Mededeling

Collapse
No announcement yet.

celldorado sites

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • celldorado sites

    Hallo allemaal,

    Als Internet Explorer even draait dan worden automatisch nieuwe vensters geopend die beginnen met CiD:www. (Celldorado). Hoe kom ik hier vanaf?
    Hieronder mijn HijackThis logbestand. Bedankt alvast.

    Logfile of HijackThis v1.99.1
    Scan saved at 20:50:47, on 04-04-08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\TCtrlIOHook.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
    O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
    O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
    O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" hwSetUP
    O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" SVPwUTIL
    O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
    O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe"
    O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [Tvs] "C:\Program Files\TOSHIBA\Tvs\TvsTray.exe"
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [DDWMon] "C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MATH DOES FIRST MODE] "C:\Documents and Settings\All Users\Application Data\live 64 math does\byte bolt.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
    O4 - HKCU\..\Run: [Heck 01] C:\DOCUME~1\ILAGRO~1.ILA\APPLIC~1\SKIPSE~1\beepokay.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182363839531
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

  • #2
    Probeer dit programma eens: LOP-uninstall.exe of LOP-uninstall.zip
    Voer bij “Uninstall verification“ de zevencijferige code in en klik “Uninstall“
    Klik bij “Legal notice” OK
    Sluit alle vensters en klik OK
    Wacht .......en klik bij “Uninstall complete for all users“ OK.

    Doe daarna dit:
    Download dit bestand: Deljob.exe (mirror)
    Dubbelklik Deljob.exe.
    Een logje(logit.txt) zal openen.
    Post de inhoud van logit.txt in je volgende bericht.

    Post ook een nieuw logje van Hijackthis

    Comment


    • #3
      Hallo Stef,

      Hierbij de 2log-bestanden:
      LOP:
      --------------------------------------------------------
      No LOP job-files found
      --------------------------------------------------------
      Files in Windows Tasks folder

      AppleSoftwareUpdate.job
      Easy Onderhoud.job
      Norton Security Scan.job
      --------------------------------------------------------
      Export App Data folders
      --------------------------------------------------------
      Het volume in station C heeft geen naam.
      Het volumenummer is A4C1-B699

      Map van C:\Documents and Settings\Ila groot bluemink.ILA\Application
      Data

      07-04-08 13:20 <DIR> .
      07-04-08 13:20 <DIR> ..
      19-02-08 21:40 <DIR> Adobe
      05-08-07 00:21 <DIR> AdobeUM
      19-06-07 23:53 <DIR> Ahead
      22-10-07 16:38 <DIR> APPLEC~1 Apple Computer
      28-06-07 23:24 <DIR> Google
      19-06-07 22:21 <DIR> Grisoft
      12-06-07 04:31 <DIR> IDENTI~1 Identities
      17-02-08 17:24 <DIR> INSTAL~1 InstallShield
      11-06-07 20:12 <DIR> Intel
      28-07-07 09:19 <DIR> INTERV~1 InterVideo
      31-03-08 23:35 <DIR> LimeWire
      21-03-08 15:50 <DIR> LIONHE~1 Lionhead Studios
      30-06-07 13:12 <DIR> MACROM~1 Macromedia
      21-06-07 23:37 <DIR> MEDIAP~1 Media Player Classic
      27-01-08 22:56 <DIR> MICROS~1 Microsoft
      22-02-08 11:46 <DIR> Real
      25-06-07 23:39 <DIR> Sun
      12-06-07 04:31 <DIR> toshiba
      19-06-07 22:19 <DIR> TUNEUP~1 TuneUp Software
      0 bestand(en) 0 bytes
      21 map(pen) 28.611.719.168 bytes beschikbaar
      Het volume in station C heeft geen naam.
      Het volumenummer is A4C1-B699

      Map van C:\Documents and Settings\All Users\Application Data

      04-04-08 20:41 <DIR> .
      04-04-08 20:41 <DIR> ..
      07-11-07 19:07 <DIR> Adobe
      13-06-07 19:34 <DIR> ADOBES~1 Adobe Systems
      22-10-07 16:36 <DIR> Apple
      22-10-07 16:38 <DIR> APPLEC~1 Apple Computer
      28-06-07 23:24 <DIR> Google
      20-06-07 19:06 <DIR> Grisoft
      11-06-07 20:12 <DIR> Intel
      21-03-08 15:41 <DIR> LIONHE~1 Lionhead Studios
      19-03-08 17:21 <DIR> LIVE64~1 live 64 math does
      26-07-07 11:16 <DIR> MESSEN~1 Messenger Plus!
      25-03-08 21:12 <DIR> MICROS~1 Microsoft
      16-06-07 14:53 <DIR> Nero
      13-06-07 00:08 <DIR> Pinnacle
      12-06-07 23:57 <DIR> PINNAC~1 Pinnacle Studio
      12-06-07 04:31 <DIR> SBSI
      20-06-07 00:13 <DIR> SMARTS~1 SmartSound Software Inc
      16-06-07 20:06 <DIR> Symantec
      12-06-07 21:15 <DIR> TUNEUP~1 TuneUp Software
      13-06-07 15:37 <DIR> WINDOW~1 Windows Genuine Advantage
      28-06-07 23:25 <DIR> WinZip
      17-11-07 11:17 <DIR> WLINST~1 WLInstaller
      0 bestand(en) 0 bytes
      23 map(pen) 28.611.719.168 bytes beschikbaar
      --------------------------------------------------------
      All User Accounts
      --------------------------------------------------------
      All Users
      Ila groot bluemink.ILA
      Intel
      --------------------------------------------------------

      Hijackthis:
      Logfile of HijackThis v1.99.1
      Scan saved at 13:23:29, on 07-04-08
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Adobe\Photoshop Elements
      3.0\PhotoshopElementsFileAgent.exe
      C:\Program Files\Common Files\Apple\Mobile Device
      Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Apoint2K\Apoint.exe
      C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
      C:\Program Files\Adobe\Photoshop Elements
      3.0\PhotoshopElementsDeviceConnect.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
      C:\WINDOWS\system32\TODDSrv.exe
      C:\WINDOWS\system32\TPSMain.exe
      C:\WINDOWS\system32\ZoomingHook.exe
      C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
      C:\WINDOWS\system32\TCtrlIOHook.exe
      C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
      C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
      C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
      C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
      C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
      C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\WINDOWS\system32\TPSBattM.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Picasa2\PicasaMediaDetector.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
      C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
      C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
      C:\WINDOWS\explorer.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
      C:\Program Files\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
      Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
      C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}
      - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO -
      {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
      Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
      c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
      O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and
      Launch\PadExe.exe"
      O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
      O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\TOSHIBA
      Applet\HWSetup.exe" hwSetUP
      O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\Toshiba\Windows
      Utilities\SVPWUTIL.exe" SVPwUTIL
      O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
      O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
      O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
      O4 - HKLM\..\Run: [SmoothView] "C:\Program
      Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe"
      O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
      O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
      O4 - HKLM\..\Run: [Tvs] "C:\Program Files\TOSHIBA\Tvs\TvsTray.exe"
      O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
      O4 - HKLM\..\Run: [DDWMon] "C:\Program Files\TOSHIBA\TOSHIBA Direct Disc
      Writer\\ddwmon.exe"
      O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program
      Files\Intel\Wireless\bin\ZCfgSvc.exe"
      O4 - HKLM\..\Run: [IntelWireless] "C:\Program
      Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe"
      /WAITSERVICE
      O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common
      Files\Ahead\Lib\NeroCheck.exe"
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware
      7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [PinnacleDriverCheck]
      "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
      Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
      Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
      Alternative\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
      Files\iTunes\iTunesHelper.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program
      Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
      "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp
      Utilities 2007\MemOptimizer.exe" autostart
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
      /background
      O4 - HKCU\..\Run: [swg] C:\Program
      Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Picasa Media Detector] "C:\Program
      Files\Picasa2\PicasaMediaDetector.exe"
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common
      Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk =
      C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
      Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
      Office\Office10\OSA.EXE
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
      Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
      res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console -
      {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
      Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
      C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
      %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
      {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
      Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
      C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger -
      {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
      Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown
      Class) -
      http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
      http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/clien
      t/wuweb_site.cab?1182363839531
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader
      Control) -
      http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient
      Class) -
      http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags
      Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
      C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
      C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
      C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program
      Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) -
      Unknown owner - C:\Program Files\Adobe\Photoshop Elements
      3.0\PhotoshopElementsFileAgent.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program
      Files\Common Files\Apple\Mobile Device
      Support\bin\AppleMobileDeviceService.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program
      Files\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. -
      C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION -
      C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel
      Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
      Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program
      Files\iPod\bin\iPodService.exe
      O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) -
      Unknown owner - C:\Program Files\Norton Internet Security\Norton
      AntiVirus\navapsvc.exe (file missing)
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero
      BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common
      Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program
      Files\Eset\nod32krn.exe
      O23 - Service: Photoshop Elements Device Connect
      (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program
      Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) -
      Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) -
      Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA
      Corporation - C:\WINDOWS\system32\TODDSrv.exe

      Ik heb nu Internet Explorer een tijdje aanstaan en een beetje gesurft en ik zie nog geen rare dingen. Ik denk dat het werkt!


      Bedankt en groeten,
      Hans
      Last edited by hansvanloon; 07-04-08, 14:15. Reden: intussen kleine test gedaan

      Comment


      • #4
        Doe dit nog:

        Open een kladblokbestand.
        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

        @ECHO OFF
        IF EXIST log.txt DEL log.txt
        ECHO Deleting folders>>log.txt
        FOR %%I in (
        "C:\Documents and Settings\All Users\Application Data\live 64 math does") DO (
        IF EXIST %%I (
        RD /S /Q %%I
        IF EXIST %%I (
        ECHO %%I not deleted>>log.txt
        ) ELSE (
        ECHO %%I deleted>>log.txt)
        ) ELSE (
        ECHO %%I not found>>log.txt))
        START NOTEPAD.EXE log.txt

        Ga naar Bestand - Opslaan als.
        Bij "Opslaan in" kies je: Bureaublad
        Bij "Bestandsnaam" zet je: del.bat
        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
        Klik op de knop Opslaan.

        Dubbelklik op del.bat en post de inhoud van de logfile die opent.

        Comment


        • #5
          Hallo Smeenk,

          Hierbijde inhoud van de logfile:
          Deleting folders
          "C:\Documents and Settings\All Users\Application Data\live 64 math does"
          deleted

          Comment


          • #6
            Doe dit nog:
            Je Java software is verouderd.
            Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
            Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
            • Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
            • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
            • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
            • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
            • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
            • Herhaal dit tot alle oudere versies verdwenen zijn.
            • Na het verwijderen van alle oudere versies, herstart je pc.
            • Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Dan denk ik dat we klaar zijn

            Comment


            • #7
              Bedankt!!

              Comment


              • #8
                Graag gedaan hoor

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X