Mededeling

Collapse
No announcement yet.

CiD Probleem!

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    CiD Probleem!

    Hallo Allen!

    Via, via op deze site terecht gekomen, ik hoop dat jullie mij kunnen helpen met mijn CID probleem.

    Ik heb dus last van CiD popups wanneer ik werk in inet explorer 7.
    Inmiddels de benodige spyware prog. laten scannen en tot dusver geen resultaat. Nu ik op dit forum verschillende posts heb gelezen begrijp ik waarom.

    Ik heb 2 logjes gemaakt, ik hoop dat jullie hiernaar kunnen kijken!

    Hijack This Log
    --
    Logfile of HijackThis v1.99.1
    Scan saved at 15:02:55, on 5-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\system32\dlcfcoms.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\DeltTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
    C:\Program Files\Novation\USB Audio Driver\nvnusbaudiolog.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Sjefke\LOCALS~1\Temp\Rar$EX00.688\HijackThis.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Sjefke\LOCALS~1\Temp\Rar$EX00.485\deljob.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alcatel.com/consumer/dsl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NvnUsbAudioLogger] "C:\Program Files\Novation\USB Audio Driver\nvnusbaudiolog.exe"
    O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,[email protected]
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [MATH DOES FIRST MODE] C:\Documents and Settings\All Users\Application Data\live 64 math does\this log.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microsoft Works Agenda-herinneringen.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116w.bay116.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161717139562
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.famipix.com/ImageUploader3.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Music Manager) - http://img.od2.com/installation/pluginname/music%20manager/MusicManagerPlugin.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F48E481E-9266-480A-8909-2F4CEC0890E3}: NameServer = 195.121.1.34 195.121.1.66
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe


    Deljob Log

    11-08-2007 13:42 <DIR> .
    11-08-2007 13:42 <DIR> ..
    04-08-2007 14:15 <DIR> Ableton
    15-01-2007 18:12 <DIR> Adobe
    16-01-2007 13:54 <DIR> AdobeUM
    24-10-2006 21:21 <DIR> BITTOR~1 BitTorrent
    04-06-2007 12:51 <DIR> Corel
    22-11-2006 14:20 <DIR> Google
    11-11-2006 15:53 <DIR> Help
    24-10-2006 17:34 <DIR> IDENTI~1 Identities
    04-06-2007 13:23 <DIR> JASCSO~1 Jasc Software Inc
    30-10-2007 15:18 <DIR> Lavasoft
    31-05-2007 10:43 <DIR> MACROM~1 Macromedia
    16-01-2007 20:27 <DIR> MCMPEG~1 MCMPEGEnc
    06-10-2007 20:57 <DIR> MICROS~1 Microsoft
    24-10-2006 19:31 <DIR> MICROS~2 Microsoft Web Folders
    30-01-2007 17:27 <DIR> Mozilla
    01-11-2006 15:02 <DIR> PROPEL~1 Propellerhead Software
    12-12-2006 18:36 <DIR> Real
    04-06-2007 12:55 <DIR> SECOND~1 SecondLife
    11-08-2007 13:42 <DIR> SecuROM
    20-03-2007 14:40 <DIR> Skype
    01-11-2006 15:43 <DIR> STEINB~1 Steinberg
    24-10-2006 18:44 <DIR> Sun
    02-11-2007 21:09 <DIR> Symantec
    17-03-2007 14:45 <DIR> Teleca
    31-10-2006 16:25 <DIR> vlc
    19-09-2007 17:17 <DIR> Winamp
    0 bestand(en) 0 bytes
    28 map(pen) 55.937.003.520 bytes beschikbaar
    Het volume in station C heeft geen naam.
    Het volumenummer is 0446-B421

    Map van C:\Documents and Settings\All Users\Application Data

    04-01-2008 19:39 <DIR> .
    04-01-2008 19:39 <DIR> ..
    15-11-2006 12:02 <DIR> Ableton
    15-01-2007 18:16 <DIR> Adobe
    04-06-2007 12:47 <DIR> Corel
    04-06-2007 12:58 <DIR> Google
    04-06-2007 13:24 <DIR> INSTAL~1 InstallShield
    05-10-2007 16:31 <DIR> iolo
    04-01-2008 19:39 <DIR> Lavasoft
    03-01-2008 22:06 <DIR> LIVE64~1 live 64 math does
    05-10-2007 16:32 <DIR> MAILFR~1 MailFrontier
    30-10-2007 15:18 <DIR> MICROS~1 Microsoft
    30-10-2006 11:30 <DIR> PROPEL~1 Propellerhead Software
    25-10-2006 13:38 <DIR> QUICKT~1 QuickTime
    16-01-2007 21:31 <DIR> Skype
    17-03-2007 14:14 <DIR> SONYER~1 Sony Ericsson
    05-01-2008 15:00 <DIR> Symantec
    17-03-2007 14:14 <DIR> Teleca
    24-10-2006 20:54 <DIR> WINDOW~1 Windows Genuine Advantage
    0 bestand(en) 0 bytes
    19 map(pen) 55.937.003.520 bytes beschikbaar
    Het volume in station C heeft geen naam.
    Het volumenummer is 0446-B421

    Map van C:\WINDOWS

    -------------------

    Alvast bedankt!
    Labels: Geen
    • Citaat
  • #2
    Gebruik je nog software van Symantec?

    1. Je gebruikt een veroudere versie van Hijackthis, download de nieuwste versie en werk
    vanaf nu daarmee: http://www.nucia.eu/forum/showthread.php?t=28820

    2. Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [MATH DOES FIRST MODE] C:\Documents and Settings\All Users\Application Data\live 64 math does\this log.exe
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Music Manager) - http://img.od2.com/installation/plug...agerPlugin.CAB


    Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

    3. Download dit programma: GV Killer.exe

    Dubbelklik het, er zal een text-bestand openen. (input.txt)
    Verwijder de text die in dat bestand staat en plaats de volgende vetgedrukte regels er weer in:

    C:\Documents and Settings\All Users\Application Data\live 64 math does

    Sluit het textbestand en laat de wijzigingen opslaan
    Klik nu op de knop "Kill on reboot" en laat de PC herstarten.
    Na de herstart zal GV_Killer.exe opnieuw gestart worden, geef toestemming om de mappen te verwijderen.
    Als dat gelukt is mag je GV_Killer afsluiten.

    Post daarna een nieuw logje van Hijackthis.
    Groet,
    Pimmerd
    • Citaat

    Comment

    • #3
      Dankjewel voor je reactie pim!

      GV_killer gaf uiteindelijk geen optie tot het verwijderen van mappen.
      Hier is het nieuwe logje.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:34:41, on 13-1-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\dlcfcoms.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\stsystra.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
      C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\WINDOWS\system32\DeltTray.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
      C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
      C:\Program Files\Novation\USB Audio Driver\nvnusbaudiolog.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Documents and Settings\Sjefke\Local Settings\Temporary Internet Files\Content.IE5\ZYDBLPPL\HiJackThis[1].exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alcatel.com/consumer/dsl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
      O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
      O4 - HKLM\..\Run: [NvnUsbAudioLogger] "C:\Program Files\Novation\USB Audio Driver\nvnusbaudiolog.exe"
      O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,[email protected]
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
      O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: Microsoft Works Agenda-herinneringen.lnk = ?
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116w.bay116.mail.live.com/mail/resources/MsnPUpld.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161717139562
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.famipix.com/ImageUploader3.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{F48E481E-9266-480A-8909-2F4CEC0890E3}: NameServer = 195.121.1.34 195.121.1.66
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
      O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
      O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

      --
      End of file - 10511 bytes
      • Citaat

      Comment

      • #4
        Ik zie geen sporen meer van de infectie in je logje

        Post voor de zekerheid even een nieuw deljob logje, aangezien je aangeeft dat de stap met GVkiller niet helemaal is goed gegaan.
        Groet,
        Pimmerd
        • Citaat

        Comment

        • #5
          Hier 't deljob logje.

          11-08-2007 13:42 <DIR> .
          11-08-2007 13:42 <DIR> ..
          04-08-2007 14:15 <DIR> Ableton
          15-01-2007 18:12 <DIR> Adobe
          16-01-2007 13:54 <DIR> AdobeUM
          24-10-2006 21:21 <DIR> BITTOR~1 BitTorrent
          04-06-2007 12:51 <DIR> Corel
          22-11-2006 14:20 <DIR> Google
          11-11-2006 15:53 <DIR> Help
          24-10-2006 17:34 <DIR> IDENTI~1 Identities
          04-06-2007 13:23 <DIR> JASCSO~1 Jasc Software Inc
          30-10-2007 15:18 <DIR> Lavasoft
          31-05-2007 10:43 <DIR> MACROM~1 Macromedia
          16-01-2007 20:27 <DIR> MCMPEG~1 MCMPEGEnc
          06-10-2007 20:57 <DIR> MICROS~1 Microsoft
          24-10-2006 19:31 <DIR> MICROS~2 Microsoft Web Folders
          30-01-2007 17:27 <DIR> Mozilla
          01-11-2006 15:02 <DIR> PROPEL~1 Propellerhead Software
          12-12-2006 18:36 <DIR> Real
          04-06-2007 12:55 <DIR> SECOND~1 SecondLife
          11-08-2007 13:42 <DIR> SecuROM
          20-03-2007 14:40 <DIR> Skype
          01-11-2006 15:43 <DIR> STEINB~1 Steinberg
          24-10-2006 18:44 <DIR> Sun
          02-11-2007 21:09 <DIR> Symantec
          17-03-2007 14:45 <DIR> Teleca
          31-10-2006 16:25 <DIR> vlc
          19-09-2007 17:17 <DIR> Winamp
          0 bestand(en) 0 bytes
          28 map(pen) 50.352.214.016 bytes beschikbaar
          Het volume in station C heeft geen naam.
          Het volumenummer is 0446-B421

          Map van C:\Documents and Settings\All Users\Application Data

          13-01-2008 15:30 <DIR> .
          13-01-2008 15:30 <DIR> ..
          15-11-2006 12:02 <DIR> Ableton
          15-01-2007 18:16 <DIR> Adobe
          04-06-2007 12:47 <DIR> Corel
          04-06-2007 12:58 <DIR> Google
          04-06-2007 13:24 <DIR> INSTAL~1 InstallShield
          05-10-2007 16:31 <DIR> iolo
          04-01-2008 19:39 <DIR> Lavasoft
          05-10-2007 16:32 <DIR> MAILFR~1 MailFrontier
          30-10-2007 15:18 <DIR> MICROS~1 Microsoft
          30-10-2006 11:30 <DIR> PROPEL~1 Propellerhead Software
          25-10-2006 13:38 <DIR> QUICKT~1 QuickTime
          16-01-2007 21:31 <DIR> Skype
          17-03-2007 14:14 <DIR> SONYER~1 Sony Ericsson
          05-01-2008 17:01 <DIR> SPYBOT~1 Spybot - Search & Destroy
          13-01-2008 16:14 <DIR> Symantec
          17-03-2007 14:14 <DIR> Teleca
          24-10-2006 20:54 <DIR> WINDOW~1 Windows Genuine Advantage
          0 bestand(en) 0 bytes
          19 map(pen) 50.352.214.016 bytes beschikbaar
          Het volume in station C heeft geen naam.
          Het volumenummer is 0446-B421

          Map van C:\WINDOWS
          • Citaat

          Comment

          • #6
            Ziet er weer goed uit!

            Download ATF Cleaner (by Atribune)

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
            Jawwi.nl - Jawwi Startpagina
            http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html
            Jawwi.nl is een startpagina. Wij bieden een overzicht van alle handige links, en dat op 1 startpagina.
            Groet,
            Pimmerd
            • Citaat

            Comment

            • #7
              Tnx Pim!

              Heb nergens meer last van! Dankjewel!
              • Citaat

              Comment

              • #8
                Graag gedaan

                Ik zet de status van deze tread op opgelost
                Groet,
                Pimmerd
                • Citaat

                Comment

                Vorige template Volgende
                Sorry, you are not authorized to view this page
                Working...
                X