jan 2006 20:54:58 ..S.R 235.457 229,94 K
    sirenacm.dll Wed 14 Dec 2005 9:24:42 A…. 118.784 116,00 K
    winyvn32.dll Sat 28 Jan 2006 18:14:24 A…. 16.896 16,50 K

    7 items found: 7 files (2 H/S), 0 directories.
    Total of file sizes: 873.029 bytes 852,57 K
    Locate .tmp files:

    C:\WINDOWS\SYSTEM32\
    guard.tmp Sun 29 Jan 2006 20:55:58 ..S.R 234.818 229,31 K

    1 item found: 1 file (1 H/S), 0 directories.
    Total of file sizes: 234.818 bytes 229,31 K
    **********************************************************************************
    Directory Listing of system files:
    Het volume in station C heeft geen naam.
    Het volumenummer is DC2E-220C

    Map van C:\WINDOWS\System32

    29-01-2006 20:55 234.818 guard.tmp
    29-01-2006 20:54 235.457 lvl6093se.dll
    29-01-2006 20:14 234.818 gp88l3lu1.dll
    27-12-2005 21:17 <DIR> dllcache
    17-08-2005 11:43 <DIR> Microsoft
    3 bestand(en) 705.093 bytes
    2 map(pen) 437.338.112 bytes beschikbaar
  • Sluit alle openstaande programma's.
    Dubbelklik op l2mfix.bat.
    Kies voor optie #2: Run Fix door het cijfer 2 te typen.
    Druk op Enter.
    Het tooltje zal starten.
    Gebruik je toetsenbord niet voor dat het tooltje gestopt is!!!
    Druk op een toets om de computer opnieuw te starten wanneer dit gevraagd wordt.
    Na de reboot verschijnen de ikonen op je desktop. Deze zullen weer verdwijnen. (dat is normaal).
    L2mfix gaat je computer scannen.
    Wanneer het klaar is wordt er een nieuw kladblokbestand geopend.
    Post de inhoud van dit bestand.
    Maak een nieuwe Hijackthislog en post deze ook.
  • Gedaan, hier de L2mfix log:

    L2mfix 010406
    Creating Account.
    De opdracht is voltooid.

    Adding Administrative privleges.
    Checking for L2MFix account(0=no 1=yes):
    1
    Granting SeDebugPrivilege to L2MFIX … successful

    Running From:
    C:\WINDOWS\system32

    Killing Processes!

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 504 'smss.exe'

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 608 'winlogon.exe'
    Killing PID 608 'winlogon.exe'
    Killing PID 608 'winlogon.exe'

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 1756 'explorer.exe'

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 2864 'rundll32.exe'
    Restoring Sedebugprivilege:
    Granting SeDebugPrivilege to Administrators … successful

    Scanning First Pass. Please Wait!

    First Pass Completed

    Second Pass Scanning

    Second pass Completed!
    1 bestand(en) gekopieerd.
    1 bestand(en) gekopieerd.
    1 bestand(en) gekopieerd.
    1 bestand(en) gekopieerd.
    Deleting: C:\WINDOWS\system32\gp88l3lu1.dll
    Successfully Deleted: C:\WINDOWS\system32\gp88l3lu1.dll
    Deleting: C:\WINDOWS\system32\lmfax13n.dll
    Successfully Deleted: C:\WINDOWS\system32\lmfax13n.dll
    Deleting: C:\WINDOWS\system32\lvl6093se.dll
    Successfully Deleted: C:\WINDOWS\system32\lvl6093se.dll
    Deleting: C:\WINDOWS\system32\guard.tmp
    Successfully Deleted: C:\WINDOWS\system32\guard.tmp

    msg11?.dll
    0 bestand(en) gekopieerd.



    Restoring Windows Update Certificates.:

    The following Is the Current Export of the Winlogon notify key:
    ****************************************************************************
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\gp88l3lu1.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winyvn32]
    "Asynchronous"=dword:00000001
    "DllName"="winyvn32.dll"
    "Impersonate"=dword:00000000
    "Startup"="EvtStartup"
    "Shutdown"="EvtShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001


    The following are the files found:
    ****************************************************************************
    C:\WINDOWS\system32\gp88l3lu1.dll
    C:\WINDOWS\system32\lmfax13n.dll
    C:\WINDOWS\system32\lvl6093se.dll
    C:\WINDOWS\system32\guard.tmp

    Registry Entries that were Deleted:
    Please verify that the listing looks ok.
    If there was something deleted wrongly there are backups in the backreg folder.
    ****************************************************************************
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{BC954DA6-983C-4080-8D89-1CCD7280AE61}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BC954DA6-983C-4080-8D89-1CCD7280AE61}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BC954DA6-983C-4080-8D89-1CCD7280AE61}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BC954DA6-983C-4080-8D89-1CCD7280AE61}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ioagXRA7.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{A6AC63E9-07EF-4B6B-96F2-AB8461ABA42D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A6AC63E9-07EF-4B6B-96F2-AB8461ABA42D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A6AC63E9-07EF-4B6B-96F2-AB8461ABA42D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A6AC63E9-07EF-4B6B-96F2-AB8461ABA42D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\gstuname.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{B3D93B8B-34EB-44F4-9EBB-6242C381539D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B3D93B8B-34EB-44F4-9EBB-6242C381539D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B3D93B8B-34EB-44F4-9EBB-6242C381539D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B3D93B8B-34EB-44F4-9EBB-6242C381539D}\InprocServer32]
    @="C:\\WINDOWS\\system32\
    xhtml.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{1D2A24E8-0F54-487A-8FEB-2943ED800324}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1D2A24E8-0F54-487A-8FEB-2943ED800324}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1D2A24E8-0F54-487A-8FEB-2943ED800324}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1D2A24E8-0F54-487A-8FEB-2943ED800324}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{61AEFDC0-6C22-4F37-9D27-258ED094715F}"=-
    "{BC954DA6-983C-4080-8D89-1CCD7280AE61}"=-
    "{A6AC63E9-07EF-4B6B-96F2-AB8461ABA42D}"=-
    "{B3D93B8B-34EB-44F4-9EBB-6242C381539D}"=-
    "{1D2A24E8-0F54-487A-8FEB-2943ED800324}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{61AEFDC0-6C22-4F37-9D27-258ED094715F}]
    [-HKEY_CLASSES_ROOT\CLSID\{BC954DA6-983C-4080-8D89-1CCD7280AE61}]
    [-HKEY_CLASSES_ROOT\CLSID\{A6AC63E9-07EF-4B6B-96F2-AB8461ABA42D}]
    [-HKEY_CLASSES_ROOT\CLSID\{B3D93B8B-34EB-44F4-9EBB-6242C381539D}]
    [-HKEY_CLASSES_ROOT\CLSID\{1D2A24E8-0F54-487A-8FEB-2943ED800324}]
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    ****************************************************************************
    Desktop.ini Contents:
    ****************************************************************************

    ****************************************************************************
    Checking for L2MFix account(0=no 1=yes):
    0
    Zipping up files for submission:
    adding: dlls/gp88l3lu1.dll (164 bytes security) (deflated 5%)
    adding: dlls/guard.tmp (164 bytes security) (deflated 5%)
    adding: dlls/lmfax13n.dll (164 bytes security) (deflated 5%)
    adding: dlls/lvl6093se.dll (164 bytes security) (deflated 5%)
    adding: backregs/1D2A24E8-0F54-487A-8FEB-2943ED800324.reg (212 bytes security) (deflated 70%)
    adding: backregs/A6AC63E9-07EF-4B6B-96F2-AB8461ABA42D.reg (212 bytes security) (deflated 70%)
    adding: backregs/B3D93B8B-34EB-44F4-9EBB-6242C381539D.reg (212 bytes security) (deflated 70%)
    adding: backregs/BC954DA6-983C-4080-8D89-1CCD7280AE61.reg (212 bytes security) (deflated 70%)
    adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
    adding: backregs/shell.reg (164 bytes security) (deflated 73%)

    —————————————————————–
    En HijackThis
    —————————————————————–

    Logfile of HijackThis v1.99.1
    Scan saved at 21:50:16, on 29-1-2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\Explorer.EXE
    E:\Logitech\iTouch\iTouch.exe
    E:\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\ctfmon.exe
    H:\RealPopup\RealPopup.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    I:\Tempp\ewido anti-malware\ewidoctrl.exe
    E:\Norton AntiVirus 2005 Nl - Michiel
    avapsvc.exe
    E:\Norton AntiVirus 2005 Nl - Michiel\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    H:\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Norton AntiVirus 2005 Nl - Michiel\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE
    un
    O4 - HKLM\..\Run: [zBrowser Launcher] E:\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] E:\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [RealPopup] "H:\RealPopup\RealPopup.exe" BOOT
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = H:\Adobe Reader\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: Download all by Free Download Manager - file://H:\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected by Free Download Manager - file://H:\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site met Free Download Manager - file://H:\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Gedownload met Free Download Manager - file://H:\Free Download Manager\dllink.htm
    O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\gp88l3lu1.dll (file missing)
    O20 - Winlogon Notify: winyvn32 - C:\WINDOWS\SYSTEM32\winyvn32.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - I:\Tempp\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - E:\Norton AntiVirus 2005 Nl - Michiel
    avapsvc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor
    etmon.exe (file missing)
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Norton AntiVirus 2005 Nl - Michiel\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - E:\Norton AntiVirus 2005 Nl - Michiel\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe






  • Download haxfix.exe.
    Plaats het op je bureaublad.
    Sluit alle andere programma's en sluit alle open vensters.
    Dubbelklik op haxfix.exe om de installatie te starten.
    Als de installatie klaar is zorg je dat er een vinkje staat bij "Launch HaxFix".
    Er opent een rood doschermpje.
    Wanneer de melding verschijnt:

    tik je het volgende in: [b:3428c9d6c9]winyvn[/b:3428c9d6c9]
    Druk op Enter.

    De computer zal opnieuw starten.
    Als de computer opnieuw gestart is zoek je het bestand c:\haxfix.txt
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • Ik krijg de melding:

    You don't have to run this tool. No infection found.

    Druk op een toets om door te gaan…

    Na L2mfix start IE ook niet meer automatisch op, ik heb nu nergens last van. Ik weet niet of er in de logs nog wat te zien is wat aandacht vereist?
  • Verwijder de volgende regels maar even met HijackThis:

    [b:e3547a9c79]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\gp88l3lu1.dll (file missing)
    O20 - Winlogon Notify: winyvn32 - C:\WINDOWS\SYSTEM32\winyvn32.dll[/b:e3547a9c79]

    Herstart je computer en post een log ter controle.

    Groeten smeenk
  • Ok gedaan, hier de nieuwe log:

    Logfile of HijackThis v1.99.1
    Scan saved at 13:36:06, on 30-1-2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\Explorer.EXE
    E:\Logitech\iTouch\iTouch.exe
    E:\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    H:\RealPopup\RealPopup.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    I:\Tempp\ewido anti-malware\ewidoctrl.exe
    E:\Norton AntiVirus 2005 Nl - Michiel
    avapsvc.exe
    E:\Norton AntiVirus 2005 Nl - Michiel\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    H:\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wuauclt.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Norton AntiVirus 2005 Nl - Michiel\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE
    un
    O4 - HKLM\..\Run: [zBrowser Launcher] E:\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] E:\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [RealPopup] "H:\RealPopup\RealPopup.exe" BOOT
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = H:\Adobe Reader\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: Download all by Free Download Manager - file://H:\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected by Free Download Manager - file://H:\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site met Free Download Manager - file://H:\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Gedownload met Free Download Manager - file://H:\Free Download Manager\dllink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - I:\Tempp\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - E:\Norton AntiVirus 2005 Nl - Michiel
    avapsvc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor
    etmon.exe (file missing)
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Norton AntiVirus 2005 Nl - Michiel\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - E:\Norton AntiVirus 2005 Nl - Michiel\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

    Beetje schoon?





  • Het HijackThis log ziet er wel weer goed uit :)

    Doe nog even dit om alsnog te proberen die scan met Panda aan de gang te krijgen:

    Download dit bestand, http://www.hitmanpro.nl/iefix.exe
    Dubbelklik op iefix.exe en voer het programma uit.

    Download dit bestand: FixPanda.reg
    Sla het op je bureaublad op en dubbelklik op het bestand.
    Geef toestemming om de wijzigingen aan het register toe te voegen.
    Als dubbelklikken niet werkt, kan je ook rechtsklikken en dan voor "Samenvoegen" kiezen.

    Herstel je webinstellingen: ga naar Configuratiescherm –- Internetopties –- tabblad Programma’s. Klik op de knop "Webinstellingen herstellen".

    Ga naar Configuratiescherm –> Internet-opties –> kies voor de tab "Beveiliging" –> stel voor de internet zone het "Standaardniveau" opnieuw in(knop "Standaardniveau" aanklikken en bevestigen met OK)

    Ga naar: Configuratiescherm –> Internet-opties –> Privacy en zet de schuifregelaar voor de instellingen met betrekking tot het toestaan van Cookies op "Normaal".

    De Panda onlinescan kan je trouwens alleen maar met IE doen. Als je een popupblocker gebruikt moet je die even uitschakelen, want Panda werkt met een popup.

    Herstart de computer en probeer alsnog die online scan met Panda te doen, post het logje dat je krijgt in je volgende bericht. Post dan ook nog maar een nieuw HijackThis log.

    Groeten smeenk ;)
  • iefix.exe was genoeg om panda aan de praat te krijgen (tevens doet nu ook Java het weer)

    Hier de scans:


    Incident Status Location

    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@adopt.hbmediapro[2].txt
    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Michiel.REMIUS\Bureaublad\l2mfix\backup.zip[gp88l3lu1.dll]
    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Michiel.REMIUS\Bureaublad\l2mfix\backup.zip[guard.tmp]
    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Michiel.REMIUS\Bureaublad\l2mfix\backup.zip[lmfax13n.dll]
    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Michiel.REMIUS\Bureaublad\l2mfix\backup.zip[lvl6093se.dll]
    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Michiel.REMIUS\Bureaublad\l2mfix\dlls\gp88l3lu1.dll
    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Michiel.REMIUS\Bureaublad\l2mfix\dlls\guard.tmp
    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Michiel.REMIUS\Bureaublad\l2mfix\dlls\lmfax13n.dll
    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Michiel.REMIUS\Bureaublad\l2mfix\dlls\lvl6093se.dll
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Michiel.REMIUS\Bureaublad\l2mfix\Process.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Michiel.REMIUS\Bureaublad\l2mfix.exe[Process.exe]
    Spyware:Cookie/66.246.209 Not disinfected C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@66.246.209[1].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@adopt.hbmediapro[2].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@atdmt[2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@belnk[1].txt
    Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@c.enhance[2].txt
    Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@c.goclick[2].txt
    Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@cassava[1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@dist.belnk[2].txt
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@stat.onestat[2].txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Michiel.REMIUS\Cookies\michiel@xiti[1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michiell\Cookies\michiel@ath.belnk[1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michiell\Cookies\michiel@belnk[2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michiell\Cookies\michiel@dist.belnk[1].txt
    Adware:adware/dollarrevenue Not disinfected C:\drsmartload1.exe
    Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.INF
    Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF
    Adware:adware/mediatickets Not disinfected C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx
    Adware:Adware/SearchExe Not disinfected C:\WINDOWS\Downloaded Program Files\on.exe
    Spyware:spyware/media-motor Not disinfected C:\WINDOWS\mm63.ocx
    ———————————

    Logfile of HijackThis v1.99.1
    Scan saved at 14:14:30, on 30-1-2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\Explorer.EXE
    E:\Logitech\iTouch\iTouch.exe
    E:\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    H:\RealPopup\RealPopup.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    I:\Tempp\ewido anti-malware\ewidoctrl.exe
    E:\Norton AntiVirus 2005 Nl - Michiel
    avapsvc.exe
    E:\Norton AntiVirus 2005 Nl - Michiel\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    H:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: ScriptInocUI Class - - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Norton AntiVirus 2005 Nl - Michiel\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE
    un
    O4 - HKLM\..\Run: [zBrowser Launcher] E:\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] E:\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [RealPopup] "H:\RealPopup\RealPopup.exe" BOOT
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = H:\Adobe Reader\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - I:\Tempp\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - E:\Norton AntiVirus 2005 Nl - Michiel
    avapsvc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor
    etmon.exe (file missing)
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Norton AntiVirus 2005 Nl - Michiel\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - E:\Norton AntiVirus 2005 Nl - Michiel\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe





  • Download Killbox.
    Klik op killbox.exe.
    Kies de optie: "[b:c8c4709d73]Delete on reboot[/b:c8c4709d73]".

    [b:c8c4709d73]Kopieer[/b:c8c4709d73] het volgende vetgedrukt deel:

    [b:c8c4709d73]C:\drsmartload1.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.INF
    C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF
    C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx
    C:\WINDOWS\Downloaded Program Files\on.exe
    C:\WINDOWS\mm63.ocx[/b:c8c4709d73]

    Open [b:c8c4709d73]'file'[/b:c8c4709d73] in het killboxmenu bovenaan en kies: [b:c8c4709d73]Paste from clipboard[/b:c8c4709d73]

    Je zal zien, het bovenstaande vetgedrukte zal staan in het "Full Path of File to Delete"-veld.
    Er is een klein pijltje naast dat veld. Als je daarop klikt zal je al die bovenstaande lijntjes (indien bestanden aanwezig) die je gekopieerd hebt zien staan (dit is alvast de bedoeling)

    Klik op de knop: [b:c8c4709d73]All files[/b:c8c4709d73] (!Belangrijk!)

    Daarna, Klik op de rode cirkel met het wit kruisje erin.
    Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES.

    Je pc moet nu rebooten.

    Na de herstart mag je de volgende map verwijderen:
    C:\[b:c8c4709d73]!Killbox[/b:c8c4709d73]\ <= dit zijn de backups van Killbox en deze mogen wel weg

    Maak daarna je prullenbak leeg.

    De volgende regels aanvinken met HijackThis en daarna op "Fix checked" klikken:
    [b:c8c4709d73]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: ScriptInocUI Class - - (no file)[/b:c8c4709d73]

    Ga naar Start - Uitvoeren.
    Tik in: services.msc
    In het service configuratiescherm dat opent zoek je deze service: [b:c8c4709d73]Network Monitor[/b:c8c4709d73]
    Dubbelklik er op en in het scherm dat opent klik je op de knop "Stoppen" om de service te beëindigen.
    Zet het opstarttype van deze service op "Uitgeschakeld".

    Herstart de computer en plaats een nieuw log ter controle
  • Dat ook gedaan, hier de nieuwe scan:

    Logfile of HijackThis v1.99.1
    Scan saved at 16:28:29, on 30-1-2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    E:\Logitech\iTouch\iTouch.exe
    E:\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    H:\RealPopup\RealPopup.exe
    C:\WINDOWS\system32\spoolsv.exe
    I:\Tempp\ewido anti-malware\ewidoctrl.exe
    E:\Norton AntiVirus 2005 Nl - Michiel
    avapsvc.exe
    E:\Norton AntiVirus 2005 Nl - Michiel\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\UAService7.exe
    H:\HijackThis\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Norton AntiVirus 2005 Nl - Michiel\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE
    un
    O4 - HKLM\..\Run: [zBrowser Launcher] E:\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] E:\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [RealPopup] "H:\RealPopup\RealPopup.exe" BOOT
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = H:\Adobe Reader\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - I:\Tempp\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - E:\Norton AntiVirus 2005 Nl - Michiel
    avapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Norton AntiVirus 2005 Nl - Michiel\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - E:\Norton AntiVirus 2005 Nl - Michiel\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe




  • Ziet er goed uit :)

    Ik denk dat we klaar zijn, wat je wel moet overwegen is om eens je Windows te updaten. Ik zie namelijk dat je nog geen servicepacks geïnstalleerd hebt en een computer die niet up to date is zal veel sneller opnieuw besmet raken met virussen en spyware :wink:
    Ik weet niet of je via Symantec een softwarematige firewall draait, ook dat is aan te raden, de windows Firewall beschermt je namelijk niet als er al trojans op je systeem aanwezig zijn. Dus beter is om er één te installeren. ZoneAlarm en Kerio hebben een gratis versie die je kan downloaden.

    Groeten smeenk
  • Das mooi eindelijk klaar :) en dat alleen maar omdat ik een patch installeerde voor een programma, patch werkte perfect alleen nam het deze rommel met zich mee.
    Jah.. windows updaten is misschien wel handig, servicepack 2 heb ik nooit geinstalleerd omdat dit voor problemen kan zorgen voor bepaalde games . Maar ik zal het overwegen ;)
    Ik heb op dit moment geen firewall, ik had altijd Norton Antivirus en Internet security 2004, werkte perfect. Sinds kort Antivirus 2005 geinstalleerd, maar toen kon ik weer geen firewall installeren (we hebben dualboot systeem en Norton kan erg moeilijk doen hierover). Heb geen zin om alles op beide pc's (dualboot) weer te verwijderen en te installeren. Misschien toch maar een keer doen, want Antivirus en Internet Security 2004 werkte altijd prima en over 2005 ben ik niet echt tevreden.

    Ik wil je graag hartelijk bedanken smeenk voor je tijd/moeite en oplossingen. Jij/U (en iedereen die zo actief is op het forum) zouden een lintje moeten krijgen :D

    Greetz Andre

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.