Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Windows Security Center <- Spyware (log toegevoegd)

smeenk
17 antwoorden
  • Ik weet niet wat mijn zusje heeft gedaan, maar die arme meid heeft last van redelijk wat virussen/spyware. Bijvoorbeeld een scam van Windows Security Center (hebben ze redelijk netjes nagemaakt though) Norton komt constant met meldingen. Wie kan deze hijackthis log even bekijken en tips geven?



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:08, on 2008-04-08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    E:\Norton Internet Security 2005\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    E:\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Documents and Settings\Laura R\ie_updates3r.exe
    E:\Norton Internet Security 2005\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcLog.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcIp.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    E:\Java\bin\jusched.exe
    E:\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\LocalService\cftmon.exe
    C:\WINDOWS\system32\wind32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    E:\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\Mozilla Firefox\firefox.exe
    E:\Hijackthis\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat Reader 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Norton Internet Security 2005\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {F2F2A4CB-DAAD-4D0C-BDFC-E945647202C2} - c:\autoex.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Norton Internet Security 2005\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Java\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
    O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
    O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Laura R\cftmon.exe
    O4 - HKLM\..\Run: [advap32] "yrjz486.exe"

    O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\wind32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
    O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Laura R\cftmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Acrobat Reader 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = E:\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documenten\Settings\partnership.dll
    O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: Google Online Services - Unknown owner - C:\Documents and Settings\Laura R\ie_updates3r.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - E:\Norton Internet Security 2005\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Norton Internet Security 2005\Norton AntiVirus
    avapsvc.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - E:\Norton Internet Security 2005\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    End of file - 10822 bytes








  • Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
    [b:b5d1ffe5fe]O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing)
    O2 - BHO: (no name) - {F2F2A4CB-DAAD-4D0C-BDFC-E945647202C2} - c:\autoex.dll
    O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
    O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
    O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Laura R\cftmon.exe
    O4 - HKLM\..\Run: [advap32] "yrjz486.exe"

    O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\wind32.exe
    O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
    O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Laura R\cftmon.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documenten\Settings\partnership.dll
    O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing)[/b:b5d1ffe5fe]
    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    Download: [list:b5d1ffe5fe][*:b5d1ffe5fe]Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    [*:b5d1ffe5fe]Start de computer in .
    [*:b5d1ffe5fe]Open nu de map [b:b5d1ffe5fe]RVAXO[/b:b5d1ffe5fe] op je bureaublad en dubbeklik [b:b5d1ffe5fe]RunMe[/b:b5d1ffe5fe].cmd
    Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    [*:b5d1ffe5fe][b:b5d1ffe5fe]Mogelijk[/b:b5d1ffe5fe] start er ook een uninstaller van een rogue scanner op, [b:b5d1ffe5fe]sluit deze niet af[/b:b5d1ffe5fe] maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.

    [*:b5d1ffe5fe]Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
    Laat deze lopen en wacht tot er een logfile opent: C:\[b:b5d1ffe5fe]RVAXO-results.log[/b:b5d1ffe5fe]
    [*:b5d1ffe5fe]Herstart je computer niet vanzelf, of start de tool niet na de reboot, [b:b5d1ffe5fe]doe dit dan handmatig[/b:b5d1ffe5fe].
    [*:b5d1ffe5fe]Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van Hijackthis :)[/list:u:b5d1ffe5fe]
  • Bedankt voor je reactie, hij is al een stuk schoner, maar nog niet helemaal clean :) Hier de log files:

    —RVAXO.exe Updated: [b:94e0beb0af]2008-04-10[/b:94e0beb0af]—first run—
    [b:94e0beb0af]Uninstallers:[/b:94e0beb0af]

    [b:94e0beb0af]Files found:[/b:94e0beb0af]
    C:\WINDOWS\system32\Kf94k4g.dll
    C:\WINDOWS\system32\Hfk97g.dll
    C:\WINDOWS\system32\Hfk97g.dll
    C:\WINDOWS\system32\dllgh8jkd1q8.exe
    C:\WINDOWS\system32\wind32.exe
    C:\WINDOWS\system32\iSecurity.cpl
    C:\Documents and Settings\Laura R\ie_updates3r.exe
    C:\Documents and Settings\All Users\Documenten\Settings\partnership.dll

    [b:94e0beb0af]Folders Found:[/b:94e0beb0af]

    Hosts-file was reset, If you use a custom hosts file please replace it…

    ————–RVAXO.exe last run—————
    [b:94e0beb0af]Not deleted items:[/b:94e0beb0af]

    ————–RVAXO.exe finished—————-




    ———————————————————————-


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:00, on 2008-04-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    E:\Norton Internet Security 2005\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    E:\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\WINDOWS\systime
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcLog.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcIp.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    E:\Java\bin\jusched.exe
    E:\iTunes\iTunesHelper.exe
    C:\Program Files\cjb\cjb8.exe
    C:\WINDOWS\TEMP\winlogan.exe
    C:\WINDOWS\TEMP\load2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    E:\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    E:\Norton Internet Security 2005\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat Reader 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {B5AC49A2-94F2-42BD-F434-2604812C897D} - (no file)
    O2 - BHO: (no name) - {B5AF0562-94F3-42BD-F434-2604812C797D} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Norton Internet Security 2005\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Norton Internet Security 2005\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Java\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb8.exe
    O4 - HKLM\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlogan.exe
    O4 - HKLM\..\Run: [advap32] "C:\WINDOWS\TEMP\load2.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlogan.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Acrobat Reader 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = E:\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: Google Online Services - Unknown owner - C:\Documents and Settings\Laura R\ie_updates3r.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - E:\Norton Internet Security 2005\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MSSysInterv - Unknown owner - C:\WINDOWS\systime.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Norton Internet Security 2005\Norton AntiVirus
    avapsvc.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - E:\Norton Internet Security 2005\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    End of file - 9949 bytes









  • Download dit bestand: zoek.exe
    Dubbelklik het, na een tijdje opent er een logje.
    Post de inhoud van dit logje in je volgende bericht ;)
  • ======C:\WINDOWS====
    —-a-w 0 2008-04-11 15:42:24 C:\WINDOWS\0.log
    –s-a-w 2,048 2008-04-11 15:41:59 C:\WINDOWS\bootstat.dat
    —-a-w 1,388 2008-04-10 16:02:15 C:\WINDOWS\IE4 Error Log.txt
    –sh–r 0 2008-04-11 13:53:34 C:\WINDOWS\ky.sxc
    —-a-w 0 2008-04-07 15:29:05 C:\WINDOWS
    sreg.dat
    —-a-w 1,409 2008-03-26 13:50:22 C:\WINDOWS\QTFont.for
    —ha-w 54,156 2008-04-11 15:42:16 C:\WINDOWS\QTFont.qfn
    —-a-w 11,664 2008-04-07 18:35:12 C:\WINDOWS\setupapi.log
    —-a-w 0 2008-04-07 18:11:32 C:\WINDOWS\Sti_Trace.log
    —-a-w 227 2008-04-11 13:58:29 C:\WINDOWS\system.ini
    —-a-w 159 2008-04-11 15:42:22 C:\WINDOWS\wiadebug.log
    —-a-w 49 2008-04-11 15:42:20 C:\WINDOWS\wiaservc.log
    —-a-w 599 2008-04-11 13:58:29 C:\WINDOWS\win.ini
    —-a-w 32,401 2008-04-11 15:42:27 C:\WINDOWS\WindowsUpdate.log

    Entries: 14 (11)
    Directories: 0 Files: 14
    Bytes: 104,100 Blocks: 208
    ======C:\WINDOWS\system32=====
    —-a-w 0 2008-04-11 15:42:30 C:\WINDOWS\System32
    mp.log
    —-a-w 40,836 2008-03-30 11:33:29 C:\WINDOWS\System32\perfc009.dat
    —-a-w 54,464 2008-03-30 11:33:29 C:\WINDOWS\System32\perfc013.dat
    —-a-w 314,508 2008-03-30 11:33:29 C:\WINDOWS\System32\perfh009.dat
    —-a-w 367,286 2008-03-30 11:33:29 C:\WINDOWS\System32\perfh013.dat
    —-a-w 784,704 2008-03-30 11:33:29 C:\WINDOWS\System32\PerfStringBackup.INI
    —-a-w 787,789 2008-04-10 15:56:44 C:\WINDOWS\System32\RVAXO.bat
    —-a-w 52 2008-04-11 13:48:58 C:\WINDOWS\System32\svchost.t__
    —-a-w 2,206 2008-04-08 15:02:41 C:\WINDOWS\System32\wpa.dbl
    —-a-w 7,680 2008-04-07 14:39:04 C:\WINDOWS\System32\yrjz463.exe
    —-a-w 14,336 2008-04-07 14:38:34 C:\WINDOWS\System32\yrjz472.exe
    —-a-w 96,360 2008-04-07 17:08:12 C:\WINDOWS\System32\yrjz487.exe
    —-a-w 4,380 2008-04-07 17:08:34 C:\WINDOWS\System32\yrjz491.exe
    —-a-w 233,984 2008-04-07 14:38:23 C:\WINDOWS\System32\yrjz497.exe
    —-a-w 16,336 2008-04-07 14:39:40 C:\WINDOWS\System32\yrjz498.exe
    —-a-w 7,168 2008-04-07 14:39:27 C:\WINDOWS\System32\yrjz501.exe
    —-a-w 32,231 2008-04-11 13:48:53 C:\WINDOWS\System32\yrjz507.exe
    —-a-w 1 2008-04-11 13:48:59 C:\WINDOWS\System32\zzxbkb.tmp

    Entries: 18 (18)
    Directories: 0 Files: 18
    Bytes: 2,764,321 Blocks: 5,406
    ======C:\WINDOWS\system32\drivers=====
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    =======C:\Program Files=====
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    =======C:=====
    —-a-w 65,536 2008-03-27 15:01:18 C:\asusdisp.log
    –sha-r 211 2008-04-11 13:58:29 C:\boot.ini
    —-a-w 545 2008-04-11 13:56:39 C:\firstrun5.log
    –sha-w 1,610,612,736 2008-04-11 15:41:54 C:\pagefile.sys
    —-a-w 680 2008-04-11 13:59:21 C:\RVAXO-results.log
    —-a-w 4,328 2008-04-11 13:59:43 C:\RVAXO-Vfind.log

    Entries: 6 (4)
    Directories: 0 Files: 6
    Bytes: 1,610,684,036 Blocks: 3,145,870
    ======C:\Documents and Settings\Laura R\Application Data======
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    ======C:\Temp======
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    ======C:\Documents and Settings\Laura R======
    —-a-w 3,272,704 2008-04-11 14:05:09 C:\Documents and Settings\Laura R
    tuser.dat
    —ha-w 61,440 2008-04-11 15:43:17 C:\Documents and Settings\Laura R
    tuser.dat.LOG
    –sh–w 288 2008-04-11 14:05:09 C:\Documents and Settings\Laura R
    tuser.ini

    Entries: 3 (1)
    Directories: 0 Files: 3
    Bytes: 3,334,432 Blocks: 6,513
    ======C:\WINDOWS\Downloaded Program Files====
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    =============




  • Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    [b:bda9abf15d]@ECHO OFF
    sc delete "Google Online Services"
    sc delete MSSysInterv
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    FOR %%g in (
    C:\WINDOWS\ky.sxc
    C:\WINDOWS\systime
    C:\WINDOWS\systime.exe
    C:\Program Files\cjb\cjb8.exe
    C:\WINDOWS\system32\drivers\spools.exe
    "C:\Documents and Settings\Laura R\cftmon.exe"
    C:\WINDOWS\TEMP\winlogan.exe
    C:\WINDOWS\TEMP\load2.exe
    C:\WINDOWS\System32\svchost.t__
    C:\WINDOWS\System32\yrjz463.exe
    C:\WINDOWS\System32\yrjz472.exe
    C:\WINDOWS\System32\yrjz487.exe
    C:\WINDOWS\System32\yrjz491.exe
    C:\WINDOWS\System32\yrjz497.exe
    C:\WINDOWS\System32\yrjz498.exe
    C:\WINDOWS\System32\yrjz501.exe
    C:\WINDOWS\System32\yrjz507.exe
    C:\WINDOWS\System32\zzxbkb.tmp) DO (
    DEL /Q %%gHJTNL
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    REN %%g *HJTNL
    IF EXIST %%gHJTNL (
    ECHO renamed to %%gHJTNL>>log.txt)
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    rd /s /q "C:\Program Files\cjb"
    START NOTEPAD.EXE log.txt
    [/b:bda9abf15d]
    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.

    Dubbelklik op del.bat en post de inhoud van de logfile die opent.
  • Oké gedaan:

    Deleting files
    C:\WINDOWS\ky.sxc deleted
    C:\WINDOWS\systime not found
    C:\WINDOWS\systime.exe not found
    C:\Program not found
    Files\cjb\cjb8.exe not found
    C:\WINDOWS\system32\drivers\spools.exe not found
    "C:\Documents and Settings\Laura R\cftmon.exe" not found
    renamed to C:\WINDOWS\TEMP\winlogan.exeHJTNL
    C:\WINDOWS\TEMP\winlogan.exe deleted
    renamed to C:\WINDOWS\TEMP\load2.exeHJTNL
    C:\WINDOWS\TEMP\load2.exe deleted
    C:\WINDOWS\System32\svchost.t__ deleted
    C:\WINDOWS\System32\yrjz463.exe deleted
    C:\WINDOWS\System32\yrjz472.exe deleted
    C:\WINDOWS\System32\yrjz487.exe deleted
    C:\WINDOWS\System32\yrjz491.exe deleted
    C:\WINDOWS\System32\yrjz497.exe deleted
    C:\WINDOWS\System32\yrjz498.exe deleted
    C:\WINDOWS\System32\yrjz501.exe deleted
    C:\WINDOWS\System32\yrjz507.exe deleted
    C:\WINDOWS\System32\zzxbkb.tmp deleted
  • Herstart je computer.

    Dubbelklik na de herstart nog een keer op del.bat

    Download naar je [b:dca411fe44]Bureaublad[/b:dca411fe44].[list:dca411fe44]
    [*:dca411fe44][b:dca411fe44]Sluit[/b:dca411fe44] alle toepassingen en vensters.
    [*:dca411fe44][b:dca411fe44]Dubbelklik[/b:dca411fe44] op [b:dca411fe44]dss.exe[/b:dca411fe44] om het te activeren, en volg de aanwijzingen.
    [*:dca411fe44]Wanneer de scan volledig is, zal een tekstbestand - [b:dca411fe44]main.txt[/b:dca411fe44] - openen.
    [*:dca411fe44]Kopieer [b:dca411fe44](Ctrl+A gevolgd door Ctrl+C)[/b:dca411fe44] en plak [b:dca411fe44](Ctrl+V)[/b:dca411fe44] de inhoud van [b:dca411fe44]main.txt[/b:dca411fe44] in je volgende antwoord evenals extra.txt.[/list:u:dca411fe44]
  • Voila:

    Deckard's System Scanner v20071014.68
    Run by Laura R on 2008-04-11 19:10:26
    Computer is in Normal Mode.
    ——————————————————————————–

    – System Restore ————————————————————–

    Successfully created a Deckard's System Scanner Restore Point.


    – Last 5 Restore Point(s) –
    25: 2008-04-11 17:10:29 UTC - RP88 - Deckard's System Scanner Restore Point
    24: 2008-04-08 15:01:41 UTC - RP87 - Herstelbewerking
    23: 2008-04-07 18:34:39 UTC - RP86 - Installed ESET Smart Security
    22: 2008-04-07 17:10:07 UTC - RP85 - ComboFix created restore point
    21: 2008-04-07 17:09:58 UTC - RP84 - 7-4


    – First Restore Point –
    1: 2008-01-28 10:17:25 UTC - RP64 - Installed Windows Media Player 10


    Backed up registry hives.
    Performed disk cleanup.



    – HijackThis (run as Laura R.exe) ———————————————

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:10, on 2008-04-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    E:\Norton Internet Security 2005\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    E:\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    E:\Java\bin\jusched.exe
    C:\WINDOWS\system32\spoolsv.exe
    E:\iTunes\iTunesHelper.exe
    C:\Program Files\cjb\cjb8.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    E:\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    E:\Norton Internet Security 2005\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcLog.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcIp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Laura R\Bureaublad\dss.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\HIJACK~1\Laura R.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat Reader 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {B5AC49A2-94F2-42BD-F434-2604812C897D} - (no file)
    O2 - BHO: (no name) - {B5AF0562-94F3-42BD-F434-2604812C797D} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Norton Internet Security 2005\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Norton Internet Security 2005\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Java\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb8.exe
    O4 - HKLM\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlogan.exe
    O4 - HKLM\..\Run: [advap32] "C:\WINDOWS\TEMP\load2.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlogan.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Acrobat Reader 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = E:\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - E:\Norton Internet Security 2005\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Norton Internet Security 2005\Norton AntiVirus
    avapsvc.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - E:\Norton Internet Security 2005\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    End of file - 9681 bytes

    – HijackThis Fixed Entries (E:\HIJACK~1\backups\) —————————–

    backup-20080411-155255-189 O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
    backup-20080411-155255-399 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    backup-20080411-155255-409 O2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing)
    backup-20080411-155255-492 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    backup-20080411-155255-584 O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\wind32.exe
    backup-20080411-155256-173 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    backup-20080411-155256-191 O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documenten\Settings\partnership.dll
    backup-20080411-155256-744 O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing)

    – File Associations ———————————————————–

    All associations okay.


    – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ———————

    R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
    R2 ACEDRV06 - c:\windows\system32\drivers\acedrv06.sys <Not Verified; Protect Software GmbH; >
    R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
    R3 snpstd (Trust 120 SpaceCam) - c:\windows\system32\drivers\snpstd.sys <Not Verified; ; PC Camera driver>

    S3 catchme - c:\docume~1\laurar~1\locals~1\temp\catchme.sys (file missing)


    – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ——————–

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
    R2 Bonjour Service (Bonjour-service) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
    R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files
    vidia corporation
    etworkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>


    – Device Manager: Disabled —————————————————-

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: USB-controller
    Device ID: PCI\VEN_10DE&DEV_03F2&SUBSYS_82341043&REV_A2\3&267A616A&0&11
    Manufacturer:
    Name: USB-controller
    PNP Device ID: PCI\VEN_10DE&DEV_03F2&SUBSYS_82341043&REV_A2\3&267A616A&0&11
    Service:


    – Scheduled Tasks ————————————————————-

    2008-02-01 21:00:20 534 –a—— C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Laura R.job


    – Files created between 2008-03-11 and 2008-04-11 —————————–

    2008-04-11 17:48:20 1212 –a—— C:\WINDOWS\mozver.dat
    2008-04-11 17:46:59 0 dr-h—– C:\Documents and Settings\Laura R\Onlangs geopend
    2008-04-11 15:59:13 0 d——– C:\RVAXO
    2008-04-11 15:55:30 787789 –a—— C:\WINDOWS\system32\RVAXO.bat
    2008-04-11 15:55:30 69632 –a—— C:\WINDOWS\system32\remove.exe
    2008-04-10 16:38:57 0 d——– C:\Program Files\cjb
    2008-04-08 17:01:48 0 d——– C:\Documents and Settings\All Users\Application Data\PlayFirst
    2008-04-07 20:34:41 0 d——– C:\Documents and Settings\All Users\Application Data\ESET
    2008-04-07 20:04:12 0 d——– C:\RECYCLER(2)
    2008-04-07 19:43:39 0 d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-07 19:39:31 0 dr——- C:\Documents and Settings\LocalService\Favorieten
    2008-04-07 19:23:33 0 d——– C:\ComboFix(2)
    2008-04-07 19:10:06 233472 –a—— C:\Documents and Settings\LocalService
    tuser.dat
    2008-04-07 19:10:06 3272704 –a—— C:\Documents and Settings\Laura R
    tuser.dat
    2008-04-07 19:09:41 68096 –a—— C:\WINDOWS\zip.exe
    2008-04-07 19:09:41 49152 –a—— C:\WINDOWS\VFind.exe
    2008-04-07 19:09:41 212480 –a—— C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
    2008-04-07 19:09:41 136704 –a—— C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
    2008-04-07 19:09:41 161792 –a—— C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
    2008-04-07 19:09:41 98816 –a—— C:\WINDOWS\sed.exe
    2008-04-07 19:09:41 80412 –a—— C:\WINDOWS\grep.exe
    2008-04-07 19:09:41 73728 –a—— C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-04-07 17:31:29 0 d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-07 17:30:44 0 d——– C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-07 17:29:05 0 –a—— C:\WINDOWS
    sreg.dat
    2008-04-07 17:29:01 0 d——– C:\Documents and Settings\Laura R\Application Data\Mozilla
    2008-04-07 16:39:05 0 d——– C:\Program Files\iSecurity
    2008-03-26 15:48:22 0 d——– C:\Documents and Settings\Laura R\Application Data\Apple Computer
    2008-03-26 15:48:14 0 d——– C:\Program Files\iPod
    2008-03-26 15:47:34 0 d——– C:\Program Files\Bonjour
    2008-03-26 15:46:00 0 d——– C:\Program Files\Apple Software Update
    2008-03-26 15:45:36 0 d——– C:\Program Files\Common Files\Apple
    2008-03-26 15:45:32 0 d——– C:\Documents and Settings\All Users\Application Data\Apple


    – Find3M Report —————————————————————

    2008-04-11 19:10:48 0 d——– C:\Program Files\Common Files\Symantec Shared
    2008-04-11 19:09:31 0 d——– C:\Program Files\Common Files
    2008-03-30 13:33:29 367286 –a—— C:\WINDOWS\system32\perfh013.dat
    2008-03-30 13:33:29 54464 –a—— C:\WINDOWS\system32\perfc013.dat
    2008-03-24 20:18:11 0 d——– C:\Documents and Settings\Laura R\Application Data\LimeWire


    – Registry Dump —————————————————————

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5AC49A2-94F2-42BD-F434-2604812C897D}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5AF0562-94F3-42BD-F434-2604812C797D}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 C:\WINDOWS\system32
    wiz.exe]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 00:00]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-07-26 09:54]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-08 17:03]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-05-03 16:06]
    "snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 16:39]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41]
    "SunJavaUpdateSched"="E:\Java\bin\jusched.exe" [2007-09-25 02:11]
    "QuickTime Task"="E:\QuickTime\qttask.exe" [2008-02-01 00:13]
    "iTunesHelper"="E:\iTunes\iTunesHelper.exe" [2008-02-19 14:10]
    "cjb"="C:\Program Files\cjb\cjb8.exe" [2008-04-10 16:38]
    "Hhjg5jfd93dftdf"="C:\WINDOWS\TEMP\winlogan.exe" []
    "advap32"="C:\WINDOWS\TEMP\load2.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "Hhjg5jfd93dftdf"="C:\WINDOWS\TEMP\winlogan.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Hhjg5jfd93dftdf"=C:\WINDOWS\TEMP\winlogan.exe

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Speed Launch.lnk - E:\Acrobat Reader 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
    Logitech SetPoint.lnk - E:\Logitech\SetPoint\SetPoint.exe [2007-04-27 10:02:02]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSplayer_WhenUSave_Installer]
    C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background




    – End of Deckard's System Scanner: finished at 2008-04-11 19:11:41 ————







    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    ——————————————————————————–

    – System Information ———————————————————-

    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: Dutch

    CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 3800+
    CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 3800+
    Percentage of Memory in Use: 40%
    Physical Memory (total/avail): 1023.29 MiB / 610.13 MiB
    Pagefile Memory (total/avail): 2461.29 MiB / 2079.99 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1943.96 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 9.82 GiB total, 3.89 GiB free.
    D: is CDROM (No Media)
    E: is Fixed (NTFS) - 29.31 GiB total, 26.84 GiB free.
    F: is Fixed (NTFS) - 88.87 GiB total, 66.72 GiB free.
    G: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - Hitachi HDS721616PLA380 - 153.38 GiB - 3 partitions
    \PARTITION0 (bootable) - Installable File System - 9.82 GiB - C:
    \PARTITION1 - Extended w/Extended Int 13 - 118.18 GiB - E: - F:



    – Security Center ————————————————————-

    AUOptions is disabled.
    Windows Internal Firewall is disabled.

    AntiVirusDisableNotify is set.
    FirewallDisableNotify is set.

    FW: ActiveArmor Firewall v1.0 (NVIDIA Corporation)














  • Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    [b:d2eaf1d368]@ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    FOR %%g in (
    "C:\Program Files\iSecurity"
    "C:\Program Files\cjb";) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    RD /S /Q %%g
    ATTRIB -r -s -h %%g\*.*
    REN %%g\*.* *.HJTNL
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    START NOTEPAD.EXE log.txt
    [/b:d2eaf1d368]
    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.

    Dubbelklik op del.bat en post de inhoud van de logfile die opent.
  • Deleting files
    "C:\Program Files\iSecurity" deleted
    "C:\Program Files\cjb" not deleted

    Voila :D
  • Start Hijackthis en vink alleen de volgende regels aan:
    [b:fe263fcb90]O2 - BHO: (no name) - {B5AC49A2-94F2-42BD-F434-2604812C897D} - (no file)
    O2 - BHO: (no name) - {B5AF0562-94F3-42BD-F434-2604812C797D} - (no file)
    O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb8.exe
    O4 - HKLM\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlogan.exe
    O4 - HKLM\..\Run: [advap32] "C:\WINDOWS\TEMP\load2.exe"

    O4 - HKCU\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlogan.exe [/b:fe263fcb90]
    Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

    Herstart de computer.

    Post na de herstart een nieuw logje van Hijackthis :)

    Dubbelklik nog een keer op de laatste del.bat en post dat logje ook.
  • Deleting files
    "C:\Program Files\iSecurity" not found
    "C:\Program Files\cjb" deleted





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:53, on 2008-04-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    E:\Norton Internet Security 2005\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    E:\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    E:\Java\bin\jusched.exe
    C:\WINDOWS\system32\spoolsv.exe
    E:\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    E:\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    E:\Norton Internet Security 2005\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcLog.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcIp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32
    otepad.exe
    E:\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat Reader 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Norton Internet Security 2005\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Norton Internet Security 2005\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Java\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb8.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Acrobat Reader 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = E:\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - E:\Norton Internet Security 2005\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Norton Internet Security 2005\Norton AntiVirus
    avapsvc.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
    SvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - E:\Norton Internet Security 2005\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    End of file - 9260 bytes


    Al een beetje schoon? :P








  • Deze staat er nog:
    [b:c4308ea1c8]O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb8.exe[/b:c4308ea1c8]

    Die kan je met Hijackthis nog verwijderen ;)

    Download ATF cleaner (mirror)(gemaakt door Atribune)

    [b:c4308ea1c8]Belangrijk:[/b:c4308ea1c8] Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:c4308ea1c8]Select All[/b:c4308ea1c8].
    Klik op de knop [b:c4308ea1c8]Empty Selected[/b:c4308ea1c8].

    Het volgende doen als je ook FireFox als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:c4308ea1c8]Select All[/b:c4308ea1c8].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
    Klik op de knop [b:c4308ea1c8]Empty Selected[/b:c4308ea1c8].

    Het volgende doen als je ook Opera als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:c4308ea1c8]Select All[/b:c4308ea1c8].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:c4308ea1c8]Empty Selected[/b:c4308ea1c8].
    Ga naar het tabblad "Main" en klik op de knop [b:c4308ea1c8]Exit[/b:c4308ea1c8] om het programma af te sluiten.

    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
    Kijk hier hoe je je systeemherstel moet uitschakelen.
    Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

    Vertel dan maar of je nog problemen ondervindt :)

    P.S. ik ga een paar uurtjes offline, ik kijk later vanavond nog wel even naar je topic ;)
  • O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb8.exe
    heb ik verwijderd, na een nieuwe scan staat deze er ook niet meer tussen.

    Met ATF cleaner kan ik alleen niet naar het tabblad "Firefox", deze is grijs/ingedrukt.
    Uit- aanzetten van systeemherstel heb ik ook gedaan. Verder heb ik (naja mijn zusje ;)) helemaal geen problemen meer :D
  • Dat is goed nieuws :D
  • Haha inderdaad :D Nu kan ik eindelijk (veilig) Norton eraf gooien en ESET Smart Security installeren. Super bedankt voor de hulp!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.