Vraag & Antwoord

Beveiliging & privacy

HijackThis.log ivm trojan

Anoniem
None
15 antwoorden
 • Sinds enige tijd krijg ik een melding van ZoneAlarm dat een programma verbinding zoekt met een website die ik nog nooit had bezocht. Op het oog is het een onschuldige vereniging, waarschijnlijk is hun computer gehackt. Ik zal het ze melden… maar hoe kom ik nou van die trojan af? Ik heb (volgens mij) een NAT in mijn modem en en op elke computer van mijn netwerkje zit ZoneAlarm en een dagelijks bijgewerkte Norton AV 2005, alsmede Windows Defender. Tevens draai ik 1x per week HitmanPro. Nooit een virusmelding gehad. Ik heb een proefversie van TrojanHunter gedraaid, maar die gaf geen afwijkingen aan.
  Wil iemand eens naar mijn HijachTis log kijken of daar wat in te zien is?

  Logfile of HijackThis v1.99.1
  Scan saved at 9:24:49, on 26-6-2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\windows\System32\smss.exe
  C:\windows\system32\winlogon.exe
  C:\windows\system32\services.exe
  C:\windows\system32\lsass.exe
  C:\windows\system32\Ati2evxx.exe
  C:\windows\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\windows\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\windows\system32\spoolsv.exe
  C:\WINDOWS\System32\PackethSvc.exe
  C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBPoll.exe
  C:\windows\System32\GEARSec.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\navapsvc.exe
  C:\Progs\Norton SystemWorks 2005\Norton Ghost\Agent\PQV2iSvc.exe
  C:\windows\system32\Ati2evxx.exe
  C:\windows\Explorer.EXE
  C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\IWP\NPFMntor.exe
  C:\Progs\NORTON~4\NORTON~1\NPROTECT.EXE
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\windows\SOUNDMAN.EXE
  C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
  C:\Progs\Medionkeyboard\KbdAp32A.exe
  C:\Progs\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE
  C:\windows\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\Progs\ScanSoft\OmniPagePro11.0\opware32.exe
  C:\Progs\HandyFind\HandyFind.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\UPHClean\uphclean.exe
  C:\Progs\Norton Password Manager\AcctMgr.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\Progs\TrojanHunter 4.5\THGuard.exe
  C:\windows\system32\ctfmon.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  C:\Progs\Nuria\Nuria.exe
  C:\Progs\Kramers Talen cd-rom 2.0\KT_quickstart.exe
  C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBTray.exe
  C:\windows\system32\fxssvc.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\windows\system32\svchost.exe
  C:\Progs\TotalCmd\TOTALCMD.EXE
  C:\Program Files\Messenger\msmsgs.exe
  C:\DOCUME~1\R5DEB~1.BOR\LOCALS~1\Temp\_tc\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Index.htm
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

  Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -

  C:\Progs\GetRight\xx2gr.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

  C:\Progs\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

  Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

  Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

  files\google\googletoolbar1.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Progs\Norton SystemWorks

  2005\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

  Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Progs\Norton

  SystemWorks 2005\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

  files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator

  5\DirectCD\DirectCD.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [FLMK08KB] C:\Progs\Medionkeyboard\KbdAp32A.exe
  O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
  O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Progs\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L

  ElbyCDFL
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [Omnipage] C:\Progs\ScanSoft\OmniPagePro11.0\opware32.exe
  O4 - HKLM\..\Run: [HandyFind Utility] C:\Progs\HandyFind\HandyFind.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Progs\Norton SystemWorks 2005\Norton

  Ghost\Agent\GhostTray.exe
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
  O4 - HKLM\..\Run: [AcctMgr] C:\Progs\Norton Password Manager\AcctMgr.exe /startup
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [THGuard] "C:\Progs\TrojanHunter 4.5\THGuard.exe"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
  O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Progs\Norton SystemWorks 2005\cfgwiz.exe" /GUID

  {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
  O4 - HKCU\..\Run: [Nuria] C:\Progs\Nuria\Nuria.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat

  7.0\Reader\reader_sl.exe
  O4 - Global Startup: Elsevier Bedrijfsinformatie bv.lnk = C:\Progs\Kramers Talen cd-rom

  2.0\KT_quickstart.exe
  O4 - Global Startup: Norton GoBack.lnk = C:\Progs\Norton SystemWorks 2005\Norton

  GoBack\GBTray.exe
  O8 - Extra context menu item: &Google Zoeken - res://C:\Program

  Files\Google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://C:\Program

  Files\Google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Download with GetRight - C:\Progs\GetRight\GRdownload.htm
  O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program

  Files\Google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Koppelingspagina's - res://C:\Program

  Files\Google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Open with GetRight Browser - C:\Progs\GetRight\GRbrowse.htm
  O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program

  Files\Google\GoogleToolbar1.dll/cmcache.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

  Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

  C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

  C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

  C:\WINDOWS\System32\Shdocvw.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

  Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

  C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) -

  https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

  Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) -

  https://signup.msn.com/pages/MsnInstC.cab
  O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -

  https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

  http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -

  http://go.divx.com/plugin/DivXBrowserPlugin.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

  http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?11294

  05640000
  O16 - DPF: {A0D8CBD7-1223-4A64-B603-D6680A055A08} (FRSActiveX) -

  https://secured.payvisionbilling.com/DownloadManager/FRSActiveX.ocx
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information

  Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -

  https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) -

  https://www.p3.postbank.nl/GTO/PBGNX.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

  "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

  "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

  Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program

  Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

  Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Progs\Norton

  SystemWorks 2005\Norton GoBack\GBPoll.exe
  O23 - Service: GEARSecurity - GEAR Software - C:\windows\System32\GEARSec.exe
  O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program

  Files\iPod\bin\iPodService.exe
  O23 - Service: LiveUpdate - Symantec Corporation -

  C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation -

  C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\navapsvc.exe
  O23 - Service: Norton Ghost - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton

  Ghost\Agent\PQV2iSvc.exe
  O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation -

  C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\IWP\NPFMntor.exe
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation -

  C:\Progs\NORTON~4\NORTON~1\NPROTECT.EXE
  O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. -

  C:\WINDOWS\System32\PackethSvc.exe
  O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program

  Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: SAVScan - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton

  AntiVirus\SAVScan.exe
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

  C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common

  Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Speed Disk service - Symantec Corporation -

  C:\Progs\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common

  Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  O23 - Service: X10 Device Network Service (x10nets) - X10 -

  C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

  Alvast bedankt,
  Rob
 • * [u:9e6a1b44ba]Clean de Cache and Cookies in
 • Ik heb alleen C: laten opruimen, waar alle programmafiles staan. Of moet ik de andere partities/schijven ook doen?

  Logfile of HijackThis v1.99.1
  Scan saved at 13:17:24, on 26-6-2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\windows\System32\smss.exe
  C:\windows\system32\winlogon.exe
  C:\windows\system32\services.exe
  C:\windows\system32\lsass.exe
  C:\windows\system32\Ati2evxx.exe
  C:\windows\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\windows\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\windows\system32\spoolsv.exe
  C:\WINDOWS\System32\PackethSvc.exe
  C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBPoll.exe
  C:\windows\System32\GEARSec.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\navapsvc.exe
  C:\Progs\Norton SystemWorks 2005\Norton Ghost\Agent\PQV2iSvc.exe
  C:\windows\system32\Ati2evxx.exe
  C:\windows\Explorer.EXE
  C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\IWP\NPFMntor.exe
  C:\Progs\NORTON~4\NORTON~1\NPROTECT.EXE
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\windows\SOUNDMAN.EXE
  C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
  C:\Progs\Medionkeyboard\KbdAp32A.exe
  C:\Progs\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE
  C:\windows\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\Progs\ScanSoft\OmniPagePro11.0\opware32.exe
  C:\Progs\HandyFind\HandyFind.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\UPHClean\uphclean.exe
  C:\Progs\Norton Password Manager\AcctMgr.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\Progs\TrojanHunter 4.5\THGuard.exe
  C:\windows\system32\ctfmon.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  C:\Progs\Nuria\Nuria.exe
  C:\Progs\Kramers Talen cd-rom 2.0\KT_quickstart.exe
  C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBTray.exe
  C:\windows\system32\fxssvc.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\windows\system32\svchost.exe
  C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
  C:\Program Files\Microsoft Office\Office\WINWORD.EXE
  C:\Program Files\Messenger\msmsgs.exe
  C:\HiJackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Index.htm
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Progs\GetRight\xx2gr.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Progs\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [FLMK08KB] C:\Progs\Medionkeyboard\KbdAp32A.exe
  O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
  O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Progs\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [Omnipage] C:\Progs\ScanSoft\OmniPagePro11.0\opware32.exe
  O4 - HKLM\..\Run: [HandyFind Utility] C:\Progs\HandyFind\HandyFind.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Progs\Norton SystemWorks 2005\Norton Ghost\Agent\GhostTray.exe
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
  O4 - HKLM\..\Run: [AcctMgr] C:\Progs\Norton Password Manager\AcctMgr.exe /startup
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [THGuard] "C:\Progs\TrojanHunter 4.5\THGuard.exe"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
  O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Progs\Norton SystemWorks 2005\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
  O4 - HKCU\..\Run: [Nuria] C:\Progs\Nuria\Nuria.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: Elsevier Bedrijfsinformatie bv.lnk = C:\Progs\Kramers Talen cd-rom 2.0\KT_quickstart.exe
  O4 - Global Startup: Norton GoBack.lnk = C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBTray.exe
  O8 - Extra context menu item: &Google Zoeken - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Download with GetRight - C:\Progs\GetRight\GRdownload.htm
  O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Open with GetRight Browser - C:\Progs\GetRight\GRbrowse.htm
  O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
  O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129405640000
  O16 - DPF: {A0D8CBD7-1223-4A64-B603-D6680A055A08} (FRSActiveX) - https://secured.payvisionbilling.com/DownloadManager/FRSActiveX.ocx
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton GoBack\GBPoll.exe
  O23 - Service: GEARSecurity - GEAR Software - C:\windows\System32\GEARSec.exe
  O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\navapsvc.exe
  O23 - Service: Norton Ghost - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton Ghost\Agent\PQV2iSvc.exe
  O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\IWP\NPFMntor.exe
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Progs\NORTON~4\NORTON~1\NPROTECT.EXE
  O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
  O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: SAVScan - Symantec Corporation - C:\Progs\Norton SystemWorks 2005\Norton AntiVirus\SAVScan.exe
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Speed Disk service - Symantec Corporation - C:\Progs\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
 • Tja schoonmaken bedoel ik wel eigenlijk alles mee, maar doe eerst onderstaand tooltje even.  * Download [b:a6fecc8380]Dr.Web CureIt[/b:a6fecc8380] naar je bureaublad:
  ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  [list:a6fecc8380]
  [*:a6fecc8380]Dubbelklik [b:a6fecc8380]drweb-cureit.exe[/b:a6fecc8380] en sta het toe om de express scan te starten.
  [*:a6fecc8380]Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
  [*:a6fecc8380]Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen.
  [*:a6fecc8380]Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
  [*:a6fecc8380]Klik daarna de [b:a6fecc8380]groene pijl[/b:a6fecc8380] rechts om de scan te starten.
  [*:a6fecc8380]Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
  [*:a6fecc8380]Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:a6fecc8380]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:a6fecc8380]
  [*:a6fecc8380]Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:a6fecc8380]Move incurable[/b:a6fecc8380] zoals je zal zien in volgende afbeelding:
  [img:a6fecc8380]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:a6fecc8380]
  Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
  [*:a6fecc8380]Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:a6fecc8380]file[/b:a6fecc8380] en kies [b:a6fecc8380]save report list[/b:a6fecc8380]. Bewaar de log op je bureaublad.
  [*:a6fecc8380]Sluit daarna Dr.Web Cureit.
  [*:a6fecc8380][b:a6fecc8380]Herstart[/b:a6fecc8380] je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
  [*:a6fecc8380]Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.
  [/list:u:a6fecc8380]

  Zijn er meerdere accounts op deze pc, zo ja dan van elk account een HJT logje.


  bvd
  Juisterr
 • Hallo Eric,

  Het is een csv file-tje, ik weet niet of en hoe ik dat hier aan kan hechten. Maar er staat er maar één in, en dat is deze:

  LUINSDLL.DLL C:\Program Files\Symantec\LiveUpdate Probably BACKDOOR.Trojan Moved.

  Er stond ook nog een 111.mtf in, van een helpfile die bij de Consumentenbond Belastinggids 2003 hoorde. Die is "gemoved", maar waar naar toe zie ik niet, maar ik heb 'm sowieso niet meer nodig!
  Is die LUINSDLLL.DLL ook niet de gewone Live Update flie?

  Alvast bedankt voor je suggesties!
 • Hallo Eric,
  Stom, ik had gelijk even kunnen Googelen. Dat heb ik alsnog gedaan, het blijkt Trojan.Tooso.O te zijn :-( Als ik bij virusalert kijk dan word ik niet vrolijk van de lijst wat je allemaal moet doen om er van af te komen. Volgens Symantec vangt NAV het virus af - bij mij dus mooi niet…
  Voorlopig laat ik Norton nog maar eens draaien met "alle bestanden".
  Je hoort nog hoe het afgelopen is.
  Rob
 • Ik blijk het toch te simpel gezien te hebben… Het was geen 1-op-1 vermelding, maar meer dat dat virus de LUINSDLL.DLL zou kunnen uitschakelen :-(
  Ook de wijzigingen die de trojan zou aanbrengen tref ik niet aan.
  Maar wat kan het dan zijn?

  Rob
 • Uit wanhoop heb ik maar eens RootkitRevealer gedraaid, die ik in dit forum genoemd zag. Maar uit de resultaten kan ik niet wijs worden. Kan jij er iets over zeggen - of heb ik het niet goed gedaan? Het is een hele waslijst…

  HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
  HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
  HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
  HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
  HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
  HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
  HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
  HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
  HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
  HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
  HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
  HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 14-2-2004 16:32 0 bytes Key name contains embedded nulls (*)
  HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 27-6-2006 13:57 80 bytes Data mismatch between Windows API and raw hive data.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Application Data\Microsoft\Messenger\mail@r-bornkamp.speedlinq.nl\SharingMetadata\Working\database_7E18_6304_1862_BAB3\fsr000B7.log 27-6-2006 14:33 128.00 KB Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\_tc\RootkitRevealer.chm 7-12-2005 15:19 99.77 KB Visible in Windows API, but not in MFT or directory index.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Cookies\r. bornkamp@computertotaal[1].txt 27-6-2006 13:52 211 bytes Visible in Windows API, but not in MFT or directory index.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Cookies\r. bornkamp@computertotaal[2].txt 27-6-2006 14:36 212 bytes Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\134518512144201763bb71e[1].jpg 27-6-2006 14:36 1.46 KB Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\arrow[1].gif 27-6-2006 14:23 99 bytes Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\CAG1MZM7.net%2Fforum%2Flist_messages%2F1142561&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=120&u_his=3&u_java=true 27-6-2006 14:23 2.61 KB Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\CAMJCTIN.htm 27-6-2006 14:23 5.52 KB Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\forum;tile=1;dcopt=ist;sz=468x60;ord=9405930929022508[2] 27-6-2006 14:36 326 bytes Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\forum[1].htm 27-6-2006 13:49 31.12 KB Visible in Windows API, but not in MFT or directory index.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\kaspersky1zu.th[1].jpg 27-6-2006 14:36 3.88 KB Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\search[10].htm 27-6-2006 14:23 14 bytes Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\search[11].htm 27-6-2006 14:23 14 bytes Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XENMJW5\viewtopic[1].htm 27-6-2006 13:52 75.29 KB Visible in Windows API, but not in MFT or directory index.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\CA10RYN7.net%2Fforum%2Flist_messages%2F1142561&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=120&u_his=3&u_java=true 27-6-2006 14:23 2.04 KB Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\CA3ORHQV.htm 27-6-2006 14:23 8.40 KB Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\icon_confused[2].gif 27-6-2006 14:36 171 bytes Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\icon_hand[1].gif 27-6-2006 14:23 147 bytes Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\laatstefout8of.th[1].jpg 27-6-2006 14:36 4.54 KB Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\online[1].gif 27-6-2006 14:23 120 bytes Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\56PLMNXC\search[11].htm 27-6-2006 14:23 14 bytes Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\73[1].htm 27-6-2006 14:23 19.08 KB Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\CAKOMYLZ.htm 27-6-2006 14:23 5.24 KB Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\forum;tile=1;dcopt=ist;sz=468x60;ord=7331640295533738[2] 27-6-2006 14:36 299 bytes Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\myreact[1].gif 27-6-2006 14:23 173 bytes Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\Open_off[1].gif 27-6-2006 14:23 116 bytes Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\search[8].htm 27-6-2006 14:36 14 bytes Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\search[9].htm 27-6-2006 14:36 14 bytes Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\DL32GQXS\viewtopic[1].htm 27-6-2006 14:36 56.20 KB Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\E8OTDNT0\CAJKUTWV.htm 27-6-2006 14:23 5.37 KB Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\E8OTDNT0\CAO16VWT.gif 27-6-2006 14:36 43 bytes Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\E8OTDNT0\CAOQ8Q26.htm 27-6-2006 14:23 9.58 KB Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\E8OTDNT0\CAU7C12Z.gif 27-6-2006 14:36 43 bytes Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\E8OTDNT0\nb-myreact[1].gif 27-6-2006 14:23 1.12 KB Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\Temporary Internet Files\Content.IE5\E8OTDNT0\post[2].gif 27-6-2006 14:23 101 bytes Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\~DFE639.tmp 27-6-2006 13:59 16.00 KB Visible in Windows API, but not in MFT or directory index.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\~DFE69D.tmp 27-6-2006 13:59 512 bytes Visible in Windows API, but not in MFT or directory index.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\~WRF0001.tmp 27-6-2006 14:20 16.00 KB Hidden from Windows API.
  C:\Documents and Settings\R. Bornkamp\Local Settings\Temp\~WRS0000.tmp 27-6-2006 14:17 49.15 KB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00010311.RDB 24-6-2006 9:07 2.94 MB Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010312.RDB 24-6-2006 9:09 2.94 MB Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010313.RDB 24-6-2006 9:17 2.94 MB Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010314.RDB 24-6-2006 9:19 2.94 MB Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010315.lnk 13-5-2006 21:52 618 bytes Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010316.exe 23-4-2006 14:24 1.54 MB Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010317.exe 13-5-2006 21:52 658.94 KB Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010318.000 24-6-2006 9:25 1.18 KB Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010319.RDB 24-6-2006 9:22 2.94 MB Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010320.000 24-6-2006 9:26 1.18 KB Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010321.000 24-6-2006 9:29 1.65 KB Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010322.RDB 24-6-2006 9:26 2.94 MB Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010323.DOT 24-6-2006 8:45 162 bytes Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010324.DOT 24-6-2006 8:45 162 bytes Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010325.DOT 24-6-2006 8:45 162 bytes Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010326.dot 24-6-2006 8:45 162 bytes Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010327.LNK 19-6-2006 15:55 890 bytes Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010328.lnk 19-6-2006 15:55 775 bytes Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010329.LNK 24-6-2006 8:45 1.00 KB Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010330.lnk 24-6-2006 8:45 896 bytes Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010331.LNK 24-6-2006 8:45 1.00 KB Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010332.lnk 24-6-2006 9:35 896 bytes Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010333.LNK 24-6-2006 8:45 1.01 KB Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010334.lnk 24-6-2006 9:35 896 bytes Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010335.RDB 24-6-2006 9:33 2.94 MB Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010336.RDB 24-6-2006 9:37 2.94 MB Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010337.RDB 24-6-2006 9:39 2.94 MB Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00010338.RDB 24-6-2006 9:43 2.94 MB Visible in Windows API, but not in MFT or directory index.
  C:\RECYCLER\NPROTECT\00011882.RDB 27-6-2006 13:53 2.95 MB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011883 27-6-2006 14:00 5.55 MB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011884.RDB 27-6-2006 13:59 2.95 MB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011885.RDB 27-6-2006 14:02 2.95 MB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011886.DIC 27-6-2006 14:05 162 bytes Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011887.DIC 27-6-2006 14:05 162 bytes Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011888.RDB 27-6-2006 14:04 2.95 MB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011889.RDB 27-6-2006 14:10 2.95 MB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011890.RDB 27-6-2006 14:15 2.95 MB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011891.DIC 27-6-2006 14:20 162 bytes Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011892.DIC 27-6-2006 14:20 162 bytes Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011893.RDB 27-6-2006 14:18 2.95 MB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011894.RDB 27-6-2006 14:22 2.95 MB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011895.DIC 27-6-2006 14:29 162 bytes Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011896.RDB 27-6-2006 14:24 2.95 MB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011897.RDB 27-6-2006 14:28 2.95 MB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011898.DIC 27-6-2006 14:32 162 bytes Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011899.DIC 27-6-2006 14:32 162 bytes Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011900.DIC 27-6-2006 14:32 162 bytes Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011901.RDB 27-6-2006 14:34 2.95 MB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011902.RDB 27-6-2006 14:35 2.95 MB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011903.RDB 27-6-2006 14:37 2.95 MB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011904.RDB 27-6-2006 14:42 2.95 MB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011905.RDB 27-6-2006 14:44 2.95 MB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011906.RDB 27-6-2006 14:45 2.95 MB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011907.RDB 27-6-2006 14:48 2.95 MB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011908.RDB 27-6-2006 14:50 2.95 MB Hidden from Windows API.
  C:\RECYCLER\NPROTECT\00011909.RDB 27-6-2006 14:52 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165316.RDB 27-6-2006 13:53 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165317.RDB 24-6-2006 9:07 2.94 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165318.RDB 24-6-2006 9:09 2.94 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165319.RDB 27-6-2006 13:59 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165320.RDB 24-6-2006 9:17 2.94 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165321.RDB 27-6-2006 14:02 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165322.RDB 24-6-2006 9:19 2.94 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165323.lnk 13-5-2006 21:52 618 bytes Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165324.exe 23-4-2006 14:24 1.54 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165325.RDB 27-6-2006 14:04 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165326.exe 13-5-2006 21:52 658.94 KB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165327.RDB 27-6-2006 14:10 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165328.RDB 27-6-2006 14:15 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165329.RDB 24-6-2006 9:22 2.94 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165330.lnk 26-6-2006 13:18 606 bytes Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165331.lnk 26-6-2006 13:18 439 bytes Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165332.RDB 27-6-2006 14:18 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165333.RDB 24-6-2006 9:26 2.94 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165334.RDB 27-6-2006 14:22 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165335.RDB 27-6-2006 14:24 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165336.RDB 27-6-2006 14:28 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165337.LNK 19-6-2006 15:55 890 bytes Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165338.lnk 19-6-2006 15:55 775 bytes Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165339.LNK 24-6-2006 8:45 1.00 KB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165340.RDB 27-6-2006 14:31 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165341.lnk 24-6-2006 8:45 896 bytes Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165342.RDB 27-6-2006 14:34 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165343.LNK 27-6-2006 14:35 1.00 KB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165344.RDB 27-6-2006 14:35 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165345.lnk 27-6-2006 14:37 896 bytes Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165346.RDB 27-6-2006 14:37 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165347.LNK 27-6-2006 14:42 1.01 KB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165348.dll 27-6-2006 13:43 340.97 KB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165349.RDB 27-6-2006 14:42 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165350.lnk 27-6-2006 14:44 896 bytes Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165351.RDB 27-6-2006 14:44 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165352.RDB 27-6-2006 14:45 2.94 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165353.RDB 27-6-2006 14:45 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165354.RDB 27-6-2006 14:48 2.94 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165355.RDB 27-6-2006 14:48 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165356.RDB 27-6-2006 14:50 2.94 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165357.RDB 27-6-2006 14:50 2.95 MB Hidden from Windows API.
  C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP760\A0165358.RDB 27-6-2006 14:52 2.94 MB Hidden from Windows API.
  C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 26-5-2006 7:08 252.00 KB Visible in Windows API, but not in MFT or directory index.
  C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 26-5-2006 7:08 111.50 KB Visible in Windows API, but not in MFT or directory index.
 • even goed kijken hoor. :-?
 • (Local Settings\Temp\Cookies
  Local Settings\Temp\Temporary Internet Files\Content.IE5
  C:\RECYCLER\NPROTECT
  C:\System Volume Information\_restore)

  Doe onderstaande even om eens goed op te ruimen.


  Leeg je temp-mappen (
 • plak hem eens in de de site www.hijack.de
 • sorry www.hijackthis.de
 • Eens in de zoveel tijd komt er iemand met de analyser om de hoek als het ei van Columbus. Je moet die echt en alleen maar zien als een "hulpmiddel" want hij geeft ook vaak, "no file" aan bv terwijl dat fout is, en hij geeft legitieme items aan als "nasty" en andersom. Ik zou er niet blind op willen varen. En als hij al items vind die "nasty"zijn wat ga je er dan tegen doen?? Een infectie herkennen is 1 ding, weten wat je ertegen doen moet is heel iets anders.
 • ik zie het ook als een hulpmiddel,zoals alle progjes om je computer clean te houden.Ik denk gewoon alle kleine beetjes helpen,in geval van nood kun je toch systeem herstel gebruiken.Groet,
  René
 • hijackthis moet je niet mee grappen en grollen

  je kan je systeem volledig mee mollen

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.