Mededeling

Collapse
No announcement yet.

POP ups etc antivirusscherm etc

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    POP ups etc antivirusscherm etc

    ls,

    heb sinds kort last van bovengenoemde popups en een zeer trage pc als gevolg daar van. ik runde ad aware. Hierna kreeg ik spybot al niet meer gedownload, mijn internet verbinding is op de een of andere manier geblokt zo lijkt het. Ik heb de log van hijack this ook toegevoegd.

    alvast bedankt voor de hulp

    ron

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:34:02, on 17-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    C:\WINDOWS\System32\UMonit.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\System32\locator.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\System32\tlntsvr.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\rundll32.exe
    c:\windows\system32\drivers\services.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero8\InCD\InCD.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Sitecom\Sitecom WL-115v2 Wireless LAN Card\Installer\WLANUTL.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe
    C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Documents and Settings\Ron\Desktop\HiJackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?sourceid=navclient&hl=nl&ie=UTF-8
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStart2Page/Portal/portal.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = host-148-244-150-52.block.alestra.net.mx:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\UMonit.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
    O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [CloneCDTray] "D:\clonecd\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
    O4 - HKLM\..\Run: [b8afd985] rundll32.exe "C:\WINDOWS\system32\prnytejn.dll",b
    O4 - HKLM\..\Run: [BMbb9cea19] Rundll32.exe "C:\WINDOWS\system32\swwochra.dll",s
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [Real Desktop] "C:\Program Files\Real Desktop\Real Desktop.exe"
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom WL-115v2 Wireless LAN Card\Installer\WLANUTL.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: McAfee Wi-FiScan - http://download.mcafee.com/molbin/iss-loc/mwfs/3.1.0.0/WscWlanScannerCtrl.cab
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/nl/win/QuickTimeFullInstaller.exe
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.73.77.59/activex/AxisCamControl.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp03.photoprintit.de/microsite/5/defaults/activex/XUpload.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{900A0920-959A-4988-B2FA-0087785D3CAA}: NameServer = 192.168.1.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/html - (no CLSID) - (no file)
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: Windows Services Control - FileZilla Project - c:\windows\system32\drivers\services.exe

    --
    End of file - 16646 bytes
    Labels: Geen
    • Citaat
  • #2
    Download Malwarebytes' Anti-Malware via hier of hier.

    Dubbelklik mbam-setup.exe om het programma te installeren.
    • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
    • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
    • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
    • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
    • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

    Extra opmerking:
    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
    • Citaat

    Comment

    • #3
      anti malware gedraaid, krijg nu legio meldingen na opstarten, dit zijn de gevraagde logs...

      Malwarebytes' Anti-Malware 1.12
      Database versie: 722

      Scan type: Snelle Scan
      Objecten gescand: 51327
      Verstreken tijd: 42 minute(s), 24 second(s)

      Geheugenprocessen geïnfecteerd: 1
      Geheugenmodulen geïnfecteerd: 4
      Registersleutels geïnfecteerd: 16
      Registerwaarden geïnfecteerd: 3
      Registerdata bestanden geïnfecteerd: 2
      Mappen geïnfecteerd: 0
      Bestanden geïnfecteerd: 11

      Geheugenprocessen geïnfecteerd:
      C:\WINDOWS\system32\drivers\services.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

      Geheugenmodulen geïnfecteerd:
      C:\WINDOWS\system32\cbXopnnk.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\mvusavpr.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\prnytejn.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\pmnoLbcY.dll (Trojan.Vundo) -> Unloaded module successfully.

      Registersleutels geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b92fb867-9158-46b0-8621-5fbe8b229ba3} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{b92fb867-9158-46b0-8621-5fbe8b229ba3} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Spyware.OnlineGames) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{2aa0726c-95b7-4216-aa43-b5bdd524892f} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2aa0726c-95b7-4216-aa43-b5bdd524892f} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnolbcy (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\windows services control (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\windows services control (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows services control (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

      Registerwaarden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b8afd985 (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMbb9cea19 (Trojan.Agent) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2aa0726c-95b7-4216-aa43-b5bdd524892f} (Trojan.Vundo) -> Delete on reboot.

      Registerdata bestanden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxopnnk -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxopnnk -> Delete on reboot.

      Mappen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Bestanden geïnfecteerd:
      C:\WINDOWS\system32\cbXopnnk.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\knnpoXbc.ini (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\knnpoXbc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\mvusavpr.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\rpvasuvm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\prnytejn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\njetynrp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\rrjgstix.dll (Trojan.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\pmnoLbcY.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\drivers\services.xml (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\drivers\services.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


      en de hijack this log

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:25:31, on 18-5-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\System32\UMonit.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Logitech\iTouch\iTouch.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
      C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
      C:\WINDOWS\system32\CTHELPER.EXE
      C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
      C:\WINDOWS\System32\CTsvcCDA.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
      C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\WINDOWS\SM1BG.EXE
      C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
      C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\WINDOWS\system32\IoctlSvc.exe
      C:\WINDOWS\System32\locator.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Google\Google Talk\googletalk.exe
      C:\WINDOWS\System32\tlntsvr.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\Program Files\Windows Media Player\WMPNetwk.exe
      C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
      C:\Program Files\Nero\Nero8\InCD\InCD.exe
      C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
      C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
      C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Sitecom\Sitecom WL-115v2 Wireless LAN Card\Installer\WLANUTL.exe
      C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
      C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
      C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Documents and Settings\Ron\Desktop\HiJackThis.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?sourceid=navclient&hl=nl&ie=UTF-8
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStart2Page/Portal/portal.html
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = host-148-244-150-52.block.alestra.net.mx:80
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
      O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
      O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - (no file)
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: {9040a9c5-c71d-65ba-6934-3a145158615a} - {a5168515-41a3-4396-ab56-d17c5c9a0409} - C:\WINDOWS\system32\jdsdmeby.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
      O2 - BHO: (no name) - {B92FB867-9158-46B0-8621-5FBE8B229BA3} - (no file)
      O2 - BHO: (no name) - {d4d0304e-c055-424a-aaa8-d0fcd282d404} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
      O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
      O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\UMonit.exe
      O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
      O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
      O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
      O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [CloneCDTray] "D:\clonecd\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
      O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
      O4 - HKCU\..\Run: [Real Desktop] "C:\Program Files\Real Desktop\Real Desktop.exe"
      O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
      O4 - Global Startup: BTTray.lnk = ?
      O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom WL-115v2 Wireless LAN Card\Installer\WLANUTL.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O15 - Trusted Zone: *.musicmatch.com
      O15 - Trusted Zone: *.musicmatch.com (HKLM)
      O16 - DPF: McAfee Wi-FiScan - http://download.mcafee.com/molbin/iss-loc/mwfs/3.1.0.0/WscWlanScannerCtrl.cab
      O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
      O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
      O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
      O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
      O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/nl/win/QuickTimeFullInstaller.exe
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
      O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
      O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.73.77.59/activex/AxisCamControl.cab
      O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
      O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp03.photoprintit.de/microsite/5/defaults/activex/XUpload.ocx
      O17 - HKLM\System\CCS\Services\Tcpip\..\{900A0920-959A-4988-B2FA-0087785D3CAA}: NameServer = 192.168.1.1
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O18 - Filter hijack: text/html - (no CLSID) - (no file)
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
      O20 - Winlogon Notify: pmnoLbcY - C:\WINDOWS\
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
      O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
      O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
      O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

      --
      End of file - 18050 bytes


      ben benieuwd...

      alvast bedankt

      Ron
      • Citaat

      Comment

      • #4
        TeaTimer van Spybot is actief, deze moet uitgeschakeld worden omdat deze wijzigingen met Hijackthis weer ongedaan gaat maken.

        Spybot openen > Modus > Geavanceerde modus > Gereedschap > Resident > TeaTimer uitschakelen > PC Herstarten

        Download het volgende naar je bureaublad:
        http://downloads.subratam.org/ResetTeaTimer.bat

        Dubbelklik daarna op ResetTeaTimer.bat.
        Dit zal de voorgaande items die je toegelaten hebt of geblokkeerd hebt via teatimer terug resetten.

        Start Hijackthis en vink alleen de volgende regels aan:
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStart2Page/Portal/portal.html
        R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
        O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - (no file)
        O2 - BHO: {9040a9c5-c71d-65ba-6934-3a145158615a} - {a5168515-41a3-4396-ab56-d17c5c9a0409} - C:\WINDOWS\system32\jdsdmeby.dll
        O2 - BHO: (no name) - {B92FB867-9158-46B0-8621-5FBE8B229BA3} - (no file)
        O2 - BHO: (no name) - {d4d0304e-c055-424a-aaa8-d0fcd282d404} - (no file)
        O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
        O18 - Filter hijack: text/html - (no CLSID) - (no file)
        O20 - Winlogon Notify: pmnoLbcY - C:\WINDOWS\
        Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

        Herstart je Computer.

        Post na de herstart een nieuw logje van Hijackthis
        • Citaat

        Comment

        • #5
          nog een logje

          hopelijk alles goed gedaan, dit is de nieuwe log

          groet,

          ron

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 8:28:46, on 19-5-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16640)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\csrss.exe
          C:\WINDOWS\SYSTEM32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
          C:\Program Files\Windows Defender\MsMpEng.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
          C:\WINDOWS\System32\CTsvcCDA.exe
          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
          C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\IoctlSvc.exe
          C:\WINDOWS\System32\locator.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\System32\tlntsvr.exe
          C:\WINDOWS\System32\MsPMSPSv.exe
          C:\Program Files\Windows Media Player\WMPNetwk.exe
          C:\WINDOWS\System32\alg.exe
          C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          C:\WINDOWS\System32\wbem\wmiprvse.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\System32\UMonit.exe
          C:\Program Files\Logitech\iTouch\iTouch.exe
          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
          C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
          C:\WINDOWS\system32\CTHELPER.EXE
          C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
          C:\WINDOWS\system32\rundll32.exe
          C:\Program Files\Logitech\MouseWare\system\em_exec.exe
          C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
          C:\WINDOWS\system32\RunDll32.exe
          C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
          C:\WINDOWS\SM1BG.EXE
          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
          C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
          C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
          C:\Program Files\DAEMON Tools\daemon.exe
          C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
          C:\Program Files\Windows Defender\MSASCui.exe
          C:\Program Files\Google\Google Talk\googletalk.exe
          C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\WINDOWS\system32\RUNDLL32.EXE
          C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
          C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
          C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
          C:\Program Files\Nero\Nero8\InCD\InCD.exe
          C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
          C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
          C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
          C:\PROGRA~1\MI3AA1~1\rapimgr.exe
          C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
          C:\Program Files\Google\Google Updater\GoogleUpdater.exe
          C:\Program Files\Sitecom\Sitecom WL-115v2 Wireless LAN Card\Installer\WLANUTL.exe
          C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
          C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
          C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
          C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
          C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
          C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
          C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
          C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
          C:\Documents and Settings\Ron\Desktop\HiJackThis.exe
          C:\WINDOWS\System32\wbem\wmiprvse.exe
          C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
          C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
          C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?sourceid=navclient&hl=nl&ie=UTF-8
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = host-148-244-150-52.block.alestra.net.mx:80
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
          O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
          O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
          O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\UMonit.exe
          O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
          O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
          O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
          O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
          O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
          O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
          O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
          O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
          O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
          O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
          O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
          O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
          O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
          O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
          O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
          O4 - HKLM\..\Run: [CloneCDTray] "D:\clonecd\CloneCDTray.exe" /s
          O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
          O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
          O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
          O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
          O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
          O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
          O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
          O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
          O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
          O4 - HKCU\..\Run: [Real Desktop] "C:\Program Files\Real Desktop\Real Desktop.exe"
          O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
          O4 - Global Startup: BTTray.lnk = ?
          O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
          O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
          O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom WL-115v2 Wireless LAN Card\Installer\WLANUTL.exe
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O15 - Trusted Zone: *.musicmatch.com
          O15 - Trusted Zone: *.musicmatch.com (HKLM)
          O16 - DPF: McAfee Wi-FiScan - http://download.mcafee.com/molbin/iss-loc/mwfs/3.1.0.0/WscWlanScannerCtrl.cab
          O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
          O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
          O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
          O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
          O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
          O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031024/qtinstall.info.apple.com/abarth/nl/win/QuickTimeFullInstaller.exe
          O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
          O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
          O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
          O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.73.77.59/activex/AxisCamControl.cab
          O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
          O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp03.photoprintit.de/microsite/5/defaults/activex/XUpload.ocx
          O17 - HKLM\System\CCS\Services\Tcpip\..\{900A0920-959A-4988-B2FA-0087785D3CAA}: NameServer = 192.168.1.1
          O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
          O18 - Filter hijack: text/html - (no CLSID) - (no file)
          O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
          O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
          O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
          O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
          O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
          O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
          O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
          O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
          O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
          O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
          O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
          O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
          O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
          O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
          O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

          --
          End of file - 17670 bytes
          • Citaat

          Comment

          • #6
            Ziet er toch al veel beter uit zo

            Download: RVAXO.exe
            • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
            • Start de computer in veilige modus.
            • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
              Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
            • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
            • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
              Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
            • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
            • Post de inhoud van de logfile in je volgende bericht.
            Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log
            • Citaat

            Comment

            • #7
              en nog mar eens een logje

              het is ongelofelijk dit.....

              wederom hoop ik dat het allemaal goed is gegan

              ron

              ---RVAXO.exe Updated: 2008-05-18---first run---
              Uninstallers:

              Files found:
              C:\WINDOWS\BMbb9cea19.xml
              C:\WINDOWS\BMbb9cea19.txt
              C:\WINDOWS\pskt.ini
              C:\WINDOWS\wininit.ini
              C:\WINDOWS\cookies.ini
              C:\WINDOWS\system32\packet.dll
              C:\WINDOWS\system32\wpcap.dll
              C:\WINDOWS\system32\clkcnt.txt
              C:\WINDOWS\system32\mcrh.tmp
              C:\Documents and Settings\Ron\Application Data\inst.exe
              C:\WINDOWS\system32\exec1.exe

              Folders Found:

              Hosts-file was reset, If you use a custom hosts file please replace it...

              --------------RVAXO.exe last run---------------
              Not deleted items:

              --------------RVAXO.exe finished----------------


              ======C:\WINDOWS====
              ----a-w 0 2008-05-19 07:40:19 C:\WINDOWS\0.log
              --s-a-w 2,048 2008-05-19 07:38:23 C:\WINDOWS\bootstat.dat
              ----a-w 440,675 2008-04-10 01:03:54 C:\WINDOWS\comsetup.log
              ----a-w 1,279,341 2008-04-10 01:03:54 C:\WINDOWS\FaxSetup.log
              ----a-w 1,552,342 2008-04-10 01:03:54 C:\WINDOWS\iis6.log
              ----a-w 1,374 2008-04-10 01:03:44 C:\WINDOWS\imsins.BAK
              ----a-w 1,374 2008-04-10 01:03:54 C:\WINDOWS\imsins.log
              ----a-w 20,114 2008-04-10 01:03:44 C:\WINDOWS\KB941693.log
              ----a-w 12,606 2008-04-10 01:01:07 C:\WINDOWS\KB945553.log
              ----a-w 20,642 2008-04-10 01:03:33 C:\WINDOWS\KB947864-IE7.log
              ----a-w 12,552 2008-04-10 01:02:56 C:\WINDOWS\KB948590.log
              ----a-w 15,362 2008-04-10 01:03:54 C:\WINDOWS\KB948881.log
              ----a-w 3,323 2008-05-13 18:45:30 C:\WINDOWS\KB950749.log
              ----a-w 91,871 2008-04-10 01:03:54 C:\WINDOWS\MedCtrOC.log
              ----a-w 65,036 2008-04-10 01:03:54 C:\WINDOWS\msgsocm.log
              ----a-w 423,966 2008-04-10 01:03:53 C:\WINDOWS\msmqinst.log
              ----a-w 202 2008-05-18 20:15:03 C:\WINDOWS\NeroDigital.ini
              ----a-w 225,129 2008-04-10 01:03:54 C:\WINDOWS\netfxocm.log
              ----a-w 272,272 2008-04-10 01:03:54 C:\WINDOWS\ntdtcsetup.log
              ----a-w 670,671 2008-04-10 01:03:54 C:\WINDOWS\ocgen.log
              ----a-w 68,860 2008-04-10 01:03:54 C:\WINDOWS\ocmsn.log
              ----a-w 1,409 2008-04-17 18:19:19 C:\WINDOWS\QTFont.for
              ---ha-w 54,156 2008-05-16 14:51:48 C:\WINDOWS\QTFont.qfn
              ----a-w 32,484 2008-05-19 07:26:39 C:\WINDOWS\SchedLgU.Txt
              ----a-w 473,876 2008-05-19 07:20:13 C:\WINDOWS\setupapi.log
              ----a-w 274 2008-05-19 07:36:40 C:\WINDOWS\system.ini
              ----a-w 62,964 2008-04-10 01:03:54 C:\WINDOWS\tabletoc.log
              ----a-w 609,834 2008-04-10 01:03:54 C:\WINDOWS\tsoc.log
              ----a-w 117,180 2008-04-10 01:03:22 C:\WINDOWS\updspapi.log
              ----a-w 159 2008-05-19 07:39:45 C:\WINDOWS\wiadebug.log
              ----a-w 49 2008-05-19 07:39:38 C:\WINDOWS\wiaservc.log
              ----a-w 922 2008-05-19 07:36:40 C:\WINDOWS\win.ini
              ----a-w 1,220,734 2008-05-19 07:26:37 C:\WINDOWS\WindowsUpdate.log

              Entries: 33 (31)
              Directories: 0 Files: 33
              Bytes: 7,753,801 Blocks: 15,159
              ======C:\WINDOWS\system32=====
              ----a-w 123,392 2008-05-13 20:22:15 C:\WINDOWS\System32\bahgrxse.dll
              --sh--w 1,074 2008-05-14 20:28:01 C:\WINDOWS\System32\cellirvn.ini
              ----a-w 123,456 2008-05-13 19:31:01 C:\WINDOWS\System32\duvdpsly.dll
              --sh--w 1,556,404 2008-05-14 20:35:07 C:\WINDOWS\System32\eglsklfd.ini
              --sh--w 1,505,070 2008-05-13 18:40:13 C:\WINDOWS\System32\eqpfhkxy.ini
              ----a-w 324,216 2008-04-10 01:11:35 C:\WINDOWS\System32\FNTCACHE.DAT
              ----a-w 133,632 2008-05-13 20:27:22 C:\WINDOWS\System32\gejxfqbn.dll
              --sh--w 1,469,306 2008-05-16 20:29:33 C:\WINDOWS\System32\gocsvfek.ini
              ----a-w 125,952 2008-05-15 20:24:20 C:\WINDOWS\System32\idbxmwic.dll
              ----a-w 133,120 2008-05-18 17:23:32 C:\WINDOWS\System32\jdsdmeby.dll
              ----a-w 6,300 2008-05-04 06:59:30 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
              ----a-w 297 2008-05-11 21:07:47 C:\WINDOWS\System32\MsiExec.exe.log
              ------w 117,248 2008-05-18 18:10:10 C:\WINDOWS\System32\mvusavpr.dll
              ----a-w 133,120 2008-05-14 20:27:23 C:\WINDOWS\System32\ofnorrdo.dll
              ----a-w 64,372 2008-04-12 01:04:08 C:\WINDOWS\System32\perfc009.dat
              ----a-w 409,232 2008-04-12 01:04:08 C:\WINDOWS\System32\perfh009.dat
              ----a-w 460,756 2008-04-12 01:04:08 C:\WINDOWS\System32\PerfStringBackup.INI
              ----a-w 133,696 2008-05-13 19:35:58 C:\WINDOWS\System32\pglmwkyd.dll
              ------w 124,928 2008-05-18 18:10:10 C:\WINDOWS\System32\rrjgstix.dll
              ----a-w 822,596 2008-05-18 09:59:44 C:\WINDOWS\System32\RVAXO.bat
              ----a-w 60,800 2008-05-16 14:46:29 C:\WINDOWS\System32\S32EVNT1.DLL
              ----a-w 125,952 2008-05-16 20:25:42 C:\WINDOWS\System32\swwochra.dll
              --sh--w 414 2008-05-13 20:18:50 C:\WINDOWS\System32\tfviutpa.ini
              ----a-w 8,442 2008-05-19 07:40:16 C:\WINDOWS\System32\TVersityMediaServer.log
              ----a-w 2,262 2008-05-19 07:40:55 C:\WINDOWS\System32\wpa.dbl
              ----a-w 133,120 2008-05-15 20:33:20 C:\WINDOWS\System32\xnostbfr.dll
              ----a-w 133,632 2008-05-13 18:43:23 C:\WINDOWS\System32\ywpefavv.dll

              Entries: 27 (22)
              Directories: 0 Files: 27
              Bytes: 8,232,789 Blocks: 16,088
              ======C:\WINDOWS\system32\drivers=====
              ----a-w 15,864 2008-05-05 18:46:32 C:\WINDOWS\System32\drivers\mbam.sys
              ----a-w 27,048 2008-05-05 18:46:36 C:\WINDOWS\System32\drivers\mbamcatchme.sys
              ----a-w 28,352 2008-05-13 18:41:13 C:\WINDOWS\System32\drivers\MxlW2k.sys
              ----a-w 10,545 2008-04-21 11:52:36 C:\WINDOWS\System32\drivers\srtsp.cat
              ----a-w 1,415 2008-04-21 11:52:36 C:\WINDOWS\System32\drivers\srtsp.inf
              ----a-w 279,088 2008-04-21 11:52:36 C:\WINDOWS\System32\drivers\srtsp.sys
              ----a-w 10,549 2008-04-21 11:52:36 C:\WINDOWS\System32\drivers\srtspl.cat
              ----a-w 1,430 2008-04-21 11:52:36 C:\WINDOWS\System32\drivers\srtspl.inf
              ----a-w 317,616 2008-04-21 11:52:38 C:\WINDOWS\System32\drivers\srtspl.sys
              ----a-w 10,549 2008-04-21 11:52:38 C:\WINDOWS\System32\drivers\srtspx.cat
              ----a-w 1,421 2008-04-21 11:52:38 C:\WINDOWS\System32\drivers\srtspx.inf
              ----a-w 43,696 2008-04-21 11:52:38 C:\WINDOWS\System32\drivers\srtspx.sys
              ----a-w 10,740 2008-05-16 14:46:30 C:\WINDOWS\System32\drivers\SYMEVENT.CAT
              ----a-w 805 2008-05-16 14:46:29 C:\WINDOWS\System32\drivers\SYMEVENT.INF
              ----a-w 123,952 2008-05-16 14:46:29 C:\WINDOWS\System32\drivers\SYMEVENT.SYS

              Entries: 15 (15)
              Directories: 0 Files: 15
              Bytes: 883,070 Blocks: 1,731
              =======C:\Program Files=====
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              =======C:=====
              --sh--r 389 2008-05-19 07:36:40 C:\boot.ini
              ----a-w 556 2008-05-19 07:36:38 C:\firstrun6.log
              ----a-w 290 2008-04-10 19:12:10 C:\fox.log
              --sha-w 2,145,386,496 2008-05-19 07:38:11 C:\pagefile.sys
              ----a-w 691 2008-05-19 07:41:14 C:\RVAXO-results.log
              ----a-w 6,563 2008-05-19 07:41:15 C:\RVAXO-Vfind.log

              Entries: 6 (4)
              Directories: 0 Files: 6
              Bytes: 2,145,394,985 Blocks: 4,190,227
              ======C:\Documents and Settings\Ron\Application Data======
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              ======C:\Documents and Settings\Ron======
              ----a-w 1,024 2008-05-11 21:01:54 C:\Documents and Settings\Ron\.rnd
              ----a-w 91 2008-05-16 17:49:44 C:\Documents and Settings\Ron\default.pls
              ----a-w 12,582,912 2008-05-19 07:37:01 C:\Documents and Settings\Ron\NTUSER.DAT
              ---ha-w 98,304 2008-05-19 07:41:03 C:\Documents and Settings\Ron\NTUSER.DAT.LOG
              --sh--w 278 2008-05-19 07:26:36 C:\Documents and Settings\Ron\ntuser.ini

              Entries: 5 (3)
              Directories: 0 Files: 5
              Bytes: 12,682,609 Blocks: 24,772
              ======C:\WINDOWS\Downloaded Program Files====
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              =============
              • Citaat

              Comment

              • #8
                Open een kladblokbestand.
                Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                @ECHO OFF
                IF EXIST log.txt DEL log.txt
                ECHO Deleting files>>log.txt
                FOR %%g in (
                C:\WINDOWS\System32\bahgrxse.dll
                C:\WINDOWS\System32\cellirvn.ini
                C:\WINDOWS\System32\duvdpsly.dll
                C:\WINDOWS\System32\eglsklfd.ini
                C:\WINDOWS\System32\eqpfhkxy.ini
                C:\WINDOWS\System32\gejxfqbn.dll
                C:\WINDOWS\System32\gocsvfek.ini
                C:\WINDOWS\System32\idbxmwic.dll
                C:\WINDOWS\System32\jdsdmeby.dll
                C:\WINDOWS\System32\mvusavpr.dll
                C:\WINDOWS\System32\ofnorrdo.dll
                C:\WINDOWS\System32\pglmwkyd.dll
                C:\WINDOWS\System32\rrjgstix.dll
                C:\WINDOWS\System32\swwochra.dll
                C:\WINDOWS\System32\tfviutpa.ini
                C:\WINDOWS\System32\xnostbfr.dll
                C:\WINDOWS\System32\ywpefavv.dll) DO (
                DEL /Q %%gNUCIA
                IF EXIST %%g (
                ATTRIB -r -s -h %%g
                DEL %%g
                REN %%g *NUCIA
                IF EXIST %%gNUCIA (
                ECHO renamed to %%gNUCIA>>log.txt)
                IF EXIST %%g (
                ECHO %%g not deleted>>log.txt
                ) ELSE (
                ECHO %%g deleted>>log.txt)
                ) ELSE (
                ECHO %%g not found>>log.txt))
                START NOTEPAD.EXE log.txt

                Ga naar Bestand - Opslaan als.
                Bij "Opslaan in" kies je: Bureaublad
                Bij "Bestandsnaam" zet je: del.bat
                Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                Klik op de knop Opslaan.

                Dubbelklik op del.bat en post de inhoud van de logfile die opent.
                • Citaat

                Comment

                • #9
                  daar is ie weer het logje

                  Deleting files
                  C:\WINDOWS\System32\bahgrxse.dll deleted
                  C:\WINDOWS\System32\cellirvn.ini deleted
                  C:\WINDOWS\System32\duvdpsly.dll deleted
                  C:\WINDOWS\System32\eglsklfd.ini deleted
                  C:\WINDOWS\System32\eqpfhkxy.ini deleted
                  C:\WINDOWS\System32\gejxfqbn.dll deleted
                  C:\WINDOWS\System32\gocsvfek.ini deleted
                  C:\WINDOWS\System32\idbxmwic.dll deleted
                  C:\WINDOWS\System32\jdsdmeby.dll deleted
                  C:\WINDOWS\System32\mvusavpr.dll deleted
                  C:\WINDOWS\System32\ofnorrdo.dll deleted
                  C:\WINDOWS\System32\pglmwkyd.dll deleted
                  C:\WINDOWS\System32\rrjgstix.dll deleted
                  C:\WINDOWS\System32\swwochra.dll deleted
                  C:\WINDOWS\System32\tfviutpa.ini deleted
                  C:\WINDOWS\System32\xnostbfr.dll deleted
                  C:\WINDOWS\System32\ywpefavv.dll deleted
                  • Citaat

                  Comment

                  • #10
                    Doe dit nog:

                    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                    Kijk hier hoe je je systeemherstel moet uitschakelen.
                    Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                    Dan denk ik dat we klaar zijn
                    • Citaat

                    Comment

                    • #11
                      zonder log

                      ik heb echt geen idee wat er allemaal is gebeurt, geeft ook niet,

                      ENORM BEDANKT

                      ron
                      • Citaat

                      Comment

                      • #12
                        Graag gedaan hoor
                        • Citaat

                        Comment

                        Vorige template Volgende
                        Sorry, you are not authorized to view this page
                        Working...
                        X