pmkji.exe Hijacklogje

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts
  • Dirkskefriet
    • Jan 2008
    • 8

    pmkji.exe Hijacklogje

    Beste,
    Zoals u mij gevraagd heeft vindt u hier mijn probleem en erna mijn log :
    tijdens het downloaden is zaterdag mijn andere laptop gewoon uitgevallen. Het is te zeggen : mijn scherm werd gewoon zwart, maar de pc-leds brandden nog. Heb hem moeten uitschakelen door de powerknop 5sec. in te houden en na een heropstart reageerde mijn wireless-knop (om wireless aan te zetten) niet meer en werkte mijn ZONEALARM niet meer en startte mijn AVG Control Center niet meer op. Ik heb wel AVG free edition test center kunnen activeren. Heb em laten scannen en hij vond maar liefst 51 treaths !!!
    Hiervan heeft AVG er 47 gedeleted. Ik had ook op die laptop SPYBOT SEARCH & DESTROY staan (alhoewel niet up-to-date) en die vond (en repareerde) ook nog 4 treaths. Als ik daarna terug scan met AVG vindt die niets meer, maar na elke heropstart vindt die terug 1 virus in pmkji.exe.
    Ik geraak dus ook nog steeds niet online en die AVG CC en zone-alarm werken ook niet en telkens als ik opstart krijg ik eerst een foutmelding van windows : c:\WINDOWS\system32\pmkji.exe ""kan geen toegang tot het opgegeven apparaat, pad of bestand krijgen. Mogelijk hebt u geen toegangsmachtigingen voor het item"".
    Ik kan enkel OK kiezen en dan krijg ik de melding : ""kan het bestand C:\WINDOWS\system32\pmkji.exe, dat in het register staat vermeld, niet laden of starten. Controleer of dit bestand bestaat op uw computer of verwijder de verwijzing naar dit bestand uit het register."".
    Ook hier kan ik enkel OK kiezen. Dan kom ik dus op mijn bureaublad alwaar er onderaan rechts op mijn taakbalkje een balonnetje oplicht met een security warning die zegt :""your computer may be infected with harmful or unwanted software! Click here to learn more ... "". En als ik daar dan eens ff op klik krijg ik dus reclame van een anti-spyware programma of zo en waar ik zelfs op "full scan" kan klikken.
    Dit komt steeds weer terug en ik geraak dus niet meer online.

    En dit is mijn log :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:50:31, on 6/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\eFax Messenger 4.3\J2GTray.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkji.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {D4D2D219-C8B8-443F-8D80-D8CB0B409D09} - C:\WINDOWS\system32\pmkji.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_LPS
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvhaz.dll,startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
    O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
    O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
    O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
    O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O15 - Trusted Zone: http://toolbar.imageshack.us
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova/pano/prog/rundum.7.0.2.0.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124454307790
    O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
    O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.116/view22/View22RTE.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
    O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\Dirk\LOCALS~1\Temp\hpdj00.exe (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    O24 - Desktop Component 1: Kapaza.be Shops > Inboedel > Annekes snuffelhoekje - http://shop.kapaza.be/moreelsann/

    --
    End of file - 12538 bytes
  • Dirkskefriet
    • Jan 2008
    • 8

    #2
    and up

    Comment

    • Juisterr



      • Jun 2005
      • 14812

      #3
      Print de onderstaande instructies uit omdat je de computer tijdens het fixen moet herstarten.
      (kopieer de tekst naar bijv. Word en print dit uit)


      Download SmitfraudFix.exe (by S!Ri), en plaats het op je bureaublad.
      Indien dit niet lukt, download dan vanaf deze pagina.

      Start je PC op in VEILIGE mode.
      Kijk hier hoe dat moet.


      Dubbelklik op smitfraudfix.exe
      Kies optie #2 - Clean door2 te typen, en druk op "Enter" om de
      ge?nfecteerde bestanden te verwijderen.

      Je zal een vraag krijgen: "Registry cleaning - Do you want to clean the registry ?"
      Antwoord "yes" door y te typen en druk op "Enter".

      Als je pc daarna niet heropstart, start hem dan handmatig terug op in normale modus.

      Het tooltje zal nu onderzoeken of wininet.dll geïnfecteerd is. Je kan dus de vraag krijgen of je
      het ge?nfecteerde bestandje wil vervangen. Antwoord dan "yes" door y te typen en druk op "Enter".

      Het kan zijn dat het tooltje je pc opnieuw laat opstarten om zijn werk te kunnen afmaken.
      Als dat niet zo is, start je pc dan handmatig opnieuw op in normale modus.
      Er zal een tekstbestandje openen met de resultaten van de fix. Post de inhoud van dit bestandje in je volgende antwoord.
      (Je kan het rapport ook vinden in c:\rapport.txt)


      Start Hijackthis op en kies voor 'Do a system scan only'
      Selecteer alleen de items die hieronder zijn genoemd: (indien nog aanwezig)

      F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkji.exe
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {D4D2D219-C8B8-443F-8D80-D8CB0B409D09} - C:\WINDOWS\system32\pmkji.dll (file missing)
      O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

      Sluit alle vensters behalve Hijackthis
      Klik op 'Fix checked' om de items te verwijderen.



      Post dan ook een nieuw log van HijackThis

      Windows 10 opstarten in Veilige Modus

      Comment

      • Dirkskefriet
        • Jan 2008
        • 8

        #4
        Hetgeen u zei dat het tooltje nu zou controleren of mijn wininet.dll geïnfecteerd is, daar heb ik niets van gezien, dus dat stukje heeft hij niet gedaan. Ik heb hieronder wel mijn rapport.txt en mijn huidige Hijackthislog : (maar mijn pc geeft nog steeds dezelfde symptomen hoor )

        SmitFraudFix v2.274

        Scan done at 15:50:00,15, vr 18/01/2008
        Run from C:\Documents and Settings\Dirk\Bureaublad\SmitfraudFix
        OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
        The filesystem type is NTFS
        Fix run in safe mode

        »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll

        »»»»»»»»»»»»»»»»»»»»»»»» Killing process


        »»»»»»»»»»»»»»»»»»»»»»»» hosts


        127.0.0.1 localhost

        »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

        S!Ri's WS2Fix: LSP not Found.


        »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

        GenericRenosFix by S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

        C:\WINDOWS\system32\drvhaz.dll Deleted

        »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

        IEDFix.exe by S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» DNS

        HKLM\SYSTEM\CS2\Services\Tcpip\..\{BB036E3D-AD6C-4934-9C6B-462F22C4FB81}: DhcpNameServer=192.168.0.1
        HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


        »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


        »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
        "System"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

        Registry Cleaning done.

        »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll


        »»»»»»»»»»»»»»»»»»»»»»»» End




        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 16:30:33, on 18/01/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
        C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
        C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
        C:\WINDOWS\system32\CTsvcCDA.EXE
        C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\Eset\nod32krn.exe
        C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
        C:\WINDOWS\system32\HPZipm12.exe
        C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
        C:\Program Files\CyberLink\Shared Files\RichVideo.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\system32\RunDll32.exe
        C:\WINDOWS\AGRSMMSG.exe
        C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        C:\Program Files\eFax Messenger 4.3\J2GTray.exe
        C:\WINDOWS\system32\MsPMSPSv.exe
        C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
        C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
        O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
        O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
        O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
        O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
        O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
        O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
        O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "
        O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
        O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
        O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
        O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
        O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
        O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_LPS
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
        O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
        O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
        O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
        O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
        O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
        O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
        O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
        O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
        O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
        O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
        O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
        O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
        O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
        O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
        O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
        O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
        O15 - Trusted Zone: http://toolbar.imageshack.us
        O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova/pano/prog/rundum.7.0.2.0.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124454307790
        O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
        O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
        O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
        O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
        O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.116/view22/View22RTE.cab
        O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
        O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
        O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
        O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
        O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
        O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
        O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
        O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
        O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
        O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\Dirk\LOCALS~1\Temp\hpdj00.exe (file missing)
        O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
        O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
        O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
        O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
        O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

        --
        End of file - 11895 bytes

        Comment

        • Juisterr



          • Jun 2005
          • 14812

          #5
          O ja ?

          Download Java Runtime Environment (JRE) 6u4.
          • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u4".
          • Klik op de "Download" knop aan de rechterkant.
          • In het uitklapmenu rechts naast Platform, selecteer Windows
          • Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op Continue.
          • De pagina zal herladen.
          • Klik op de jre-6u4-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
          • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
          • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
          • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
          • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
          • Herhaal dit tot alle oudere versies verdwenen zijn.
          • Na het verwijderen van alle oudere versies, herstart je pc.
          • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.



          Download Combofix naar je Bureaublad.
          Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

          OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
          • Dubbelklik op Combofix.exe
            Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
            Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

          Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
          Plaats dit log in je volgende post samen met een nieuw HijackThis log.

          Windows 10 opstarten in Veilige Modus

          Comment

          • Dirkskefriet
            • Jan 2008
            • 8

            #6
            Bij het opstarten krijg ik nu alleszins die meldingen niet meer van pmkji.exe en die andere ook niet.
            Misschien ben ik dus wel van mijn beestjes vanaf , maar ik weet nu nog niet hoe ik terug kan online geraken, want die toets op mijn klavier voor mijn wireless aan te zetten, reageert nog niet ???
            Ik heb ook mijn AVGfree terug opnieuw geïnstalleerd en die werkt precies ook , maar ik kan hem niet updaten omdat ik niet online geraak
            Dus graag nog die laatste stap ook aub ...

            Hieronder mijn 2 logjes :

            ComboFix 08-01-20.1 - Dirk 2008-01-21 15:33:18.1 - NTFSx86
            Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.600 [GMT 1:00]
            Gestart vanuit: C:\Documents and Settings\Dirk\Bureaublad\ComboFix.exe
            * Nieuw herstelpunt werd aangemaakt

            WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
            .
            The following files were disabled during the run:
            C:\WINDOWS\system32\wmfhotfix.dll


            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\WINDOWS\adaway.lic
            C:\WINDOWS\system32\_000005_.tmp.dll
            C:\WINDOWS\system32\mcrh.tmp

            .
            (((((((((((((((((((( Bestanden Gemaakt van 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))
            .

            2008-01-21 15:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
            2008-01-21 15:31 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
            2008-01-21 15:30 . 2008-01-21 15:31 <DIR> d-------- C:\Program Files\Java
            2008-01-21 15:30 . 2008-01-21 15:30 <DIR> d-------- C:\Program Files\Common Files\Java
            2007-12-30 20:47 . 2007-12-30 20:47 <DIR> d-------- C:\Program Files\Trend Micro
            2007-12-30 20:47 . 2007-12-30 20:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
            2007-12-30 19:52 . 2007-12-30 19:52 <DIR> d-------- C:\Program Files\Lavasoft
            2007-12-30 19:52 . 2007-12-30 19:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
            2007-12-30 15:16 . 2008-01-06 10:21 <DIR> d-------- C:\VundoFix Backups

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2020-01-13 13:45 --------- d-----w C:\Documents and Settings\Anneken\Application Data\SmartDraw
            2020-01-13 08:22 --------- d-----w C:\Documents and Settings\Dirk\Application Data\SmartDraw
            2008-01-16 20:57 15,264 ----a-w C:\Documents and Settings\Dirk\Application Data\wklnhst.dat
            2007-12-29 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
            2007-12-29 12:37 --------- d-----w C:\Program Files\Launch Manager
            2007-12-29 12:37 --------- d-----w C:\Program Files\eFax Messenger 4.3
            2007-12-29 10:42 --------- d-----w C:\Program Files\Microsoft ActiveSync
            2007-12-16 17:28 --------- d-----w C:\Documents and Settings\Dirk\Application Data\SmartFTP
            2007-12-07 15:17 --------- d-----w C:\Program Files\Panorama-speler-innoPlus
            2007-09-13 07:52 648 ----a-w C:\Documents and Settings\Anneken\Application Data\wklnhst.dat
            2005-09-14 09:18 8 --sh--r C:\WINDOWS\system32\6F4823E4A3.sys
            .

            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
            "RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe" [ ]
            "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [ ]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "UpdReg"="C:\WINDOWS\UpdReg.EXE" [ ]
            "SbUsb AudCtrl"="sbusbdll.dll" [2005-05-26 16:52 128000 C:\WINDOWS\system32\sbusbdll.dll]
            "RTHDCPL"="RTHDCPL.EXE"
            "RemoteCenter"=""
            "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [ ]
            "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [ ]
            "NWEReboot"=""
            "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [ ]
            "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [ ]
            "InstantOn"="C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe" [2005-03-26 00:07 93640]
            "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
            "CTSysVol"="C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe" [ ]
            "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [ ]
            "AGRSMMSG"="AGRSMMSG.exe" [2005-08-24 15:24 88203 C:\WINDOWS\AGRSMMSG.exe]
            "CTHelper"="CTHELPER.EXE" [2003-06-09 03:07 28672 C:\WINDOWS\system32\CTHELPER.EXE]
            "DevconDefaultDB"="C:\WINDOWS\READREG /PSCONV={NO} /NO_LPS" [ ]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
            Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
            eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe [2007-11-06 20:42:11 629248]

            [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
            "{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}"= C:\WINDOWS\system32\nnnljkk.dll [ ]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
            C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-10-03 22:59 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
            "AppInit_DLLs"=C:\WINDOWS\system32\wmfhotfix.dll

            R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-10-27 16:39]
            R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 10:27]
            S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys
            S2 hpdj00;hpdj00;C:\DOCUME~1\Dirk\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=hp psc 1400 series
            S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-06-08 02:35]
            S3 DCamUSBET;ET USB 2710 Camera;C:\WINDOWS\system32\DRIVERS\etDevice.sys [2005-07-01 16:14]
            S3 FiltUSBET;ET USB Device Lower Filter;C:\WINDOWS\system32\DRIVERS\etFilter.sys [2005-07-06 10:36]
            S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2005-06-10 08:39]
            S3 ScanUSBET;ET USB Still Image Capture Device;C:\WINDOWS\system32\DRIVERS\etScan.sys [2005-07-01 16:14]

            .
            **************************************************************************

            catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-01-21 15:41:00
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            --------------------- DLLs Loaded Under Running Processes ---------------------

            PROCESS: C:\WINDOWS\system32\winlogon.exe
            -> C:\WINDOWS\system32\wmfhotfix.dll

            PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
            -> C:\WINDOWS\system32\wmfhotfix.dll

            PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
            -> C:\WINDOWS\system32\wmfhotfix.dll
            .
            Voltooingstijd: 2008-01-21 15:44:03 - machine was rebooted
            ComboFix-quarantined-files.txt 2008-01-21 14:44:00
            .
            2007-12-15 09:42:33 --- E O F ---


            en die van Hijackthis :

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 15:48:42, on 21/01/2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
            C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
            C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
            C:\WINDOWS\system32\CTsvcCDA.EXE
            C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
            C:\Program Files\Eset\nod32krn.exe
            C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
            C:\WINDOWS\system32\HPZipm12.exe
            C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
            C:\Program Files\CyberLink\Shared Files\RichVideo.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\MsPMSPSv.exe
            C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
            C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\RunDll32.exe
            C:\WINDOWS\AGRSMMSG.exe
            C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
            C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            C:\Program Files\eFax Messenger 4.3\J2GTray.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
            O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
            O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
            O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
            O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
            O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
            O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
            O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
            O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
            O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "
            O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
            O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
            O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
            O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
            O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
            O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_LPS
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
            O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
            O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
            O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
            O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
            O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
            O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
            O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
            O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
            O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
            O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
            O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
            O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
            O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
            O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
            O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
            O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
            O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
            O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
            O15 - Trusted Zone: http://toolbar.imageshack.us
            O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
            O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova/pano/prog/rundum.7.0.2.0.cab
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124454307790
            O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
            O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
            O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
            O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
            O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.116/view22/View22RTE.cab
            O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
            O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
            O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
            O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
            O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
            O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
            O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
            O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
            O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
            O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\Dirk\LOCALS~1\Temp\hpdj00.exe (file missing)
            O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
            O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
            O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
            O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
            O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
            O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
            O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
            O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

            --
            End of file - 11421 bytes

            Comment

            • Juisterr



              • Jun 2005
              • 14812

              #7
              Open een kladblok bestand en kopieer onderstaande vetgedrukte tekst in dat kladblokbestand:
              cd..
              cd..
              sc delete hpdj00


              Sla het op op je bureaublad als sc.bat met als type "alle bestanden"
              Dubbelklik sc.bat.

              Herstart je pc.


              vertel even hoe het nu gaat .

              Windows 10 opstarten in Veilige Modus

              Comment

              • Dirkskefriet
                • Jan 2008
                • 8

                #8
                Mijn wireless werkt nog steeds niet, maar ik merk nu wel dat mijn lampje (LED) van mijn harde schijf pinkt als ik op die toets van wireless druk. (mss was dat vroeger ook al, maar heb ik het toen niet opgemerkt).
                Dus graag nog een poging aub .
                Thnx

                Comment

                • Juisterr



                  • Jun 2005
                  • 14812

                  #9
                  Plaats in dat geval nog eens een nieuw gemaakt HJT logje, het kan zijn dat je probleem niets te maken heeft met malware of virus.

                  Windows 10 opstarten in Veilige Modus

                  Comment

                  • Dirkskefriet
                    • Jan 2008
                    • 8

                    #10
                    hier is een vers logje :
                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 11:08:46, on 27/01/2008
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\Ati2evxx.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
                    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    C:\WINDOWS\system32\Ati2evxx.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
                    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
                    C:\WINDOWS\system32\CTsvcCDA.EXE
                    C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                    C:\Program Files\Eset\nod32krn.exe
                    C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
                    C:\WINDOWS\system32\HPZipm12.exe
                    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
                    C:\WINDOWS\system32\RunDll32.exe
                    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\system32\MsPMSPSv.exe
                    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
                    C:\WINDOWS\AGRSMMSG.exe
                    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
                    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
                    C:\Program Files\eFax Messenger 4.3\J2GTray.exe
                    C:\WINDOWS\system32\wuauclt.exe
                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
                    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
                    O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
                    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
                    O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
                    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
                    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
                    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
                    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
                    O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "
                    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
                    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
                    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
                    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
                    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
                    O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_LPS
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
                    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
                    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
                    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                    O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
                    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
                    O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
                    O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
                    O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
                    O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
                    O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
                    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
                    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
                    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
                    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
                    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
                    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
                    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
                    O15 - Trusted Zone: http://toolbar.imageshack.us
                    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
                    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                    O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova/pano/prog/rundum.7.0.2.0.cab
                    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124454307790
                    O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
                    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
                    O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
                    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
                    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.116/view22/View22RTE.cab
                    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
                    O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
                    O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
                    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
                    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
                    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
                    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
                    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
                    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
                    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
                    O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
                    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
                    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
                    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
                    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
                    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

                    --
                    End of file - 11976 bytes

                    Comment

                    • Juisterr



                      • Jun 2005
                      • 14812

                      #11
                      Er staan zo te zien twee actieve antivirusscanners op je pc , gebruik je soms hitmanpro?

                      Zet iig de trial van NOD32 uit. Vertel even of dat verbetering geeft.

                      Windows 10 opstarten in Veilige Modus

                      Comment

                      • Dirkskefriet
                        • Jan 2008
                        • 8

                        #12
                        Ik heb het gevonden. Het probleem zat em in het stuurprogrammaatje voor de snelkeuzetoetsen op mijn klavier. Dat was "verdwenen". Hergeïnstalleerd en probleem opgelost.
                        Van harte bedankt voor de deskundige hulp. De donatie volgt dra
                        MVG Dirk

                        Comment

                        • Juisterr



                          • Jun 2005
                          • 14812

                          #13
                          Uit naam van het forum hartelijk dank. Ik zet de tread op opgelost.

                          Windows 10 opstarten in Veilige Modus

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X