Vraag & Antwoord

Beveiliging & privacy

HijackThis log check

Anoniem
Andre.R
6 antwoorden
  • Ik kreeg laatst een link van iemand via msn, slim dat ik ben heb ik niks geopend of wat dan ook want ik zag dat de extensie raar was en had al wel door dat het om een grap of virus ging.

    Later die avond moest ik even norton uitzetten voor een bepaalde handeling en toen gebeurde het. Binnen no time was mijn altijd pikschone pc helemaal besmet.

    Ik heb al aardig wat weggehaald maar er staat nog steeds wat in mijn HijackThis log als het goed is. Zouden jullie er even naar willen kijken?

    Logfile of HijackThis v1.99.1
    Scan saved at 20:25:30, on 18-9-2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    F:\Norton Internet Security 2005\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    F:\Sound Blaster Audigy 4\DVDAudio\CTDVDDET.EXE
    F:\Sound Blaster Audigy 4\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    F:\Razer Copperhead\razerhid.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    F:\Norton Internet Security 2005\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\System32\ctfmon.exe
    F:\Multi Talen Woordenboek\TrueTerm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    F:\Razer Copperhead\razertra.exe
    F:\Razer Copperhead\razerofa.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\msgs.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    F:\FREEDO~1\fdm.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
    F:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=userinit.exe
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Norton Internet Security 2005\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CTDVDDET] "F:\Sound Blaster Audigy 4\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [CTSysVol] F:\Sound Blaster Audigy 4\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "F:\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Copperhead] F:\Razer Copperhead\razerhid.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [LaunchList] F:\Pinnacle Studio 9\LaunchList.exe
    O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [rib98f99] RUNDLL32.EXE w04f05eb.dll,n 00498f950000000a04f05eb
    O4 - HKLM\..\Run: [newname] C:\\nwnmff_e7.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = F:\Adobe Reader\Reader\reader_sl.exe
    O4 - Global Startup: Multi talen Woordenboek takenbalk.lnk = ?
    O8 - Extra context menu item: Download all with Free Download Manager - file://F:\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://F:\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site with Free Download Manager - file://F:\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://F:\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Java\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Java\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {89981B1D-07DA-43C3-9770-06C51E7E5DCE} (NostaleWebStarter Control) - http://game.nostale.com/sso/NostaleWebLauncher.cab
    O16 - DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} (ENetLauncher Control) - http://www.dragongemworld.com/Active_X/ENetLauncher.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
    O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\r28s0cl7efq.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - F:\Norton Internet Security 2005\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Norton Internet Security 2005\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - F:\Norton Internet Security 2005\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    bvd.
  • Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:aaf06f96f9]F2 - REG:system.ini: UserInit=userinit.exe
    O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
    O4 - HKLM\..\Run: [rib98f99] RUNDLL32.EXE w04f05eb.dll,n 00498f950000000a04f05eb
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm[/b:aaf06f96f9]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/combofix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • Bedankt voor je reactie, hier beide logs:

    Michiel R - 06-09-19 9:48:20,87 Service Pack 1
    ComboFix 06.09.14 - Running from: C:\Documents and Settings\Michiel R\Bureaublad

    ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

    REGISTRY ENTRIES REMOVED:

    [HKEY_CLASSES_ROOT\CLSID\{EFDE77C9-E12C-4420-A7C1-105B789D8592}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EFDE77C9-E12C-4420-A7C1-105B789D8592}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EFDE77C9-E12C-4420-A7C1-105B789D8592}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EFDE77C9-E12C-4420-A7C1-105B789D8592}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ueib.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\CLSID\{16519921-B52C-4862-B05B-17AED57301C1}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{16519921-B52C-4862-B05B-17AED57301C1}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{16519921-B52C-4862-B05B-17AED57301C1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{16519921-B52C-4862-B05B-17AED57301C1}\InprocServer32]
    @="C:\\WINDOWS\\system32\\xI64vfw.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\CLSID\{7A7FD847-D4FD-4355-AC1E-1DC90814AC09}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{7A7FD847-D4FD-4355-AC1E-1DC90814AC09}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{7A7FD847-D4FD-4355-AC1E-1DC90814AC09}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{7A7FD847-D4FD-4355-AC1E-1DC90814AC09}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    FILES REMOVED:

    C:\WINDOWS\system32\eoentprf.dll
    C:\WINDOWS\system32\hrlm0531e.dll
    C:\WINDOWS\system32\mwdtclog.dll
    C:\WINDOWS\system32\guard.tmp


    Granting sedebugprivilege to Administrators … successful


    ((((((((((((((((((((((((((((((( Files Created from 2006-08-19 to 2006-09-19 ))))))))))))))))))))))))))))))))))


    2006-09-19 09:48 0 -rahs—- C:\MSDOS.SYS
    2006-09-19 09:48 0 -rahs—- C:\IO.SYS
    2006-09-18 19:07 45,056 –a—— C:\WINDOWS\system32\CSvidcap.dll
    2006-09-18 19:07 102,400 –a—— C:\WINDOWS\system32\tsccvid.dll
    2006-08-25 19:32 77,824 –a—— C:\WINDOWS\system32\fun_mp4_dec.dll
    2006-08-25 19:32 684,032 –a—— C:\WINDOWS\system32\fun_mp4_enc.dll
    2006-08-25 19:32 2,729,472 –a—— C:\WINDOWS\system32\fun_avcodec.dll
    2006-08-21 18:55 90,112 –a—— C:\WINDOWS\unvise32.exe
    2006-08-21 18:55 81,920 ——— C:\WINDOWS\system32\vdrmux.dll
    2006-08-21 18:55 76,800 ——— C:\WINDOWS\system32\Lfwmf13n.dll
    2006-08-21 18:55 73,728 ——— C:\WINDOWS\system32\MMAviAx.dll
    2006-08-21 18:55 73,728 ——— C:\WINDOWS\system32\lffax13n.dll
    2006-08-21 18:55 65,536 ——— C:\WINDOWS\system32\Lfpct13n.dll
    2006-08-21 18:55 46,592 ——— C:\WINDOWS\system32\vdrcodec.dll
    2006-08-21 18:55 453,120 ——— C:\WINDOWS\system32\ltkrn13n.dll
    2006-08-21 18:55 44,544 ——— C:\WINDOWS\system32\msxml4a.dll
    2006-08-21 18:55 40,960 ——— C:\WINDOWS\system32\langserv.dll
    2006-08-21 18:55 393,216 ——— C:\WINDOWS\system32\LFCMP13n.DLL
    2006-08-21 18:55 32,838 ——— C:\WINDOWS\system32\Cachex.dll
    2006-08-21 18:55 32,768 ——— C:\WINDOWS\system32\MLPagAx.dll
    2006-08-21 18:55 30,208 ——— C:\WINDOWS\system32\lfbmp13n.dll
    2006-08-21 18:55 294,912 ——— C:\WINDOWS\system32\pvmjpg21.dll
    2006-08-21 18:55 278,016 ——— C:\WINDOWS\system32\LFJ2K13n.dll
    2006-08-21 18:55 24,576 ——— C:\WINDOWS\system32\lftga13n.dll
    2006-08-21 18:55 204,881 ——— C:\WINDOWS\system32\DiskIO.dll
    2006-08-21 18:55 155,721 ——— C:\WINDOWS\system32\RALMain.dll
    2006-08-21 18:55 153,088 ——— C:\WINDOWS\system32\ltfil13n.DLL
    2006-08-21 18:55 143,360 ——— C:\WINDOWS\system32\lftif13n.dll
    2006-08-21 18:55 114,759 ——— C:\WINDOWS\system32\Aviprax.dll
    2006-08-21 18:55 1,693,696 ——— C:\WINDOWS\system32\LTCLR13n.dll
    2006-08-21 18:54 406,016 –a—— C:\WINDOWS\system32\PSDrvCheck.exe
    2006-08-21 18:54 19,456 –a—— C:\WINDOWS\system32\asapi.dll
    2006-08-21 18:53 974,848 –a—— C:\WINDOWS\system32\MFC70.DLL
    2006-08-21 18:53 964,608 –a—— C:\WINDOWS\system32\MFC70U.DLL
    2006-08-21 18:53 84,992 –a—— C:\WINDOWS\system32\ATL70.DLL
    2006-08-21 18:53 61,440 –a—— C:\WINDOWS\system32\pclepim1.dll
    2006-08-21 18:53 54,784 –a—— C:\WINDOWS\system32\MSVCI70.DLL
    2006-08-21 18:53 49,152 –a—— C:\WINDOWS\system32\PCLEGetGuid.dll
    2006-08-21 18:53 487,424 –a—— C:\WINDOWS\system32\MSVCP70.DLL
    2006-08-21 18:53 344,064 –a—— C:\WINDOWS\system32\msvcr70.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-09-18 21:49 ——– d——– C:\Documents and Settings\Michiel R\Application Data\Free Download Manager
    2006-09-18 21:49 ——– d——– C:\Documents and Settings\Michiel R\Application Data\Azureus
    2006-09-18 21:29 ——– d——– C:\Program Files\Common Files
    2006-09-18 20:36 ——– d——– C:\Program Files\VVSN
    2006-09-18 20:32 ——– d——– C:\Program Files\Common Files\Symantec Shared
    2006-09-18 19:57 ——– d——– C:\Documents and Settings\Michiel R\Application Data\GlobalSCAPE
    2006-09-18 19:56 ——– d–h—– C:\Program Files\InstallShield Installation Information
    2006-09-18 18:31 ——– d——– C:\Program Files\MSN Messenger
    2006-09-15 17:10 849356 –a—— C:\Documents and Settings\Michiel R\Application Data\DVDSubEditLastFile.txt
    2006-09-15 17:10 830 –a—— C:\Documents and Settings\Michiel R\Application Data\DVDSubEdit.ini
    2006-09-14 16:34 ——– d——– C:\Documents and Settings\Michiel R\Application Data\Creative
    2006-09-11 21:00 ——– d——– C:\Documents and Settings\Michiel R\Application Data\Adobe
    2006-09-11 18:42 ——– d——– C:\Program Files\Messenger
    2006-08-30 16:52 ——– d—s—- C:\Documents and Settings\Michiel R\Application Data\Microsoft
    2006-08-25 20:12 ——– d——– C:\Documents and Settings\Michiel R\Application Data\Samsung
    2006-08-21 20:32 ——– d——– C:\Program Files\eDonkey2000
    2006-08-21 18:52 ——– d——– C:\Program Files\Pinnacle
    2006-08-11 21:45 888832 –a—— C:\WINDOWS\system32\nvmobls.dll
    2006-08-11 21:45 581632 –a—— C:\WINDOWS\system32\nvhwvid.dll
    2006-08-11 21:45 5611520 –a—— C:\WINDOWS\system32\nvdisps.dll
    2006-08-11 21:45 5251072 –a—— C:\WINDOWS\system32\nvdispsr.dll
    2006-08-11 21:45 458752 –a—— C:\WINDOWS\system32\nvmccssr.dll
    2006-08-11 21:45 45056 –a—— C:\WINDOWS\system32\nvmccsrs.dll
    2006-08-11 21:45 3039232 –a—— C:\WINDOWS\system32\nvgames.dll
    2006-08-11 21:45 2953216 –a—— C:\WINDOWS\system32\nvvitvsr.dll
    2006-08-11 21:45 2928640 –a—— C:\WINDOWS\system32\nvgamesr.dll
    2006-08-11 21:45 2904064 –a—— C:\WINDOWS\system32\nvvitvs.dll
    2006-08-11 21:45 2859008 –a—— C:\WINDOWS\system32\nvmoblsr.dll
    2006-08-11 21:45 229376 –a—— C:\WINDOWS\system32\nvmccs.dll
    2006-08-11 21:45 188416 –a—— C:\WINDOWS\system32\nvmccss.dll
    2006-08-11 21:45 1732608 –a—— C:\WINDOWS\system32\nvwssr.dll
    2006-08-11 21:45 1236992 –a—— C:\WINDOWS\system32\nvwss.dll
    2006-08-11 21:44 147456 –a—— C:\WINDOWS\system32\nvcolor.exe
    2006-08-11 21:43 86016 –a—— C:\WINDOWS\system32\nvmctray.dll
    2006-08-11 21:43 81920 –a—— C:\WINDOWS\system32\nvwddi.dll
    2006-08-11 21:43 794624 –a—— C:\WINDOWS\system32\nvcplui.exe
    2006-08-11 21:43 7630848 –a—— C:\WINDOWS\system32\nvcpl.dll
    2006-08-11 21:43 466944 –a—— C:\WINDOWS\system32\nvshell.dll
    2006-08-11 21:43 442368 –a—— C:\WINDOWS\system32\nvappbar.exe
    2006-08-11 21:43 425984 –a—— C:\WINDOWS\system32\keystone.exe
    2006-08-11 21:43 311296 –a—— C:\WINDOWS\system32\nvexpbar.dll
    2006-08-11 21:43 286720 –a—— C:\WINDOWS\system32\nvnt4cpl.dll
    2006-08-11 21:43 196608 –a—— C:\WINDOWS\system32\nvapi.dll
    2006-08-11 21:43 1662976 –a—— C:\WINDOWS\system32\nvwdmcpl.dll
    2006-08-11 21:43 1519616 –a—— C:\WINDOWS\system32\nwiz.exe
    2006-08-11 21:43 1470464 –a—— C:\WINDOWS\system32\nview.dll
    2006-08-11 21:43 1339392 –a—— C:\WINDOWS\system32\nvdspsch.exe
    2006-08-11 21:43 1019904 –a—— C:\WINDOWS\system32\nvwimg.dll
    2006-08-11 21:43 1011712 –a—— C:\WINDOWS\system32\nvcpluir.dll
    2006-08-11 21:42 5636096 –a—— C:\WINDOWS\system32\nvoglnt.dll
    2006-08-11 21:42 4496128 –a—— C:\WINDOWS\system32\nv4_disp.dll
    2006-08-11 21:42 3958496 –a—— C:\WINDOWS\system32\drivers\nv4_mini.sys
    2006-08-11 21:42 35840 –a—— C:\WINDOWS\system32\nvcodins.dll
    2006-08-11 21:42 35840 –a—— C:\WINDOWS\system32\nvcod.dll
    2006-08-11 21:42 155715 –a—— C:\WINDOWS\system32\nvsvc32.exe
    2006-08-10 17:24 ——– d——– C:\Documents and Settings\Michiel R\Application Data\Syntrillium
    2006-08-04 17:16 ——– d——– C:\Program Files\KSIGN
    2006-07-31 09:36 ——– d——– C:\Documents and Settings\Michiel R\Application Data\Skype
    2006-07-30 21:27 ——– d——– C:\Program Files\Skype
    2006-07-30 17:38 ——– d——– C:\Documents and Settings\Michiel R\Application Data\Gearbox Software
    2006-07-29 19:32 48936 –a—— C:\WINDOWS\system32\sirenacm.dll
    2006-07-26 16:53 ——– d——– C:\Documents and Settings\Michiel R\Application Data\Google
    2006-07-25 17:58 ——– d——– C:\Documents and Settings\Michiel R\Application Data\AdobeUM
    2006-07-19 15:59 865 –a—— C:\Documents and Settings\Michiel R\Application Data\AdobeDLM.log
    2006-07-19 15:59 0 –a—— C:\Documents and Settings\Michiel R\Application Data\dm.ini
    2006-07-19 15:59 ——– d——– C:\Program Files\Adobe
    2006-07-19 15:58 ——– d——– C:\Program Files\Common Files\Adobe
    2006-07-17 14:52 67072 –a—— C:\WINDOWS\system32\realbap1.dll
    2006-07-08 10:29 737280 –a—— C:\WINDOWS\iun6002.exe
    2006-06-25 00:40 98304 –a—— C:\WINDOWS\system32\CmdLineExt.dll
    2006-06-24 23:47 62 –ahs—- C:\Documents and Settings\Michiel R\Application Data\desktop.ini


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\windows\\System32\\ctfmon.exe"
    "Steam"=""
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "CTDVDDET"="\"F:\\Sound Blaster Audigy 4\\DVDAudio\\CTDVDDET.EXE\""
    "CTSysVol"="F:\\Sound Blaster Audigy 4\\Surround Mixer\\CTSysVol.exe /r"
    "AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
    "UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "QuickTime Task"="\"F:\\K-Lite Codec Pack\\QuickTime\\qttask.exe\" -atboottime"
    "Copperhead"="F:\\Razer Copperhead\\razerhid.exe"
    "PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe -CheckReg"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
    "CTHelper"="CTHELPER.EXE"
    "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e4,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LaunchList]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="LaunchList"
    "hkey"="HKLM"
    "command"="F:\\Pinnacle Studio 9\\LaunchList.exe"
    "inimapping"="0"


    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
    securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll



    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20060919-094728-413
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
    backup-20060919-094728-100
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm
    backup-20060919-094728-705
    O4 - HKLM\..\Run: [rib98f99] RUNDLL32.EXE w04f05eb.dll,n 00498f950000000a04f05eb
    backup-20060919-094728-925
    O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
    backup-20060919-094728-696
    F2 - REG:system.ini: UserInit=userinit.exe
    backup-20060918-202047-955
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e7.exe
    backup-20060918-202047-997
    O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
    backup-20060918-202047-539
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    backup-20060918-202047-286
    O4 - HKLM\..\Run: [defender] C:\\dfndrff_e7.exe
    backup-20060918-202047-820
    O4 - HKLM\..\Run: [explorer] H:\Proggies\Xinstall.exe
    backup-20060918-202047-788
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    backup-20060918-202047-183
    O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
    backup-20060918-202047-622
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

    Contents of the 'Scheduled Tasks' folder
    C:\windows\tasks\Norton AntiVirus - Scan my computer - Michiel R.job

    Completion time: Tue 19-09-2006 9:49:32.46
    ComboFix.txt

    ————————————————————————————-

    Logfile of HijackThis v1.99.1
    Scan saved at 9:51:37, on 19-9-2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    F:\Norton Internet Security 2005\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\windows\system32\spoolsv.exe
    C:\windows\system32\cscript.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    F:\Norton Internet Security 2005\Norton AntiVirus\navapsvc.exe
    F:\Sound Blaster Audigy 4\DVDAudio\CTDVDDET.EXE
    F:\Sound Blaster Audigy 4\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\windows\System32\nvsvc32.exe
    F:\Razer Copperhead\razerhid.exe
    C:\windows\System32\RUNDLL32.EXE
    C:\windows\CTHELPER.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\windows\System32\ctfmon.exe
    F:\Multi Talen Woordenboek\TrueTerm.exe
    F:\Razer Copperhead\razertra.exe
    F:\Razer Copperhead\razerofa.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\windows\System32\wuauclt.exe
    C:\windows\System32\wuauclt.exe
    F:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CTDVDDET] "F:\Sound Blaster Audigy 4\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [CTSysVol] F:\Sound Blaster Audigy 4\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "F:\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Copperhead] F:\Razer Copperhead\razerhid.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\System32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = F:\Adobe Reader\Reader\reader_sl.exe
    O4 - Global Startup: Multi talen Woordenboek takenbalk.lnk = ?
    O8 - Extra context menu item: Download all with Free Download Manager - file://F:\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://F:\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site with Free Download Manager - file://F:\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://F:\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Java\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Java\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {89981B1D-07DA-43C3-9770-06C51E7E5DCE} (NostaleWebStarter Control) - http://game.nostale.com/sso/NostaleWebLauncher.cab
    O16 - DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} (ENetLauncher Control) - http://www.dragongemworld.com/Active_X/ENetLauncher.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
    O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - F:\Norton Internet Security 2005\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Norton Internet Security 2005\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - F:\Norton Internet Security 2005\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • Download en installeer [b:3cc2f5476b]Ewido Anti-Spyware 4.0[/b:3cc2f5476b].
    Na de installatie open je Ewido Anti-Spyware 4.0:
    - onder 'Status' klik je naast 'Resident shield' op [b:3cc2f5476b]Change state[/b:3cc2f5476b]. (deze moet op 'Inactive' komen te staan)
    - onder 'Update' klik je bij 'Manual update' op de knop [b:3cc2f5476b]Start update[/b:3cc2f5476b].
    - onder 'Scanner' ga je naar de tab 'Settings' en wijzig je het volgende: [list:3cc2f5476b]* onder 'How to act?', klik je op 'Recommended actions' en selecteer je [b:3cc2f5476b]Quarantine[/b:3cc2f5476b].
    * Onder 'Reports', selecteer je [b:3cc2f5476b]Automatically generate report after every scan[/b:3cc2f5476b] en verwijder je het vinkje bij [b:3cc2f5476b]Only if threats were found[/b:3cc2f5476b].[/list:u:3cc2f5476b]
    -Sluit Ewido. Laat het [b:3cc2f5476b]nog niet[/b:3cc2f5476b] scannen.

    Start de computer op in veilige modus. Hoe je dit doet kan je hier lezen.
    Open Ewido Security Suite.
    - Klik op 'Scanner'.
    - Klik op 'Complete system scan'.
    Ewido gaat nu je volledige computersysteem scannen.
    - Als de scan beëindigd is, klik je onderaan op de knop [b:3cc2f5476b]Apply all Actions[/b:3cc2f5476b].
    - Wanneer je de melding krijgt 'All actions have been applied', klik je onderaan op de knop 'Save Report'. Het rapport van de scan wordt nu opgeslagen in de map Program Files\ewido anti-spyware 4.0\Reports
    Klik je op de knop 'Save report as' dan krijg je de mogelijkheid om het rapportje op een andere plaats op te slaan. (bv je bureaublad)
    - Sluit Ewido af.

    Herstart de computer in normale modus en post het rapport van Ewido.
  • Sorry voor de late reactie. Hier de log van Ewido:

    ———————————————————
    ewido anti-spyware - Scan Report
    ———————————————————

    + Created at: 20:29:29 21-9-2006

    + Scan result:



    C:\Program Files\Everest Poker\CStart.exe -> Adware.Casino : Cleaned with backup (quarantined).
    C:\Program Files\Everest Poker\Everest Poker.exe -> Adware.Casino : Cleaned with backup (quarantined).
    C:\Program Files\Everest Poker\cstart-tmp.exe -> Adware.Casino : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned with backup (quarantined).
    C:\Documents and Settings\Michiel R\Cookies\michiel r@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).


    ::Report end
  • Zijn er nog problemen?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.