Vraag & Antwoord

Beveiliging & privacy

Spyware (+ hijackthis log)

Anoniem
None
31 antwoorden
  • Deckard's System Scanner v20070426.43
    Run by Admin on 2007-05-25 at 12:47:55
    Computer is in Normal Mode.
    ——————————————————————————–

    – System Restore ————————————————————–

    Successfully created a Deckard's System Scanner Restore Point.


    – Last 5 Restore Point(s) –
    86: 2007-05-25 10:48:00 UTC - RP353 - Deckard's System Scanner Restore Point
    85: 2007-05-23 17:03:14 UTC - RP352 - Installed Sophos Anti-Virus
    84: 2007-05-23 17:02:38 UTC - RP351 - Installed Sophos Anti-Virus
    83: 2007-05-23 17:01:47 UTC - RP350 - Installed Sophos Anti-Virus
    82: 2007-05-23 14:38:24 UTC - RP349 - Software Distribution Service 2.0


    – First Restore Point –
    1: 2007-02-23 12:44:11 UTC - RP268 - Controlepunt van systeem


    Backed up registry hives.

    Performed disk cleanup.


    – HijackThis (run as Admin.exe) ———————————————–

    Logfile of HijackThis v1.99.1
    Scan saved at 12:48:48, on 25-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\@Home veiligheid\Antivirus\sweepsrv.sys
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\Admin\Bureaublad\dss.exe
    C:\PROGRA~1\HIJACK~1\Admin.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\WatchDog\watchdog.exe /.
    O4 - HKLM\..\Run: [Preventon RealTime Antivirus] C:\Program Files\@Home veiligheid\AntiVirus\AVRealTime.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\RunServices: [WatchDog] C:\Program Files\WatchDog\watchdog.exe /.
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - Startup: Xfire.lnk = C:\Spellen\Xfire\Xfire.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.128.37
    O17 - HKLM\System\CS1\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.128.37
    O17 - HKLM\System\CS2\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.128.37
    O17 - HKLM\System\CS3\Services\Tcpip\..\{5C64622A-E521-4E3C-BB5A-A704DC61E04A}: NameServer = 213.51.144.37,213.51.128.37
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: sweepsrv.sys - Sophos Plc - C:\Program Files\@Home veiligheid\Antivirus\sweepsrv.sys
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    – File Associations ———————————————————–

    All associations okay.


    – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ———————

    R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
    R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
    R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
    R0 SSI - c:\windows\system32\drivers\ssi.sys <Not Verified; Webroot Software (www.webroot.com); SpySweeper>
    R2 SIODRV - c:\windows\system32\drivers\siodrv.sys <Not Verified; Intel Corporation; Intel(R) Active Monitor>
    R3 InterCheck Control - c:\program files\@home veiligheid\antivirus\icntdrv5.sys <Not Verified; Sophos Plc; Sophos Anti-Virus>
    R3 InterCheck Filter - c:\program files\@home veiligheid\antivirus\icntflt5.sys <Not Verified; Sophos Plc; Sophos Anti-Virus>
    R3 InterCheck Support 01 - c:\program files\@home veiligheid\antivirus\icntst01.sys <Not Verified; Sophos Plc; Sophos Anti-Virus>
    R3 InterCheck Support 02 - c:\program files\@home veiligheid\antivirus\icntst02.sys <Not Verified; Sophos Plc; Sophos Anti-Virus>
    R3 InterCheck Support 03 - c:\program files\@home veiligheid\antivirus\icntst03.sys <Not Verified; Sophos Plc; Sophos Anti-Virus>
    R3 InterCheck Support 04 - c:\program files\@home veiligheid\antivirus\icntst04.sys <Not Verified; Sophos Plc; Sophos Anti-Virus>
    R3 InterCheck Support 05 - c:\program files\@home veiligheid\antivirus\icntst05.sys <Not Verified; Sophos Plc; Sophos Anti-Virus>
    R3 InterCheck Support 06 - c:\program files\@home veiligheid\antivirus\icntst06.sys <Not Verified; Sophos Plc; Sophos Anti-Virus>
    R3 InterCheck Support 07 - c:\program files\@home veiligheid\antivirus\icntst07.sys <Not Verified; Sophos Plc; Sophos Anti-Virus>
    R3 InterCheck Support 08 - c:\program files\@home veiligheid\antivirus\icntst08.sys <Not Verified; Sophos Plc; Sophos Anti-Virus>
    R3 InterCheck Support 09 - c:\program files\@home veiligheid\antivirus\icntst09.sys <Not Verified; Sophos Plc; Sophos Anti-Virus>
    R3 InterCheck Support 10 - c:\program files\@home veiligheid\antivirus\icntst10.sys <Not Verified; Sophos Plc; Sophos Anti-Virus>
    R3 InterCheck Support 11 - c:\program files\@home veiligheid\antivirus\icntst11.sys <Not Verified; Sophos Plc; Sophos Anti-Virus>
    R3 InterCheck Support 12 - c:\program files\@home veiligheid\antivirus\icntst12.sys <Not Verified; Sophos Plc; Sophos Anti-Virus>
    R3 SMBios (Intel (R) System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel (R) System Management BIOS Driver>
    R3 smbusp (Intel(R) SMBus 2.0 Driver) - c:\windows\system32\drivers\intelsmb.sys <Not Verified; Intel Corporation; Intel(R) SMBus Controller>

    S1 ikhlayer (Kernel Anti-Spyware Driver) - c:\windows\system32\drivers\ikhlayer.sys (file missing)
    S3 MEMSWEEP2 - c:\windows\system32\82.tmp (file missing)
    S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel(R) iQVW32.SYS>


    – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ——————–

    R2 sweepsrv.sys - "c:\program files\@home veiligheid\antivirus\sweepsrv.sys" <Not Verified; Sophos Plc; Sophos Anti-Virus>


    – Scheduled Tasks ————————————————————-

    2007-05-24 22:00:01 264 –ah—– C:\WINDOWS\Tasks\A8E644929119F74A.job


    – Files created between 2007-04-25 and 2007-05-25 —————————–

    2007-05-24 20:01:26 0 d——– C:\Documents and Settings\Admin\Application Data\BearShare
    2007-05-24 15:46:56 0 d——– C:\Documents and Settings\Admin\DoctorWeb
    2007-05-23 18:59:34 0 d——– C:\Program Files\Sophos Anti Virus
    2007-05-22 21:26:23 0 d——– C:\Documents and Settings\LocalService\Application Data\Adobe
    2007-05-22 21:26:07 0 d——– C:\Documents and Settings\LocalService\Bureaublad
    2007-05-20 17:36:03 0 d——– C:\Program Files\BearShare Applications
    2007-05-19 14:37:55 0 d——– C:\Documents and Settings\Admin\Application Data\vlc
    2007-05-12 11:59:58 0 d——– C:\Program Files\SpywareBlaster
    2007-05-05 14:54:10 0 d——– C:\Documents and Settings\Admin\Application Data\NeroDCTemplates
    2007-04-29 16:35:31 409600 –a—— C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
    2007-04-29 16:35:31 114688 –a—— C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
    2007-04-29 16:35:31 0 d——– C:\Program Files\OpenAL
    2007-04-29 12:34:37 0 d——– C:\Documents and Settings\Admin\Application Data\Gearbox Software
    2007-04-28 13:33:02 0 d——– C:\Program Files\Music Machine
    2007-04-28 12:10:30 69632 –a—— C:\WINDOWS\system32\xmltok.dll
    2007-04-28 12:10:30 36864 –a—— C:\WINDOWS\system32\xmlparse.dll
    2007-04-28 12:10:30 0 d——– C:\Program Files\Ubisoft
    2007-04-28 10:24:44 298496 –a—— C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>


    – Find3M Report —————————————————————

    2007-05-25 12:47:36 0 d——– C:\Documents and Settings\Admin\Application Data\Xfire
    2007-05-24 22:13:54 0 d——– C:\Documents and Settings\Admin\Application Data\Azureus
    2007-05-24 20:34:20 0 d——– C:\Documents and Settings\Admin\Application Data\teamspeak2
    2007-05-23 18:43:02 0 d——– C:\Program Files\Hitman Pro
    2007-05-20 12:25:03 0 d——– C:\Program Files\@Home veiligheid
    2007-05-13 11:40:47 60 -rahs—- C:\MSDOS.SYS
    2007-04-29 11:32:01 0 d–h—– C:\Program Files\InstallShield Installation Information
    2007-04-27 21:04:48 0 d——– C:\Program Files\Electronic Arts
    2007-04-13 16:13:55 0 d——– C:\Documents and Settings\Admin\Application Data\Command & Conquer 3 Tiberium Wars
    2007-04-12 17:35:55 0 d——– C:\Program Files\Common Files\EasyInfo
    2007-04-07 18:27:12 664 –a—— C:\WINDOWS\system32\d3d9caps.dat
    2007-04-07 12:19:05 0 d——– C:\Program Files\Common Files\LogiShrd
    2007-04-06 12:32:17 0 d——– C:\Program Files\Logitech
    2007-04-03 18:07:45 4212 —h—– C:\WINDOWS\system32\zllictbl.dat
    2007-03-25 11:09:07 465926 –a—— C:\WINDOWS\system32\perfh013.dat
    2007-03-25 11:09:07 81380 –a—— C:\WINDOWS\system32\perfc013.dat
    2007-03-17 17:33:45 1466 –a—— C:\WINDOWS\eReg.dat
    2007-03-08 17:37:53 22720 –a—— C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT


    – Registry Dump —————————————————————

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe"
    "RTHDCPL"="RTHDCPL.EXE"
    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
    "AGEIA PhysX SysTray"="C:\\Program Files\\AGEIA Technologies\\TrayIcon.exe"
    "WatchDog"="C:\\Program Files\\WatchDog\\watchdog.exe /."
    "Preventon RealTime Antivirus"="C:\\Program Files\\@Home veiligheid\\AntiVirus\\AVRealTime.exe"
    "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe\""
    "LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"
    "LVCOMSX"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\LVComSX.exe\""
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "WatchDog"="C:\\Program Files\\WatchDog\\watchdog.exe /."

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
    "Spyware Doctor"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispAppearancePage"=dword:00000000
    "NoDispBackgroundPage"=dword:00000000
    "NoDispScrSavPage"=dword:00000000
    "NoDispSettingsPage"=dword:00000000
    "NoDispCPL"=dword:00000000
    "DisableCMD"=dword:00000000
    "DisableLockWorkstation"=dword:00000000
    "DisableChangePassword"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"=dword:00000000
    "NoCommonGroups"=dword:00000000
    "NoLogOff"=dword:00000000
    "NoStartMenuSubFolders"=dword:00000000
    "NoSetTaskBar"=dword:00000000
    "NoSetFolders"=dword:00000000
    "NoRecentDocsMenu"=dword:00000000
    "NoSMHelp"=dword:00000000
    "NoNetworkConnections"=dword:00000000
    "NoSMMyDocs"=dword:00000000
    "NoSetActiveDesktop"=dword:00000000
    "NoActiveDesktopChanges"=dword:00000000
    "NoSaveSettings"=dword:00000000
    "NoClose"=dword:00000000
    "NoNetConnectDisconnect"=dword:00000000
    "NoTrayContextMenu"=dword:00000000
    "NoViewContextMenu"=dword:00000000
    "NoWinKeys"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2 Up File Flag]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="knobnew"
    "hkey"="HKLM"
    "command"="C:\\Documents and Settings\\All Users\\Application Data\\Global seek 2 up\\knobnew.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="apdproxy"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bittorrent"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" –force_start_minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Build cdrom]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="idle grid"
    "hkey"="HKCU"
    "command"="C:\\DOCUME~1\\Admin\\APPLIC~1\\INSIDE~1\\idle grid.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ctfmon"
    "hkey"="HKCU"
    "command"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NBJ"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NvCpl"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NvMcTray"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="nwiz"
    "hkey"="HKLM"
    "command"="nwiz.exe /install"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qsjklxbg"
    "hkey"="HKLM"
    "command"="rundll32.exe \"C:\\WINDOWS\\system32\\qsjklxbg.dll\",realset"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Steam"
    "hkey"="HKCU"
    "command"="\"C:\\Spellen\\Counterstrike Source\\Steam.exe\" -silent"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="watchdog"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\WatchDog\\watchdog.exe /."
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Save"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Save\\Save.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
    Shell\AutoRun\command D:\launcher.exe


    – End of Deckard's System Scanner: finished at 2007-05-25 at 12:50:01 ———
  • Mooi dacht ik zo, nog problemen?
  • toen ik vanmiddag mijn pc aanzetten gaf mijn virusscanner alweer melding van een virus…

    mal|swizzor-A

    van deze virus heb ik niet veel kunnen vinden op het internet, maar ik weet wel dat die virus dezelfde files als die trojan.virtumod infecteerd. is deze op dezelfde manier weg te halen of is daar andere methode voor nodig?
  • Download en installeer [b:d3efc5bc0d]Superantispyware[/b:d3efc5bc0d][list:d3efc5bc0d]
    [*:d3efc5bc0d]Start Superantispyware en klik de [b:d3efc5bc0d]check for updates[/b:d3efc5bc0d] knop.
    [*:d3efc5bc0d]Na het updaten, klik de [b:d3efc5bc0d]scan your computer[/b:d3efc5bc0d] knop.
    [*:d3efc5bc0d]Vink aan: [b:d3efc5bc0d]Perform Complete Scan[/b:d3efc5bc0d] en klik daarna op [b:d3efc5bc0d]next[/b:d3efc5bc0d].
    [*:d3efc5bc0d]Superantispyware zal je computer scannen. Daarna zal het een lijst weergeven van alles die gevonden werd.
    [*:d3efc5bc0d]Vink al hetgeen gevonden werd aan en klik op [b:d3efc5bc0d]next[/b:d3efc5bc0d].
    [*:d3efc5bc0d]Klik [b:d3efc5bc0d]finish[/b:d3efc5bc0d] om terug naar het hoofdvenster te keren.
    [*:d3efc5bc0d]Klik [b:d3efc5bc0d]Preferences[/b:d3efc5bc0d] en klik daarna de [b:d3efc5bc0d]statistics/logs[/b:d3efc5bc0d] tab. Klik op de gedateerde log en selecteer [b:d3efc5bc0d]view log[/b:d3efc5bc0d].
    [*:d3efc5bc0d]Dit zal de log openen. Deze heb ik nadien nodig.
    [*:d3efc5bc0d]Herstart daarna je pc. Belangrijk[/list:u:d3efc5bc0d]
  • ik heb het laten scannen en hier is de log:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 05/25/2007 at 05:34 PM

    Application Version : 3.8.1002

    Core Rules Database Version : 3244
    Trace Rules Database Version: 1255

    Scan type : Complete Scan
    Total Scan Time : 00:51:10

    Memory items scanned : 486
    Memory threats detected : 0
    Registry items scanned : 5137
    Registry threats detected : 0
    File items scanned : 39964
    File threats detected : 24

    Adware.Tracking Cookie
    C:\Documents and Settings\Admin\Cookies\admin@ads.adbrite[1].txt
    C:\Documents and Settings\Admin\Cookies\admin@adbrite[1].txt
    C:\Documents and Settings\Admin\Cookies\admin@nl.sitestat[1].txt
    C:\Documents and Settings\Admin\Cookies\admin@ad1.clickhype[1].txt
    C:\Documents and Settings\Admin\Cookies\admin@stat.onestat[2].txt
    C:\Documents and Settings\Admin\Cookies\admin@adecn[1].txt
    C:\Documents and Settings\Admin\Cookies\admin@cpvfeed[2].txt
    C:\Documents and Settings\Admin\Cookies\admin@4.adbrite[2].txt
    C:\Documents and Settings\Admin\Cookies\admin@divx.adbureau[2].txt
    C:\Documents and Settings\Admin\Cookies\admin@adserver.adreactor[1].txt
    C:\Documents and Settings\Gast\Cookies\gast@ad.zanox[2].txt
    C:\Documents and Settings\Gast\Cookies\gast@ad1.clickhype[1].txt
    C:\Documents and Settings\Gast\Cookies\gast@ads.realtechnetwork[1].txt
    C:\Documents and Settings\Gast\Cookies\gast@darknova5.tripod[2].txt
    C:\Documents and Settings\Gast\Cookies\gast@m1.webstats4u[2].txt
    C:\Documents and Settings\Gast\Cookies\gast@stats.ilsemedia[2].txt
    C:\Documents and Settings\Gast\Cookies\gast@xiti[1].txt
    C:\Documents and Settings\J. M van Gastel\Cookies\j. m van gastel@data3.perf.overture[1].txt
    C:\Documents and Settings\J. M van Gastel\Cookies\j._m_van_gastel@ad.zanox[1].txt
    C:\Documents and Settings\J. M van Gastel\Cookies\j._m_van_gastel@cpvfeed[2].txt
    C:\Documents and Settings\J. M van Gastel\Cookies\j._m_van_gastel@stats.ilsemedia[1].txt

    Adware.WhenU
    C:\DOCUMENTS AND SETTINGS\ADMIN\DOCTORWEB\QUARANTINE\A0113032.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{78662271-AE52-4BDA-AE35-D10CE5C867E0}\RP337\A0113036.EXE

    BearShare File Sharing Client
    C:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE
  • Je logje is schoon, welke scanner gaf dat aan?
  • Tja probeer dat nogmaals, op pagina 1 ook al aangeboden.

    Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt

    Hier nog wat tips. tips
  • mijn systeem herstel geeft geen reactie als ik op wijzig instelling klik, waarom weet ik niet.
  • ga naar start > uitvoeren en typ:

    [b:df76441caf]
    regsvr32 urlmon.dll

    regsvr32 jscript.dll

    regsvr32 wshom.ocx
    [/b:df76441caf]

    (enter na iedere regel)

    Wat betreft je systeemherstel – even kijken wat volgende evntueel onthult:

    Ga naar start > uitvoeren en kopieer en plak het volgende erin:
    [b:df76441caf]
    regedit /e C:look.txt "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore"
    [/b:df76441caf]
    Zoek op je C: en post de inhoud van look.txt

    succes
  • ik heb het uitgevoerd, maar ik kan geen look.txt vinden, ook niet als ik zoeken gebruik.

    wat ik ook raar ivnd is dat als ik aan het scannen ben, dat die aangeeft dat ik een virus heb. maar ik heb tot nu toe nog niet een swizzor-A kunnen verwijderen met superANTI-spyware.

    zou het kunnen lukken als ik de files handmatig verwijder?
  • zoek er eens naar en geef het pad ernaartoe even op, en zet het bestand hier neer waar jij van denkt dat het een virus is.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.