Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Windows Firewall/ Gedeelde internetverbinding service niet b

juisterr
12 antwoorden
  • Hallo iedereen,

    ik heb een tijdje geleden een virus op mijn computer gekregen. Dat kwam, omdat ik een cracksite had bezocht. Ik zal even uitleggen waarom voordat iedereen zegt: Eigen schuld dikke bult.
    Mijn broer had een nieuwe laptop gekregen en had daarvoor het spel GTA San Andres gekocht. Ik wilde dit spel ook op de huis-pc spelen, maar je moet het met cd spelen. Ik heb dus het legale, gekochte spel op de pc geïnstaleerd en ik heb gezocht naar een NO CD crack.
    Tot zover de geschiedenis.
    De eerste link die ik probeerde bleek een virus te bevatten, hierdoor kreeg ik ongelofelijk veel pop-ups, dit leek me niet zo erg maar ondertussen heeft dat virus immens veel van mijn programma's aangevroten. Ik heb uiteindelijk het virus weten te verwijderen en veel van de beschadigde programma's weer gerepareerd. Eigenlijk alle behalve Windows zelf.
    Het virus heeft Windows Installer opgevroten en ervoor gezorgd dat de Windows Firewall/ Gedeelde internetverbinding service (ICS) niet beschikbaar meer is.
    Is dit nog te verhelpen zonder dat ik Windows XP weer helemaal opnieuw moet instaleren?
    Zo ja, hoe dan?

    Bij voorbaat enorm bedankt,
    gr Daan
  • Hoi RocX,

    Ga naar start –> uitvoeren (run) en typ daar in 'cmd' (zonder quotes)
    Typ daar in [b:eb435982b7] Netsh firewall reset[/b:eb435982b7] en druk op enter.

    Kijk nu of het verbetering geeft m.b.t. de windows firewall.

    Doe hetzelfde, maar typ nu: [b:eb435982b7]sfc /scannow [/b:eb435982b7]

    Meldt of dat verbetering geeft.


    Succes 8)
  • Download:
    Sla het bestand op je bureaublad op, daarna dubbelklikken.
    Mogelijk start de uninstaller van een rogue scanner op, sluit deze niet af maar laat deze zijn werk doen.

    Daarna de [b:87407ec4f1]PC herstarten[/b:87407ec4f1] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
    Post daarna het logje C:\[b:87407ec4f1]RVAXO-results.log[/b:87407ec4f1] in je volgende
    bericht samen met een nieuw Hijackthis logje aub.
  • Okeej juisterrr ik heb gedaan wat je zei hier is het logje wat ik kreeg.

    —————-RemoveVideoActiveXObject.exe first run————-

    Files found:

    C:\WINDOWS\system32\regedit.com
    C:\WINDOWS\system32\cmd.com
    C:\WINDOWS\system32
    etstat.com
    C:\WINDOWS\system32\ping.com
    C:\WINDOWS\system32\taskkill.com
    C:\WINDOWS\system32\tasklist.com
    C:\WINDOWS\system32\tracert.com
    C:\WINDOWS\system32\ijkkj.bak1
    C:\WINDOWS\system32\bszip.dll
    C:\WINDOWS\system32\svchosts.exe
    C:\Documents and Settings\Daan\FAVORI~1\Online Security Test.url

    Uninstallers Rogue scanners:

    IpWindows uninstaller found

    Folders Found:

    C:\Program Files\DriveCleaner 2006 Free
    C:\Program Files\ipwindows
    C:\WINDOWS\system32
    fomon
    C:\WINDOWS\system32\vidmon
    C:\Program Files\outlook
    C:\Program Files\Common Files\{362AD319-0958-1043-0127-03081602001f}
    C:\Program Files\Common Files\{962AD319-0957-1043-0127-03081602001f}
    C:\Program Files\Common Files\{962AD319-0958-1043-0127-03081602001f}
    C:\Program Files\Common Files\{962AD319-0959-1043-0127-03081602001f}

    ————–RemoveVideoActiveXObject.exe last run—————

    Files found:


    Uninstallers Rogue scanners:


    Folders Found:

  • Pim, ik heb ook geprobeerd wat jij zei alleen de eerste keer dat ik cmd intikte gaf hij aan dat het geen geldige win32 actie was later probeerde ik het weer en toen deed hij het wel. Toen heb ik Netsh firewall reset ingetikt en ik kreeg als antwoord: Ok
    Maar er is geen verbetering opgetreden

    toch bedankt
  • Sorry Juisterr was het Hijack logje vergeten komtie

    Logfile of HijackThis v1.99.1
    Scan saved at 16:24:38, on 17-4-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\services.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    D:\Britta\Itunes\iTunesHelper.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\{962AD319-0957-1043-0127-03081602001f}\Update.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files\webHancer\Programs\whagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\PROGRA~1\MICROS~4\wcescomm.exe
    D:\Britta\Ipod\bin\iPodService.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\PeDevice\PeDev.exe
    C:\Program Files\Hijack This\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.jvo.nl/dagelijksrooster.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
    O2 - BHO: Web Assistant - {04DCB78C-AB45-83AD-A86A-6DFB90277939} - C:\Program Files\psquery\psquery.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Program Files\iVideoCodec\isaddon.dll (file missing)
    O2 - BHO: (no name) - {37E3AF32-30A3-6B76-A141-6BE34BE0AFCF} - C:\WINDOWS\system32\urukdh.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: BandBHO Class - {6CA1C00B-90FC-4F3E-911F-95306ABA49AA} - C:\Program Files\AdSponsorCL\AdSponsorCL.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {A6351249-8F84-D45F-DEA6-D528977A35C8} - C:\WINDOWS\system32\kxb.dll (file missing)
    O2 - BHO: (no name) - {BF10ECD2-7519-75BD-1CF4-74E29F707692} - C:\WINDOWS\system32\wfje.dll (file missing)
    O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{362AD~1\Bar888.dll
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
    O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
    O2 - BHO: (no name) - {F89354B4-992D-98FB-290C-CF896C0331C7} - C:\WINDOWS\system32\dwooyzd.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Britta\Itunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min
    O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Niels\Bureaublad\winstall.exe
    O4 - HKLM\..\Run: [AntiVerminsPro] C:\Program Files\AntiVerminsPro\AntiVerminsPro.exe /h
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [{962AD319-0958-1043-0127-03081602001f}] "C:\Program Files\Common Files\{962AD319-0958-1043-0127-03081602001f}\Update.exe" mc-110-12-0000137
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [{962AD319-0957-1043-0127-03081602001f}] "C:\Program Files\Common Files\{962AD319-0957-1043-0127-03081602001f}\Update.exe" mc-110-12-0000137
    O4 - HKLM\..\Run: [{962AD319-0959-1043-0127-03081602001f}] "C:\Program Files\Common Files\{962AD319-0959-1043-0127-03081602001f}\Update.exe" mc-110-12-0000137
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SmartBarXP] D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe
    O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
    O4 - HKCU\..\Run: [BitTorrent] "D:\Daan\Documenten\bittorrent.exe" –force_start_minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
    O4 - Startup: Planet Internet ADSL.lnk = ?
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168462717453
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{61FDBB75-DE3E-47E9-901B-159C52FD4507}: NameServer = 195.121.1.34 195.121.1.66
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\guard.tmp (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
    O23 - Service: iPodService - Apple Computer, Inc. - D:\Britta\Ipod\bin\iPodService.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

  • Ga naar configuratiescherm >> software en verwijder uit de lijst.
    [b:b8fbcde472] WebHancer[/b:b8fbcde472]
    [b:b8fbcde472] Bar888[/b:b8fbcde472]
    [b:b8fbcde472] PEDEV[/b:b8fbcde472]
    [b:b8fbcde472] DriveCleaner[/b:b8fbcde472]

    Download [b:b8fbcde472]Combofix[/b:b8fbcde472] naar je Bureaublad.[list:b8fbcde472]
    Nog even niks mee doen.

    Start op in veilige modus, http://users.telenet.be/marcvn/spyware/1378056.htm


    Start HJT opnieuw en doe een systemscan only, vink onderstaande regels aan sluit alle vensters behalve HJT en klik op fix checked.
    [b:b8fbcde472]
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
    O2 - BHO: Web Assistant - {04DCB78C-AB45-83AD-A86A-6DFB90277939} - C:\Program Files\psquery\psquery.dll
    O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Program Files\iVideoCodec\isaddon.dll (file missing)
    O2 - BHO: (no name) - {37E3AF32-30A3-6B76-A141-6BE34BE0AFCF} - C:\WINDOWS\system32\urukdh.dll
    O2 - BHO: BandBHO Class - {6CA1C00B-90FC-4F3E-911F-95306ABA49AA} - C:\Program Files\AdSponsorCL\AdSponsorCL.dll
    O2 - BHO: (no name) - {A6351249-8F84-D45F-DEA6-D528977A35C8} - C:\WINDOWS\system32\kxb.dll (file missing)
    O2 - BHO: (no name) - {BF10ECD2-7519-75BD-1CF4-74E29F707692} - C:\WINDOWS\system32\wfje.dll (file missing)
    O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{362AD~1\Bar888.dll
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
    O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
    O2 - BHO: (no name) - {F89354B4-992D-98FB-290C-CF896C0331C7} - C:\WINDOWS\system32\dwooyzd.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min
    O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Niels\Bureaublad\winstall.exe
    O4 - HKLM\..\Run: [AntiVerminsPro] C:\Program Files\AntiVerminsPro\AntiVerminsPro.exe /h
    O4 - HKLM\..\Run: [{962AD319-0958-1043-0127-03081602001f}] "C:\Program Files\Common Files\{962AD319-0958-1043-0127-03081602001f}\Update.exe" mc-110-12-0000137
    O4 - HKLM\..\Run: [{962AD319-0957-1043-0127-03081602001f}] "C:\Program Files\Common Files\{962AD319-0957-1043-0127-03081602001f}\Update.exe" mc-110-12-0000137
    O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
    O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\guard.tmp (file missing)
    O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
    [/b:b8fbcde472]

    Zoek via Windows verkenner naar volgende bestanden of mappen, en verwijder deze indien ze nog aanwezig zijn:
    C:\Program Files\[b:b8fbcde472]psquery[/b:b8fbcde472]
    C:\WINDOWS\system32\[b:b8fbcde472]urukdh.dll[/b:b8fbcde472]

    Run nogmaals [b:b8fbcde472] RemoveVideoActiveXObject.exe[/b:b8fbcde472]

    Daarna

    Dubbelklik [b:b8fbcde472]Combofix.exe[/b:b8fbcde472]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:b8fbcde472]NIET[/b:b8fbcde472] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:b8fbcde472]
    Wanneer de fix voltooid is en na herstart, zal de log [b:b8fbcde472]combofix.txt[/b:b8fbcde472] openen.
    [i:b8fbcde472]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:b8fbcde472]

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • Nou Juisterr, ik heb de handelingen uitgevoerd ik kon alleen de bestandsmap en de toepassing van psquery niet verwijderen, was beveiligd tegen schrijven ofzo en ik kwam een paar regels niet vinden bij HJT maar volgens mij levert dat geen problemen.

    Hier is het nieuw HJT logje:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:12:42, on 21-4-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\services.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    D:\Britta\Itunes\iTunesHelper.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    D:\Britta\Ipod\bin\iPodService.exe
    C:\PROGRA~1\MICROS~4\wcescomm.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijack This\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.jvo.nl/dagelijksrooster.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Britta\Itunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [{962AD319-0959-1043-0127-03081602001f}] "C:\Program Files\Common Files\{962AD319-0959-1043-0127-03081602001f}\Update.exe" mc-110-12-0000137
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SmartBarXP] D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe
    O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
    O4 - HKCU\..\Run: [BitTorrent] "D:\Daan\Documenten\bittorrent.exe" –force_start_minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
    O4 - Startup: Planet Internet ADSL.lnk = ?
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168462717453
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{61FDBB75-DE3E-47E9-901B-159C52FD4507}: NameServer = 195.121.1.34 195.121.1.66
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
    O23 - Service: iPodService - Apple Computer, Inc. - D:\Britta\Ipod\bin\iPodService.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)


    En nu de combofix:

    [code:1:aced6c3452]
    05-02-2007 19:45 14336 –a—— C:\Qoobox\Quarantine\C\Program Files\Common Files\{962AD~3\Update.exe.vir
    05-02-2007 19:45 7168 –a—— C:\Qoobox\Quarantine\C\Program Files\Common Files\{962AD~3\system.dll.vir
    06-03-2007 17:59 34494 –a—— C:\Qoobox\Quarantine\C\Program Files\Outerinfo\outerinfo.ico.vir
    09-01-2007 16:39 48695 –a—— C:\Qoobox\Quarantine\C\Program Files\Common Files\{362AD~1\toolbardll.lzma.vir
    10-01-2007 12:36 14336 –a—— C:\Qoobox\Quarantine\C\Program Files\Common Files\{962AD~1\Update.exe.vir
    10-01-2007 12:36 7168 –a—— C:\Qoobox\Quarantine\C\Program Files\Common Files\{962AD~1\system.dll.vir
    10-01-2007 12:36 911 –a—— C:\Qoobox\Quarantine\C\WINDOWS\system32\unsvchosts.lzma.vir
    10-01-2007 22:10 14336 –a—— C:\Qoobox\Quarantine\C\Program Files\Common Files\{962AD~2\Update.exe.vir
    10-01-2007 22:10 7168 –a—— C:\Qoobox\Quarantine\C\Program Files\Common Files\{962AD~2\system.dll.vir
    11-02-2007 15:39 1024 –a—— C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1
    fo\mon1920.dbd.vir
    11-02-2007 15:40 1675 –a—— C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1
    fo\arch\1001.dfn.vir
    12-01-2007 22:00 18031 –a—— C:\Qoobox\Quarantine\C\Program Files\Outerinfo\Terms.rtf.vir
    12-10-2005 16:22 382 –a—— C:\Qoobox\Quarantine\C\Program Files\PeDevice\pae_url.xml.vir
    17-04-2007 14:05 3832 –a—— C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\vidmon\vidmon.inf.vir
    17-04-2007 16:00 6664 –a—— C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1
    fo\mon0104.dbd.vir
    17-04-2007 16:01 1024 –a—— C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1
    fo\mon2007.dbd.vir
    17-04-2007 16:07 1024 –a—— C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1
    fo\mon0204.ddx.vir
    17-04-2007 16:07 1024 –a—— C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1
    fo\mon0412.ddx.vir
    17-04-2007 16:07 1024 –a—— C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1
    fo\mon0504.ddx.vir
    17-04-2007 16:07 1024 –a—— C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1
    fo\mon0904.ddx.vir
    17-04-2007 16:07 1024 –a—— C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1
    fo\mon1215.dbd.vir
    17-04-2007 16:07 18528 –a—— C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1
    fo\keys.dat.vir
    17-04-2007 16:07 2048 –a—— C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1
    fo\mon0106.ddx.vir
    17-04-2007 16:07 512 –a—— C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1
    fo\mon0315.ddx.vir
    17-04-2007 16:07 512 –a—— C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1
    fo\mon1125.ddx.vir
    17-04-2007 16:07 512 –a—— C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1
    fo\mon1204.ddx.vir
    17-04-2007 16:07 512 –a—— C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1
    fo\mon1909.ddx.vir
    19-03-2007 20:31 111896 –a—— C:\Qoobox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir
    19-03-2007 20:31 228864 –a—— C:\Qoobox\purity\C\WINDOWS\system32\FNTS~2\?explore.exe
    19-05-2005 19:55 36864 –a—— C:\Qoobox\Quarantine\C\Program Files\PeDevice\Downloader.exe.vir
    20-05-2005 11:12 45056 –a—— C:\Qoobox\Quarantine\C\Program Files\PeDevice\Preparation.dll.vir
    21-04-2007 10:15 10645 –a—— C:\Qoobox\Quarantine\C\Program Files\PeDevice\tmp\last_popup_content.html.vir
    21-04-2007 10:53 211 –a—— C:\Qoobox\Quarantine\C\Program Files\webHancer\Programs\whAgent.ini.vir
    21-04-2007 11:34 200 –a—— C:\Qoobox\Quarantine\C\Program Files\PeDevice\pae-options.xml.vir
    21-04-2007 11:34 233 –a—— C:\Qoobox\Quarantine\C\Program Files\PeDevice\statistic.xml.vir
    21-04-2007 11:34 29323 –a—— C:\Qoobox\Quarantine\C\Program Files\PeDevice\Domain.Watchlist.txt.vir
    21-04-2007 11:34 4801 –a—— C:\Qoobox\Quarantine\C\Program Files\PeDevice\search.watchlist.txt.vir
    21-04-2007 11:34 563 –a—— C:\Qoobox\Quarantine\C\Program Files\PeDevice\tmp\tmp.html.vir
    21-04-2007 11:34 62090 –a—— C:\Qoobox\Quarantine\C\Program Files\PeDevice\watchlist.xml.vir
    21-06-2006 19:07 0 –a—— C:\Qoobox\Quarantine\C\WINDOWS\keyboard1.dat.vir
    21-11-2006 16:57 141 –a—— C:\Qoobox\Quarantine\C\Program Files\PeDevice\communication.xml.vir
    21-12-2006 00:27 171520 –a—— C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1122OinAdmin.exe.vir
    25-02-2007 12:52 48 –a—— C:\Qoobox\Quarantine\C\LSWMV.INI.vir
    26-01-2007 14:03 196 –a—— C:\Qoobox\Quarantine\C\DOCUME~1\Daan\BUREAU~1\Internet.lnk.vir
    27-01-2007 20:54 349228 –a—— C:\Qoobox\Quarantine\C\WINDOWS\services.exe.vir
    27-09-2005 14:59 57344 –a—— C:\Qoobox\Quarantine\C\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe.vir
    28-12-2006 14:06 32177 –a—— C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1122OinUninstaller.exe.vir
    29-12-2005 13:14 159744 –a—— C:\Qoobox\Quarantine\C\Program Files\PeDevice\PeDev.exe.vir
    29-12-2005 13:14 45056 –a—— C:\Qoobox\Quarantine\C\Program Files\PeDevice\pedevPS.dll.vir


    Map PATH-lijst voor volume PROGRAMMAS
    Het volumenummer is 962A-D319
    C:\QOOBOX
    +—purity
    | \—C
    | +—DOCUME~1
    | | \—Daan
    | | +—APPLIC~1
    | | | +—APPATC~1
    | | | \—ICROSO~1
    | | \—MIJNDO~1
    | | +—SCURIT~1
    | | +—SKS~1
    | | +—SMANTE~1
    | | \—WNSXS~1
    | +—Program Files
    | | +—ASKS~1
    | | +—Common Files
    | | | +—APPATC~1
    | | | +—CROSOF~1
    | | | +—DOBE~1
    | | | +—MBOLS~1
    | | | +—PPATCH~1
    | | | +—RACLE~1
    | | | \—WNSXS~1
    | | +—SKS~1
    | | \—WNSXS~1
    | \—WINDOWS
    | +—DOBE~1
    | +—FNTS~1
    | +—MBOLS~1
    | +—SKS~1
    | +—SMBOLS~1
    | +—SSTEM~1
    | \—system32
    | +—FNTS~1
    | +—FNTS~2
    | | ?explore.exe
    | |
    | +—RACLE~1
    | \—WNSXS~1
    \—Quarantine
    +—C
    | | LSWMV.INI.vir
    | |
    | +—DOCUME~1
    | | +—ALLUSE~1
    | | | \—APPLIC~1
    | | | +—nfo
    | | | | | keys.dat.vir
    | | | | | mon0104.dbd.vir
    | | | | | mon0106.ddx.vir
    | | | | | mon0204.ddx.vir
    | | | | | mon0315.ddx.vir
    | | | | | mon0412.ddx.vir
    | | | | | mon0504.ddx.vir
    | | | | | mon0904.ddx.vir
    | | | | | mon1125.ddx.vir
    | | | | | mon1204.ddx.vir
    | | | | | mon1215.dbd.vir
    | | | | | mon1909.ddx.vir
    | | | | | mon1920.dbd.vir
    | | | | | mon2007.dbd.vir
    | | | | |
    | | | | \—arch
    | | | | 1001.dfn.vir
    | | | |
    | | | \—vidmon
    | | | vidmon.inf.vir
    | | |
    | | \—Daan
    | | \—BUREAU~1
    | | Internet.lnk.vir
    | |
    | +—Program Files
    | | +—Common Files
    | | | | Yazzle1122OinAdmin.exe.vir
    | | | | Yazzle1122OinUninstaller.exe.vir
    | | | |
    | | | +—Uninstall Information
    | | | | RemoveWebDP.exe.vir
    | | | |
    | | | +—{362AD~1
    | | | | toolbardll.lzma.vir
    | | | |
    | | | +—{962AD~1
    | | | | system.dll.vir
    | | | | Update.exe.vir
    | | | |
    | | | +—{962AD~2
    | | | | system.dll.vir
    | | | | Update.exe.vir
    | | | |
    | | | \—{962AD~3
    | | | system.dll.vir
    | | | Update.exe.vir
    | | |
    | | +—Outerinfo
    | | | OiUninstaller.exe.vir
    | | | outerinfo.ico.vir
    | | | Terms.rtf.vir
    | | |
    | | +—PeDevice
    | | | | communication.xml.vir
    | | | | Domain.Watchlist.txt.vir
    | | | | Downloader.exe.vir
    | | | | pae-options.xml.vir
    | | | | pae_url.xml.vir
    | | | | PeDev.exe.vir
    | | | | pedevPS.dll.vir
    | | | | Preparation.dll.vir
    | | | | search.watchlist.txt.vir
    | | | | statistic.xml.vir
    | | | | watchlist.xml.vir
    | | | |
    | | | \—tmp
    | | | last_popup_content.html.vir
    | | | tmp.html.vir
    | | |
    | | \—webHancer
    | | \—Programs
    | | whAgent.ini.vir
    | |
    | \—WINDOWS
    | | keyboard1.dat.vir
    | | services.exe.vir
    | |
    | \—system32
    | unsvchosts.lzma.vir
    |
    \—Registry_backups
    [/code:1:aced6c3452]


    Ik had door het virus ook last van een lastige pop-up als ik naar Google ging maar die is nu ook weg alvast bedankt daarvoor.

    Groetjes Daan
















  • Ja mogelijk maar je bent er nog niet, dit was pas het eerste zetje.

    Als er iets niet lukt gewoon doorgaan met de rest.



    Download
    Aanpassing voor gebruik van Killbox:

    Download Pocket Killbox .
    Klik op [b:7b2c56dda2]Killbox.exe[/b:7b2c56dda2] om het programma te starten.
    Selecteer met de muis de bestanden die hieronder in bold staan en type Ctrl-key + C om deze lijst naar het clipboard te copieren
    [b:7b2c56dda2]
    C:\windows\system32\reginv.dll
    C:\windows\system32\fservice.exe
    C:\windows\system32\winkey.dll
    C:\windows\services.exe
    C:\windows\system\sservice.exe
    C:\windows\system32\wininv.dll
    [/b:7b2c56dda2]
    Ga naar [b:7b2c56dda2]Killbox[/b:7b2c56dda2], en klik op [b:7b2c56dda2]File menu[/b:7b2c56dda2] en dan [b:7b2c56dda2]Paste from Clipboard[/b:7b2c56dda2]
    Naast het veld [b:7b2c56dda2]Full Path of File to Delete[/b:7b2c56dda2] klik je op de pijl om te controleren dat de bestanden daar staan.
    Klik op de optie [b:7b2c56dda2]Delete on Reboot[/b:7b2c56dda2]
    Daarna klik je op de rode knop met de witte 'X' om de bestanden te verwijderen.
    Klik [b:7b2c56dda2]Yes[/b:7b2c56dda2] wanneer er wordt gevraagd 'all files will be deleted on the next reboot'
    Klik nogmaals op [b:7b2c56dda2]Yes[/b:7b2c56dda2] op de computer om de computer opnieuw op te starten.




    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:7b2c56dda2]
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    [/b:7b2c56dda2]
    Klik op 'Fix checked' om de items te verwijderen.


    Open de verkenner ("Mijn Computer";) en kies [b:7b2c56dda2]Extra[/b:7b2c56dda2] -> [b:7b2c56dda2]Mapopties…[/b:7b2c56dda2]
    Controleer onder [b:7b2c56dda2]Weergave[/b:7b2c56dda2] de volgende instellingen:

    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
    Uitzetten: Extensies voor bekende bestandstypen verbergen

    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
    Selecteer: Verborgen bestanden en mappen weergeven

    Verwijder de volgende directories/bestanden:
    C:\Program Files\PartyGaming\[b:7b2c56dda2]PartyPoker[/b:7b2c56dda2]\
    C:\WINDOWS\system32\[b:7b2c56dda2]fservice.exe[/b:7b2c56dda2]

    start opnieuw op en plaats een nieuw HJT logje aub.
  • Okee juisterr, alle verandereringen weer doorgevoerd, moet ik nu weer bij mapweergave de instellingen terugzetten? En denk je dat ik, als alles is gedaan, zo weer de hele service kan gebruiken of moet ik dan toch nog iets instaleren? Ik heb nog de XP professional CD.

    Hier het HJT logje:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:21:01, on 22-4-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    D:\Britta\Itunes\iTunesHelper.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe
    C:\PROGRA~1\MICROS~4\wcescomm.exe
    D:\Britta\Ipod\bin\iPodService.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Hijack This\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.jvo.nl/dagelijksrooster.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {31B1FD6C-67A0-6E73-F641-6BE34BEEFF9E} - C:\WINDOWS\system32\dvfawuvk.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Britta\Itunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [{962AD319-0959-1043-0127-03081602001f}] "C:\Program Files\Common Files\{962AD319-0959-1043-0127-03081602001f}\Update.exe" mc-110-12-0000137
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SmartBarXP] D:\Daan\Documenten\SmartBarXP\SmartBarXP.exe
    O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
    O4 - HKCU\..\Run: [BitTorrent] "D:\Daan\Documenten\bittorrent.exe" –force_start_minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
    O4 - Startup: Planet Internet ADSL.lnk = ?
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168462717453
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{61FDBB75-DE3E-47E9-901B-159C52FD4507}: NameServer = 195.121.1.34 195.121.1.66
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
    O23 - Service: iPodService - Apple Computer, Inc. - D:\Britta\Ipod\bin\iPodService.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:6f3c1bf4ca]
    O2 - BHO: (no name) - {31B1FD6C-67A0-6E73-F641-6BE34BEEFF9E} - C:\WINDOWS\system32\dvfawuvk.dll
    [/b:6f3c1bf4ca]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Open de verkenner ("Mijn Computer";) en kies [b:6f3c1bf4ca]Extra[/b:6f3c1bf4ca] -> [b:6f3c1bf4ca]Mapopties…[/b:6f3c1bf4ca]
    Controleer onder [b:6f3c1bf4ca]Weergave[/b:6f3c1bf4ca] de volgende instellingen:

    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
    Uitzetten: Extensies voor bekende bestandstypen verbergen

    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
    Selecteer: Verborgen bestanden en mappen weergeven

    Verwijder de volgende bestanden:
    C:\WINDOWS\system32\[b:6f3c1bf4ca]dvfawuvk.dll[/b:6f3c1bf4ca]

    Download en installeer CCleaner
    (De CCLeaner Yahoo Toolbar is niet nodig)

    Start Ccleaner.
    Ccleaner biedt je de mogelijkheid om in te stellen wat er opgeschoond moet worden.
    Selecteer nu alleen de volgende items:
    Internet Explorer:
    - Tijdelijke Internet bestanden
    Systeem:
    - Prullenbak leegmaken
    - Tijdelijke bestanden
    klik nu in Ccleaner op [b:6f3c1bf4ca]opschonen[/b:6f3c1bf4ca] (rechts onderaan).

    je kan alle tools die aangeboden zijn verwijderen, mocht er iets het niet meer doen dan zal je dat moeten herinstallen, je was behoorlijk besmet.
  • JAAAAA HIJ DOET HET WEER!!!! ONGELOFELIJK HARTSTIKKE BEDANKT ALS IK WIST WAAR JE WOONDE DAN STUURDE IK JE MEGA BOS BLOEMEN!!!! ECHT SUPER BEDANKT

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.