Mededeling

Collapse
No announcement yet.

Last van Pop-upjes.

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Last van Pop-upjes.

    Hoi,

    Zou iemand even mijn logje willen bekijken?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:18:16, on 30-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\mrofinu1535.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
    O4 - HKLM\..\Run: [a0bef045] rundll32.exe "C:\WINDOWS\system32\wakvpmaw.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Startup: Enchanted .url
    O8 - Extra context menu item: &Google Zoeken - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://www.dlrpfans.be/divxwebplayer/DivXBrowserPlugin.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

    --
    End of file - 7569 bytes

    Ik heb last van Pop-upjes, en berichten dat er iets is met IE, e.d.

    Groetjes,
    Robin.

  • #2
    Download Malwarebytes' Anti-Malware op je bureaublad.
    Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
    Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
    Druk daarna op "Finish".
    Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
    Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
    Druk dan op de knop "Start Scan".
    Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
    Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
    Als het programma je computer wil laten herstarten, sta je dit toe.
    Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
    Post deze log in je volgende bericht tesamen met een nieuw logje van Hijackthis

    Comment


    • #3
      Hoi,

      Hier is het logje van het programma:

      Malwarebytes' Anti-Malware 1.09
      Database versie: 568

      Scan type: Volledige Scan (C:\|D:\|G:\|H:\|I:\|J:\|)
      Objecten gescand: 210509
      Verstreken tijd: 46 minute(s), 49 second(s)

      Geheugenprocessen geïnfecteerd: 1
      Geheugenmodulen geïnfecteerd: 3
      Registersleutels geïnfecteerd: 18
      Registerwaarden geïnfecteerd: 2
      Registerdata bestanden geïnfecteerd: 1
      Mappen geïnfecteerd: 0
      Bestanden geïnfecteerd: 19

      Geheugenprocessen geïnfecteerd:
      c:\WINDOWS\mrofinu1535.exe (Trojan.Downloader) -> Unloaded process successfully.

      Geheugenmodulen geïnfecteerd:
      C:\WINDOWS\system32\byXPjJaX.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\wakvpmaw.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\ssqPjHwU.dll (Trojan.Vundo) -> Unloaded module successfully.

      Registersleutels geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2cb08d22-7cf9-4f90-8015-ec627ba8b8ed} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{2cb08d22-7cf9-4f90-8015-ec627ba8b8ed} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqpjhwu (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

      Registerwaarden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> Delete on reboot.

      Registerdata bestanden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxpjjax -> Quarantined and deleted successfully.

      Mappen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Bestanden geïnfecteerd:
      c:\WINDOWS\mrofinu1535.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\byXPjJaX.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\XaJjPXyb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\XaJjPXyb.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\wakvpmaw.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\wampvkaw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ssqPjHwU.dll (Trojan.Vundo) -> Delete on reboot.
      C:\Program Files\Trend Micro\HijackThis\backups\backup-20070916-130120-781.dll (Adware.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP10\A0008212.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP10\A0008213.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP10\A0025834.dll (Adware.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP12\A0034487.dll (Worm.Voterai) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP12\A0034490.dll (Worm.Voterai) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP12\A0034532.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP12\A0034533.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP12\A0034534.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP37\A0046091.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\AutoUpdateWin32.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\AutoUpdateWin33.exe (Adware.Agent) -> Quarantined and deleted successfully.

      En hier is een nieuw HiJackThis logje:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:41:28, on 30-3-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\arservice.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\ARPWRMSG.EXE
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\HP\KBD\KBD.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      c:\windows\system\hpsysdrv.exe
      C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: {f157e23b-4699-dc79-ae94-dc7292942923} - {32924929-27cd-49ea-97cd-9964b32e751f} - C:\WINDOWS\system32\yxxxqtgx.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
      O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
      O4 - HKLM\..\Run: [a0bef045] rundll32.exe "C:\WINDOWS\system32\wakvpmaw.dll",b
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
      O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
      O4 - Startup: Enchanted .url
      O8 - Extra context menu item: &Google Zoeken - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
      O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://www.dlrpfans.be/divxwebplayer/DivXBrowserPlugin.cab
      O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

      --
      End of file - 8188 bytes

      Nu nog geen last gehad van pop-upjes. Alleen na het opnieuw starten waar het programma mij om vroeg, kreeg ik een bericht over een .dll bestand. Er stond iets in dat ik een niet legale versie van Windows zou hebben.

      Groetjes,
      Robin.

      Comment


      • #4
        Open een kladblokbestand.
        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

        @ECHO OFF
        IF EXIST log.txt DEL log.txt
        ren C:\WINDOWS\system32\yxxxqtgx.dll yxxxqtgx.bak
        ren C:\WINDOWS\system32\wakvpmaw.dll wakvpmaw.bak
        ECHO Deleting files>>log.txt
        FOR %%g in (
        C:\WINDOWS\system32\yxxxqtgx.bak
        C:\WINDOWS\system32\wakvpmaw.bak
        C:\WINDOWS\system32\yxxxqtgx.dll
        C:\WINDOWS\system32\wakvpmaw.dll) DO (
        IF EXIST %%g (
        ATTRIB -r -s -h %%g
        DEL %%g
        IF EXIST %%g (
        ECHO %%g not deleted>>log.txt
        ) ELSE (
        ECHO %%g deleted>>log.txt)
        ) ELSE (
        ECHO %%g not found>>log.txt))
        START NOTEPAD.EXE log.txt

        Ga naar Bestand - Opslaan als.
        Bij "Opslaan in" kies je: Bureaublad
        Bij "Bestandsnaam" zet je: del.bat
        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
        Klik op de knop Opslaan.

        Dubbelklik op del.bat en post de inhoud van de logfile die opent.

        Comment


        • #5
          Hoi,

          Hier is het logje:

          Deleting files
          C:\WINDOWS\system32\yxxxqtgx.bak not deleted
          C:\WINDOWS\system32\wakvpmaw.bak not found
          C:\WINDOWS\system32\yxxxqtgx.dll not found
          C:\WINDOWS\system32\wakvpmaw.dll not found

          Groetjes,
          Robin.

          Comment


          • #6
            Herstart je computer.

            Dubbelklik del.bat nog een keer en post het logje.

            Comment


            • #7
              Hoi,

              Nu zecht hij alleen nog maar iets over een wakvpmaw.dll bestand dat niet klopt, in de map Windows.

              Logje:

              Deleting files
              C:\WINDOWS\system32\yxxxqtgx.bak deleted
              C:\WINDOWS\system32\wakvpmaw.bak not found
              C:\WINDOWS\system32\yxxxqtgx.dll not found
              C:\WINDOWS\system32\wakvpmaw.dll not found

              Groetjes,
              Robni.

              Comment


              • #8
                Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
                O2 - BHO: {f157e23b-4699-dc79-ae94-dc7292942923} - {32924929-27cd-49ea-97cd-9964b32e751f} - C:\WINDOWS\system32\yxxxqtgx.dll
                O4 - HKLM\..\Run: [a0bef045] rundll32.exe "C:\WINDOWS\system32\wakvpmaw.dll",b

                Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

                Download dit bestand: zoek.exe
                Dubbelklik het, na een tijdje opent er een logje.
                Post de inhoud van dit logje in je volgende bericht

                Comment


                • #9
                  Hoi,

                  Alles gedaan wat je had gezegd, hier is het logje:

                  ======C:\WINDOWS====
                  ----a-w 0 2008-03-31 05:08:07 C:\WINDOWS\0.log
                  --s-a-w 2,048 2008-03-31 05:07:06 C:\WINDOWS\bootstat.dat
                  ----a-w 272,915 2008-03-16 11:15:22 C:\WINDOWS\comsetup.log
                  ----a-w 210,430 2008-03-29 14:36:57 C:\WINDOWS\DirectX.log
                  ----a-w 12,298 2008-03-10 12:37:25 C:\WINDOWS\DPINST.LOG
                  ----a-w 45,729 2008-03-16 11:15:22 C:\WINDOWS\ehOCGen.log
                  ----a-w 808,068 2008-03-16 11:15:21 C:\WINDOWS\FaxSetup.log
                  ----a-w 903,525 2008-03-16 11:15:22 C:\WINDOWS\iis6.log
                  ----a-w 1,374 2008-03-16 11:15:11 C:\WINDOWS\imsins.BAK
                  ----a-w 1,374 2008-03-16 11:15:22 C:\WINDOWS\imsins.log
                  ----a-w 12,906 2008-03-15 09:40:14 C:\WINDOWS\KB885884.log
                  ----a-w 75,719 2008-03-10 02:03:03 C:\WINDOWS\KB888302.log
                  ----a-w 87,070 2008-03-10 02:04:20 C:\WINDOWS\KB890046.log
                  ----a-w 66,149 2008-03-10 02:01:07 C:\WINDOWS\KB890859.log
                  ----a-w 97,282 2008-03-10 02:06:22 C:\WINDOWS\KB893756.log
                  ----a-w 61,015 2008-03-10 02:01:39 C:\WINDOWS\KB896428.log
                  ----a-w 111,391 2008-03-10 02:07:42 C:\WINDOWS\KB899587.log
                  ----a-w 96,963 2008-03-10 02:06:35 C:\WINDOWS\KB899591.log
                  ----a-w 71,161 2008-03-10 02:02:30 C:\WINDOWS\KB900725.log
                  ----a-w 96,314 2008-03-10 02:06:42 C:\WINDOWS\KB901017.log
                  ----a-w 84,556 2008-03-10 02:03:43 C:\WINDOWS\KB905414.log
                  ----a-w 64,522 2008-03-10 02:01:54 C:\WINDOWS\KB905749.log
                  ----a-w 95,216 2008-03-10 02:06:08 C:\WINDOWS\KB911280.log
                  ----a-w 97,291 2008-03-10 02:06:49 C:\WINDOWS\KB911927.log
                  ----a-w 64,492 2008-03-10 02:01:47 C:\WINDOWS\KB913580.log
                  ----a-w 86,185 2008-03-10 02:03:50 C:\WINDOWS\KB914388.log
                  ----a-w 62,264 2008-03-10 02:01:19 C:\WINDOWS\KB914389.log
                  ----a-w 78,645 2008-03-10 02:03:22 C:\WINDOWS\KB918118.log
                  ----a-w 86,929 2008-03-10 02:04:27 C:\WINDOWS\KB918439.log
                  ----a-w 85,681 2008-03-10 02:03:56 C:\WINDOWS\KB919007.log
                  ----a-w 113,310 2008-03-10 07:09:42 C:\WINDOWS\KB920213.log
                  ----a-w 86,574 2008-03-10 02:04:33 C:\WINDOWS\KB920670.log
                  ----a-w 74,705 2008-03-10 02:01:26 C:\WINDOWS\KB920683.log
                  ----a-w 95,964 2008-03-10 02:06:29 C:\WINDOWS\KB920685.log
                  ----a-w 102,952 2008-03-10 02:07:20 C:\WINDOWS\KB922819.log
                  ----a-w 77,827 2008-03-10 02:03:34 C:\WINDOWS\KB923191.log
                  ----a-w 99,391 2008-03-10 02:07:13 C:\WINDOWS\KB923414.log
                  ----a-w 96,270 2008-03-10 02:06:15 C:\WINDOWS\KB923980.log
                  ----a-w 92,653 2008-03-10 02:05:42 C:\WINDOWS\KB924270.log
                  ----a-w 88,896 2008-03-10 02:05:48 C:\WINDOWS\KB924667.log
                  ----a-w 52,476 2008-03-28 06:38:10 C:\WINDOWS\KB925766.log
                  ----a-w 86,564 2008-03-10 02:04:49 C:\WINDOWS\KB925902.log
                  ----a-w 36,933 2008-03-15 11:51:39 C:\WINDOWS\KB926239.log
                  ----a-w 50,814 2008-03-10 02:05:24 C:\WINDOWS\KB926251.log
                  ----a-w 78,909 2008-03-10 02:03:15 C:\WINDOWS\KB926255.log
                  ----a-w 85,837 2008-03-10 02:04:14 C:\WINDOWS\KB926436.log
                  ----a-w 110,085 2008-03-10 02:07:34 C:\WINDOWS\KB927779.log
                  ----a-w 104,320 2008-03-10 02:07:27 C:\WINDOWS\KB927802.log
                  ----a-w 99,591 2008-03-10 02:06:56 C:\WINDOWS\KB928255.log
                  ----a-w 71,055 2008-03-10 02:04:41 C:\WINDOWS\KB929123.log
                  ----a-w 19,186 2008-03-16 11:15:22 C:\WINDOWS\KB929399.log
                  ----a-w 86,814 2008-03-10 02:04:02 C:\WINDOWS\KB930178.log
                  ----a-w 63,878 2008-03-10 02:02:06 C:\WINDOWS\KB930916.log
                  ----a-w 89,546 2008-03-10 02:05:36 C:\WINDOWS\KB931261.log
                  ----a-w 126,135 2008-03-10 07:09:49 C:\WINDOWS\KB932168.log
                  ----a-w 57,708 2008-03-10 02:02:18 C:\WINDOWS\KB935840.log
                  ----a-w 74,980 2008-03-10 02:06:01 C:\WINDOWS\KB936021.log
                  ----a-w 22,384 2008-03-16 11:15:01 C:\WINDOWS\KB936782.log
                  ----a-w 86,080 2008-03-10 02:07:06 C:\WINDOWS\KB937894.log
                  ----a-w 98,618 2008-03-10 02:02:00 C:\WINDOWS\KB938127-IE7.log
                  ----a-w 73,659 2008-03-10 02:05:54 C:\WINDOWS\KB938828.log
                  ----a-w 72,638 2008-03-10 02:04:56 C:\WINDOWS\KB938829.log
                  ----a-w 13,925 2008-03-16 11:15:11 C:\WINDOWS\KB939683.log
                  ----a-w 66,265 2008-03-10 02:03:28 C:\WINDOWS\KB941202.log
                  ----a-w 74,446 2008-03-10 02:03:09 C:\WINDOWS\KB941568.log
                  ----a-w 37,297 2008-03-15 13:23:22 C:\WINDOWS\KB941569.log
                  ----a-w 79,671 2008-03-10 02:05:30 C:\WINDOWS\KB941644.log
                  ----a-w 101,198 2008-03-10 02:04:09 C:\WINDOWS\KB942763.log
                  ----a-w 57,034 2008-03-10 02:01:33 C:\WINDOWS\KB943055.log
                  ----a-w 57,923 2008-03-10 02:02:12 C:\WINDOWS\KB943485.log
                  ----a-w 101,747 2008-03-10 02:02:57 C:\WINDOWS\KB944533-IE7.log
                  ----a-w 55,327 2008-03-10 02:01:13 C:\WINDOWS\KB944653.log
                  ----a-w 80,551 2008-03-10 02:05:01 C:\WINDOWS\KB946026.log
                  ----a-w 2,416 2008-03-29 12:16:25 C:\WINDOWS\medblker.Log
                  ----a-w 108,921 2008-03-29 12:16:19 C:\WINDOWS\MedCtrOC.log
                  ----a-w 6,289 2008-03-29 21:51:49 C:\WINDOWS\mgxoschk.ini
                  ----a-w 31,742 2008-03-15 11:51:02 C:\WINDOWS\MSCompPackV1.log
                  ----a-w 40,064 2008-03-16 11:15:21 C:\WINDOWS\msgsocm.log
                  ----a-w 248,222 2008-03-16 11:15:21 C:\WINDOWS\msmqinst.log
                  ----a-w 153,491 2008-03-16 11:15:21 C:\WINDOWS\netfxocm.log
                  ----a-w 164,826 2008-03-16 11:15:22 C:\WINDOWS\ntdtcsetup.log
                  ----a-w 390,654 2008-03-16 11:15:21 C:\WINDOWS\ocgen.log
                  ----a-w 49,634 2008-03-16 11:15:22 C:\WINDOWS\ocmsn.log
                  ----a-w 395 2008-03-13 14:27:16 C:\WINDOWS\ODBC.INI
                  ----a-w 93,439 2008-03-16 11:15:21 C:\WINDOWS\plusoc.log
                  ----a-w 17,016 2008-03-30 19:58:23 C:\WINDOWS\SchedLgU.Txt
                  ----a-w 71,476 2008-03-28 06:38:05 C:\WINDOWS\setupapi.log
                  ----a-w 1,037,055 2008-03-16 11:14:52 C:\WINDOWS\setupapi.log.1.old
                  ----a-w 92,810 2008-03-29 12:16:25 C:\WINDOWS\spupdsvc.log
                  ----a-w 40,169 2008-03-16 11:15:22 C:\WINDOWS\tabletoc.log
                  ----a-w 370,021 2008-03-16 11:15:22 C:\WINDOWS\tsoc.log
                  ----a-w 88,094 2008-03-28 06:38:09 C:\WINDOWS\updspapi.log
                  ----a-w 159 2008-03-26 06:21:18 C:\WINDOWS\wiadebug.log
                  ----a-w 49 2008-03-26 06:21:19 C:\WINDOWS\wiaservc.log
                  ----a-w 507 2008-03-15 11:50:23 C:\WINDOWS\win.ini
                  ----a-w 2,030,673 2008-03-31 09:42:08 C:\WINDOWS\WindowsUpdate.log
                  ----a-w 71,847 2008-03-15 11:49:50 C:\WINDOWS\WMFDist11.log
                  ----a-w 52,382 2008-03-15 11:50:25 C:\WINDOWS\wmp11.log
                  ----a-w 49,587 2008-03-30 19:00:29 C:\WINDOWS\wmsetup.log
                  ----a-w 1,782 2008-03-15 11:50:23 C:\WINDOWS\wmsetup10.log
                  ----a-w 316,640 2008-03-15 11:49:47 C:\WINDOWS\WMSysPr9.prx
                  ----a-w 39,489 2008-03-15 11:49:16 C:\WINDOWS\Wudf01000Inst.log

                  Entries: 102 (101)
                  Directories: 0 Files: 102
                  Bytes: 12,711,497 Blocks: 24,880
                  ======C:\WINDOWS\system32=====
                  ----a-w 16,832 2008-03-15 12:50:58 C:\WINDOWS\System32\amcompat.tlb
                  ----a-w 1,884,848 2008-03-29 19:11:33 C:\WINDOWS\System32\FNTCACHE.DAT
                  ----a-w 93 2008-03-10 20:54:53 C:\WINDOWS\System32\LuResult.txt
                  ----a-w 23,392 2008-03-15 12:50:58 C:\WINDOWS\System32\nscompat.tlb
                  ----a-w 68,694 2008-03-31 05:09:29 C:\WINDOWS\System32\nvapps.xml
                  ----a-w 53,572 2008-03-30 11:45:02 C:\WINDOWS\System32\perfc009.dat
                  ----a-w 70,546 2008-03-30 11:45:02 C:\WINDOWS\System32\perfc013.dat
                  ----a-w 381,828 2008-03-30 11:45:02 C:\WINDOWS\System32\perfh009.dat
                  ----a-w 443,836 2008-03-30 11:45:02 C:\WINDOWS\System32\perfh013.dat
                  ----a-w 959,226 2008-03-30 11:45:01 C:\WINDOWS\System32\PerfStringBackup.INI
                  ----a-w 138,760 2008-03-10 02:04:05 C:\WINDOWS\System32\TZLog.log
                  ----a-w 1,158 2008-03-29 12:15:47 C:\WINDOWS\System32\wpa.dbl

                  Entries: 12 (12)
                  Directories: 0 Files: 12
                  Bytes: 4,042,785 Blocks: 7,902
                  =======C:\Program Files=====
                  Entries: 0 (0)
                  Directories: 0 Files: 0
                  Bytes: 0 Blocks: 0
                  =======C:=====
                  --sha-w 1,072,222,208 2008-03-31 05:06:59 C:\hiberfil.sys
                  --sha-w 1,610,612,736 2008-03-31 05:06:57 C:\pagefile.sys
                  ---ha-w 232 2008-03-31 06:59:26 C:\sqmdata00.sqm
                  ---ha-w 232 2008-03-31 12:19:40 C:\sqmdata01.sqm
                  ---ha-w 232 2008-03-31 13:49:34 C:\sqmdata02.sqm
                  ---ha-w 232 2008-03-29 13:44:07 C:\sqmdata03.sqm
                  ---ha-w 232 2008-03-29 13:44:07 C:\sqmdata04.sqm
                  ---ha-w 232 2008-03-29 13:44:11 C:\sqmdata05.sqm
                  ---ha-w 232 2008-03-29 13:44:14 C:\sqmdata06.sqm
                  ---ha-w 232 2008-03-29 14:27:52 C:\sqmdata07.sqm
                  ---ha-w 232 2008-03-29 15:09:30 C:\sqmdata08.sqm
                  ---ha-w 232 2008-03-29 21:15:57 C:\sqmdata09.sqm
                  ---ha-w 232 2008-03-29 21:17:03 C:\sqmdata10.sqm
                  ---ha-w 232 2008-03-29 22:06:43 C:\sqmdata11.sqm
                  ---ha-w 232 2008-03-30 12:12:39 C:\sqmdata12.sqm
                  ---ha-w 232 2008-03-30 14:17:53 C:\sqmdata13.sqm
                  ---ha-w 232 2008-03-30 14:17:58 C:\sqmdata14.sqm
                  ---ha-w 232 2008-03-30 14:30:22 C:\sqmdata15.sqm
                  ---ha-w 232 2008-03-30 16:32:13 C:\sqmdata16.sqm
                  ---ha-w 232 2008-03-30 16:57:17 C:\sqmdata17.sqm
                  ---ha-w 232 2008-03-30 18:38:06 C:\sqmdata18.sqm
                  ---ha-w 232 2008-03-31 05:30:33 C:\sqmdata19.sqm
                  ---ha-w 244 2008-03-31 06:59:26 C:\sqmnoopt00.sqm
                  ---ha-w 244 2008-03-31 12:19:40 C:\sqmnoopt01.sqm
                  ---ha-w 244 2008-03-31 13:49:34 C:\sqmnoopt02.sqm
                  ---ha-w 244 2008-03-29 13:44:07 C:\sqmnoopt03.sqm
                  ---ha-w 244 2008-03-29 13:44:07 C:\sqmnoopt04.sqm
                  ---ha-w 244 2008-03-29 13:44:11 C:\sqmnoopt05.sqm
                  ---ha-w 244 2008-03-29 13:44:14 C:\sqmnoopt06.sqm
                  ---ha-w 244 2008-03-29 14:27:52 C:\sqmnoopt07.sqm
                  ---ha-w 244 2008-03-29 15:09:30 C:\sqmnoopt08.sqm
                  ---ha-w 244 2008-03-29 21:15:57 C:\sqmnoopt09.sqm
                  ---ha-w 244 2008-03-29 21:17:03 C:\sqmnoopt10.sqm
                  ---ha-w 244 2008-03-29 22:06:43 C:\sqmnoopt11.sqm
                  ---ha-w 244 2008-03-30 12:12:39 C:\sqmnoopt12.sqm
                  ---ha-w 244 2008-03-30 14:17:52 C:\sqmnoopt13.sqm
                  ---ha-w 244 2008-03-30 14:17:58 C:\sqmnoopt14.sqm
                  ---ha-w 244 2008-03-30 14:30:21 C:\sqmnoopt15.sqm
                  ---ha-w 244 2008-03-30 16:32:13 C:\sqmnoopt16.sqm
                  ---ha-w 244 2008-03-30 16:57:17 C:\sqmnoopt17.sqm
                  ---ha-w 244 2008-03-30 18:38:06 C:\sqmnoopt18.sqm
                  ---ha-w 244 2008-03-31 05:30:33 C:\sqmnoopt19.sqm

                  Entries: 42 (0)
                  Directories: 0 Files: 42
                  Bytes: 2,682,844,464 Blocks: 5,239,952
                  ======C:\Documents and Settings\HP_Administrator\Application Data======
                  ----a-w 25,128 2008-03-27 04:48:23 C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat

                  Entries: 1 (1)
                  Directories: 0 Files: 1
                  Bytes: 25,128 Blocks: 50
                  ======C:\Temp======
                  Entries: 0 (0)
                  Directories: 0 Files: 0
                  Bytes: 0 Blocks: 0
                  ======C:\Documents and Settings\HP_Administrator======
                  ----a-w 93 2008-03-10 20:54:32 C:\Documents and Settings\HP_Administrator\LuResult.txt
                  ----a-w 2,883,584 2008-03-30 19:58:43 C:\Documents and Settings\HP_Administrator\NTUSER.DAT
                  ----a-w 49,152 2008-03-31 13:51:05 C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG
                  --sh--w 188 2008-03-30 19:58:20 C:\Documents and Settings\HP_Administrator\ntuser.ini
                  ----a-w 28 2008-03-12 15:50:00 C:\Documents and Settings\HP_Administrator\sc_serv.ban

                  Entries: 5 (4)
                  Directories: 0 Files: 5
                  Bytes: 2,933,045 Blocks: 5,731
                  =============

                  Groetjes,
                  Robin.

                  Comment


                  • #10
                    Ik zie geen foute dingen

                    Doe dit nog:

                    Je Java software is verouderd.
                    Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                    Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                    • Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
                    • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                    • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                    • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                    • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                    • Herhaal dit tot alle oudere versies verdwenen zijn.
                    • Na het verwijderen van alle oudere versies, herstart je pc.
                    • Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                    Kijk hier hoe je je systeemherstel moet uitschakelen.
                    Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                    Post als laatste nog een nieuw logje van Hijackthis ter controle

                    Comment


                    • #11
                      Hoi,

                      Sorry dat het wat lang duurde!

                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 14:50:46, on 1-4-2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\WINDOWS\arservice.exe
                      C:\Program Files\Bonjour\mDNSResponder.exe
                      C:\WINDOWS\eHome\ehRecvr.exe
                      C:\WINDOWS\eHome\ehSched.exe
                      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                      C:\WINDOWS\system32\nvsvc32.exe
                      C:\WINDOWS\system32\dllhost.exe
                      C:\WINDOWS\system32\wuauclt.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\WINDOWS\ehome\ehtray.exe
                      C:\WINDOWS\RTHDCPL.EXE
                      C:\WINDOWS\ARPWRMSG.EXE
                      C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
                      C:\WINDOWS\eHome\ehmsas.exe
                      C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
                      C:\WINDOWS\system32\rundll32.exe
                      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\HP\KBD\KBD.EXE
                      c:\windows\system\hpsysdrv.exe
                      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                      C:\Program Files\Internet Explorer\iexplore.exe
                      C:\WINDOWS\system32\NOTEPAD.EXE
                      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
                      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
                      O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
                      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                      O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
                      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
                      O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
                      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
                      O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
                      O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
                      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
                      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                      O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
                      O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
                      O8 - Extra context menu item: &Google Zoeken - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
                      O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
                      O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
                      O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
                      O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
                      O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
                      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://www.dlrpfans.be/divxwebplayer/DivXBrowserPlugin.cab
                      O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
                      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                      O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
                      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                      O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

                      --
                      End of file - 8365 bytes

                      Ik denk dat het allemaal heeft gewerkt! Héél erg bedankt maar weer!

                      Groetjes,
                      Robin.

                      Comment


                      • #12
                        Graag gedaan hoor

                        Logje ziet er weer goed uit

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X