Vraag & Antwoord
pc gaar...
18 antwoorden
- Delsimdialer verwijderd, maar lijkt toch niet helemaal te zijn verwijderd.. Misschien nog wat extra rotzooi op de pc waar ik het fijne niet van weet.
Graag hulp bij dit hijack-logje…
Logfile of HijackThis v1.97.7
Scan saved at 20:05:55, on 28-8-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\WinDV.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\CDSpeed.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Wireless\Client Manager\CMags.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\gebruiker\Bureaublad\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F0 - system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 67.15.57.172 auto.search.msn.com #NETVISION
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.341.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [CDSpeed.exe] C:\WINDOWS\CDSpeed.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless Client Manager.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.computercornerschijndel.nl
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165072177921
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab - Je hebt een sterke oude versie van Hijackthis.
Download Hijackthis-setup naar je [u:3af1ce006b]Bureaublad[/u:3af1ce006b].
Open HJTInstall en bepaal de locatie waar je Hijackthis wilt installeren.
Druk vervolgens op Install, na enkele seconde zal Hijackthis automatisch openen.
Kies nu voor [b:3af1ce006b]'Do a system scan and save a logfile'[/b:3af1ce006b].
Er opent een kladblok bestand met een logfile. Selecteer deze tekst helemaal ([b:3af1ce006b]ctrl-A[/b:3af1ce006b]), kopieer ([b:3af1ce006b]ctrl C[/b:3af1ce006b]) en plak deze tekst in je volgende bericht.
Succes! 8)
Pim - Dank alvast voor reactie, hier is de nieuwe log..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:25, on 28-8-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\WinDV.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\CDSpeed.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Wireless\Client Manager\CMags.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe
O1 - Hosts: 67.15.57.172 auto.search.msn.com #NETVISION
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.341.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [CDSpeed.exe] C:\WINDOWS\CDSpeed.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless Client Manager.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.computercornerschijndel.nl
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165072177921
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Windows Drivers Version - Unknown owner - C:\WINDOWS\WinDV.exe
–
End of file - 8640 bytes - Ik zie meerdere actieve virusscanners in je logfile. Meerdere virusscanners gaan ruzie
maken met elkaar en kunnen leiden tot problemen. Daarom raad ik je aan om Avast of Norman
te deinstalleren via start –> configuratiescherm –> software.
Verwijder daar ook het programma [b:880a0b537f]seekmo[/b:880a0b537f]
Indien dat nog niet is gebeurt, herstart je PC.
Start Hijackthis, kies voor [i:880a0b537f]'Do a system scan only'[/i:880a0b537f] en vink onderstaande regels aan, [b:880a0b537f]indien nog aanwezig[/b:880a0b537f]:
[b:880a0b537f]
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe
O1 - Hosts: 67.15.57.172 auto.search.msn.com #NETVISION
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.341.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.341.0\SeekmoSA.exe"
[/b:880a0b537f]
Sluit nu [u:880a0b537f]alle[/u:880a0b537f] openstaande vensters, behalve Hijackthis en klik op [b:880a0b537f]Fix Checked[/b:880a0b537f].
Verwijder het volgende bestand:
C:\Windows\[b:880a0b537f]WinDV.exe[/b:880a0b537f]
En de volgende map:
C:\Program Files\[b:880a0b537f]Seekmo[/b:880a0b537f]
Download Deckard's System Scanner naar je [b:880a0b537f]Bureaublad[/b:880a0b537f]
[list:880a0b537f]
Sluit alle toepassingen en vensters.
[b:880a0b537f]Dubbelklik[/b:880a0b537f] op [b:880a0b537f]dss.exe[/b:880a0b537f] om het te activeren, en volg de aanwijzingen.
Wanneer de scan volledig is, zal een tekstbestand - [b:880a0b537f]main.txt[/b:880a0b537f] - openen.
Kopiëer [b:880a0b537f]Ctrl+A gevolgd door Ctrl+C[/b:880a0b537f]) en plak ([b:880a0b537f]Ctrl+V[/b:880a0b537f]) de inhoud van [b:880a0b537f]main.txt[/b:880a0b537f] in je volgende antwoord.
[/list:u:880a0b537f] - Windv.exe kon ik niet vinden. Heb de pc laten doorzoeken. Maar hij vond alleen een windv.exe.pf in windows/prefetch ofzo. Moet ik die deleten??
De rest verliep allemaal soepel. Heb dss laten scannen, maar die pc zit even een avond niet verbonden aan internet, dus dss kon niet op internet. Is dit noodzakelijk? Kan eventueel wel internet fixen voor die pc, maar wil het risico niet lopen dat zometeen het hele netwerk vol zit met troep van mn collega
Maargoed, hier de log van dss:
Deckard's System Scanner v20070826.66
Run by gebruiker on 2007-08-28 21:34:36
Computer is in Normal Mode.
——————————————————————————–
– System Restore ————————————————————–
Successfully created a Deckard's System Scanner Restore Point.
– Last 2 Restore Point(s) –
2: 2007-08-28 19:34:42 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2007-08-27 18:20:41 UTC - RP1 - Controlepunt van systeem
Backed up registry hives.
Performed disk cleanup. - Alles werkt weer prima, op 1 ding na.
Hij wilde foto's via zo'n usb-stickie op zn pc zetten, maar zn autorun werkt nu niet meer. Weet niet zeker of het voor dvd's ed ook zo is. Zal dit morgen navragen.
Normaal krijg je dan dat ie automatisch die foto's weergeeft en kunt kopieren naar de harde schijf, maar dit werkt dus niet meer..
Misschien iets verwijderd vande week, wat hiermee te maken kan hebben?
Hij zou het graag weer terug werkend zien..
Als ik een logje moet plaatsen, dan hoor ik dat wel. Vraag ik gewoon nog een avondje de pc mee
Bvd! - C:\WINDOWS\WinDV.exe moved successfully.
C:\WINDOWS\chcp.exe moved successfully.
C:\Program Files\Common Files\delsim moved successfully.
D:\Documents and Settings\All Users\Application Data\SeekmoSA moved successfully.
D:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 moved successfully.
D:\Documents and Settings\gebruiker\Application Data\Seekmo moved successfully.
Created on 08-28-2007 22:09:23
Dus pc niet hoeven te rebooten, meteen die dss erachteraan gedaan, hier het resultaat:
Deckard's System Scanner v20070826.66
Run by gebruiker on 2007-08-28 22:10:44
Computer is in Normal Mode.
——————————————————————————– - Ik lig geloof ik echt te slapen hierzo, heb iets drastisch over het hoofd gezien :oops:
Start Hijackthis, kies voor [i:876c7cdd26]'Do a system scan only'[/i:876c7cdd26] en vink onderstaande regels aan:
[b:876c7cdd26]
O4 - HKLM\..\Run: [CDSpeed.exe] C:\WINDOWS\CDSpeed.exe
[/b:876c7cdd26]
Sluit nu [u:876c7cdd26]alle[/u:876c7cdd26] openstaande vensters, behalve Hijackthis en klik op [b:876c7cdd26]Fix Checked[/b:876c7cdd26].
[list:876c7cdd26]
* Dubbelklik op [b:876c7cdd26]OTMoveIt.exe[/b:876c7cdd26] om de tool te starten.
* Kopiëer (selecteren en druk Ctrl-C) [b:876c7cdd26]alle[/b:876c7cdd26] onderstaande, vetgedrukte, blauwe tekst : - File/Folder C:\WINDOWS\CDSpeed.exe not found.
C:\WINDOWS\WinDV.exe moved successfully.
File/Folder C:\WINDOWS\sndrec32.exe not found.
File move failed. C:\WINDOWS\system32\ftp.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\tftp.exe scheduled to be moved on reboot.
Created on 08-28-2007 23:29:32
dit is die otmoveit, hij gaf nu wel aan dat ik moest rebooten. Dus heb na reboot nog eens zelfde procedure gedaan. Wist niet zeker of het na alleen reboot al goed was. Voor reboot weet ik niet meer precies wat ie aangaf, volgens mij enkel dat ie die tftp en ftp.exe nie kon moven. rest was succesfully, maar weet niet zeker….
Hier is dsslog:
Deckard's System Scanner v20070826.66
Run by gebruiker on 2007-08-28 23:30:46
Computer is in Normal Mode.
——————————————————————————– - Is de pc nu weer ongeveer schoon van rotzooi, of moet ik nog wat stappen doorlopen??
Dat windv.exe bijv. moet ik die nu wissen?
bvd - Hoi,
Ik ben momenteel bezig met een fix, alleen vergt het nogal wat opzoek werk, er zit zeker nog het een en ander op, ik post mijn fix vanavond.
Pim - ok top, bedankt voor alle moeite, zeer gewaardeerd _o_
Ik wacht het rustig af.
gr. - Oké, we gaan het even anders aanpakken. De tool Combofix is gelukkig weer beschikbaar.
1. Start Hijackthis, kies voor [i:3810a1600f]'Do a system scan only'[/i:3810a1600f] en vink onderstaande regels aan:
[b:3810a1600f]
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe
[/b:3810a1600f]
Sluit nu [u:3810a1600f]alle[/u:3810a1600f] openstaande vensters, behalve Hijackthis en klik op [b:3810a1600f]Fix Checked[/b:3810a1600f].
2.
Download Combofix naar je [b:3810a1600f]bureaublad[/b:3810a1600f]
Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
[b:3810a1600f]
File::
C:\WINDOWS\WinDV.exe
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\rstrui.exe
Driver::
Windows Drivers Version
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"=-
[/b:3810a1600f]
Sla dit op op je Bureaublad als [b:3810a1600f]CFScript.txt[/b:3810a1600f]
Sleep [b:3810a1600f]CFScript.txt[/b:3810a1600f] in [b:3810a1600f]ComboFix.exe[/b:3810a1600f] zoals getoond in onderstaand voorbeeld :
[img:3810a1600f]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:3810a1600f]
Dit zal [b:3810a1600f]ComboFix[/b:3810a1600f] doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de [b:3810a1600f]Combofix.txt[/b:3810a1600f] in je volgende antwoord samen met een nieuw HijackThislogje.
Succes!
Pim - ComboFix 07-08-30.1 - "gebruiker" 2007-08-29 22:02:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.298 [GMT 2:00]
Command switches used :: D:\Documents and Settings\gebruiker\Bureaublad\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\WinDV.exe
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\rstrui.exe
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\rstrui.exe
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
D:\Autorun.inf
D:\DOCUME~1\GEBRUI~1\BUREAU~1\internet.lnk
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
——-\LEGACY_WINDOWS_DRIVERS_VERSION
——-\Windows Drivers Version
((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))
2007-08-29 22:01 51,200 –a—— C:\WINDOWS\nircmd.exe
2007-08-28 20:50 <DIR> d——– C:\Program Files\Trend Micro
2007-08-28 20:01 <DIR> d——– D:\DOCUME~1\GEBRUI~1\APPLIC~1\Lavasoft
2007-08-28 19:49 <DIR> d——– C:\Program Files\Enigma Software Group
2007-08-26 20:52 95,608 –a—— C:\WINDOWS\system32\AvastSS.scr
2007-08-26 20:52 94,416 –a—— C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-26 20:52 92,848 –a—— C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-26 20:52 783,224 –a—— C:\WINDOWS\system32\aswBoot.exe
2007-08-26 20:52 42,912 –a—— C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-26 20:52 26,624 –a—— C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-26 20:52 23,152 –a—— C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-26 20:52 <DIR> d——– C:\Program Files\Alwil Software
2007-08-26 18:08 <DIR> d——– C:\WINDOWS\pss
2007-08-25 12:33 <DIR> d——– D:\DOCUME~1\Gast\APPLIC~1\Google
2007-08-25 12:32 <DIR> dr-h—– D:\DOCUME~1\Gast\Onlangs geopend
2007-08-25 12:32 <DIR> dr——- D:\DOCUME~1\Gast\Mijn documenten
2007-08-25 12:32 <DIR> dr——- D:\DOCUME~1\Gast\Menu Start
2007-08-25 12:32 <DIR> dr——- D:\DOCUME~1\Gast\Favorieten
2007-08-25 12:32 <DIR> d–h—– D:\DOCUME~1\Gast\Sjablonen
2007-08-25 12:32 <DIR> d–h—– D:\DOCUME~1\Gast\Netwerkprinteromgeving
2007-08-25 12:32 <DIR> d——– D:\DOCUME~1\Gast\Bureaublad
2007-08-25 12:32 <DIR> d——– D:\DOCUME~1\Gast\APPLIC~1\SPAMfighter
2007-08-24 21:33 <DIR> d——– D:\DOCUME~1\Steffi\APPLIC~1\SPAMfighter
2007-08-24 15:59 <DIR> d——– C:\Program Files\MSN Messenger
2007-07-26 17:49 18,704 -ra—— C:\WINDOWS\system32\drivers\se2Bnd5.sys
2007-07-23 13:19 <DIR> d——– D:\DOCUME~1\GEBRUI~1\APPLIC~1\Leadertech
2007-07-23 13:12 90,800 -ra—— C:\WINDOWS\system32\drivers\se2Bunic.sys
2007-07-23 13:12 4,128 -ra—— C:\WINDOWS\system32\drivers\se2Bcr.sys
2007-07-23 13:07 88,688 -ra—— C:\WINDOWS\system32\drivers\SE2Bmgmt.sys
2007-07-04 19:42 86,560 -ra—— C:\WINDOWS\system32\drivers\SE2Bobex.sys
2007-07-04 19:41 97,184 -ra—— C:\WINDOWS\system32\drivers\SE2Bmdm.sys
2007-07-04 19:41 9,360 -ra—— C:\WINDOWS\system32\drivers\SE2Bmdfl.sys
2007-07-04 19:41 61,600 -ra—— C:\WINDOWS\system32\drivers\SE2Bbus.sys
2007-07-04 19:41 6,240 -ra—— C:\WINDOWS\system32\drivers\SE2Bcmnt.sys
2007-07-04 19:41 6,240 -ra—— C:\WINDOWS\system32\drivers\SE2Bcm.sys
2007-07-04 19:41 5,872 -ra—— C:\WINDOWS\system32\drivers\SE2Bwhnt.sys
2007-07-04 19:41 5,872 -ra—— C:\WINDOWS\system32\drivers\se2Bwh.sys
2007-07-04 18:58 <DIR> d——– D:\DOCUME~1\GEBRUI~1\APPLIC~1\AdobeAUM
2007-07-02 14:18 <DIR> d——– D:\DOCUME~1\GEBRUI~1\APPLIC~1\TransRender
2007-07-02 14:18 <DIR> d——– D:\DOCUME~1\GEBRUI~1\APPLIC~1\Temporary
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-25 15:12 ——— d——– C:\Program Files\Common Files\LightScribe
2007-08-24 22:27 ——— d——– C:\Program Files\Microsoft Picture It! 9
2007-08-24 18:24 ——— d——– C:\Program Files\LimeWire
2007-08-24 14:53 ——— d——– D:\DOCUME~1\GEBRUI~1\APPLIC~1\OpenOffice.org2
2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 –a—— C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 –a—— C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 –a—— C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 –a—— C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 –a—— C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 –a—— C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 –a—— C:\WINDOWS\system32\wups.dll
2007-07-23 13:16 ——— d——– D:\DOCUME~1\GEBRUI~1\APPLIC~1\AdobeUM
2007-06-30 15:58 ——— d——– D:\DOCUME~1\GEBRUI~1\APPLIC~1\ConvertTemp
2007-06-30 15:41 ——— d——– D:\DOCUME~1\GEBRUI~1\APPLIC~1\Samsung
2007-06-30 15:36 ——— d–h—– C:\Program Files\InstallShield Installation Information
2007-06-30 15:36 ——— d——– C:\Program Files\Samsung
2007-06-29 09:22 ——— d——– C:\Program Files\SPAMfighter
2007-06-29 09:22 ——— d——– C:\Program Files\Common Files\Application
2007-06-29 09:22 ——— d——– C:\Program Files\Common Files\Ankiro
2007-06-26 08:10 1104896 –a—— C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:33 282112 –a—— C:\WINDOWS\system32\gdi32.dll
2007-06-13 15:24 1036800 –a—— C:\WINDOWS\explorer.exe
2007-06-05 10:34 1184664 –a—— C:\WINDOWS\system32\FreeImage.dll
2002-12-09 17:48:22 53,248 -csha-r C:\WINDOWS\system32\Vncpwd.dll
2003-02-19 09:10:46 479,232 -csha-r C:\WINDOWS\system32\vncpwd.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 18:35]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-11-23 04:12]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 10:22 C:\WINDOWS\soundman.exe]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 02:11]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-06-25 15:03]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 14:27]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys
S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys
S3 SE2Bmdfl;Sony Ericsson Device 043 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Bmdfl.sys
S3 SE2Bmdm;Sony Ericsson Device 043 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Bmdm.sys
S3 SE2Bmgmt;Sony Ericsson Device 043 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bmgmt.sys
S3 se2Bnd5;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Bnd5.sys
S3 SE2Bobex;Sony Ericsson Device 043 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Bobex.sys
S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM);C:\WINDOWS\system32\DRIVERS\se2Bunic.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
S3 wlags51b;Agere Wireless USB Driver;C:\WINDOWS\system32\DRIVERS\wlags51b.sys
Contents of the 'Scheduled Tasks' folder
2006-12-08 07:37:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-30 22:05:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-30 22:06:18 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 2007-08-30 22:06
— E O F —
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:29, on 30-8-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Wireless\Client Manager\CMags.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless Client Manager.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.computercornerschijndel.nl
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165072177921
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
–
End of file - 7384 bytes - Dat ziet er weer goed uit!
Hoe is het met je problemen? 8) - ja, het gaat om de pc van mn collega. Hij heeft hem vanaf donderdag weer gewoon thuis in gebruik. En alles lijkt gefixt te zijn. Alleen de datum vd pc was een dag vooruit gezet. Deze kan ie gewoon terugzetten op goeie datum/tijd?
Verder is dus alles in orde, dank hiervoor - Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.
Je datum en tijd kan je weer goed zetten, handmatig.
Pim 8)
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
