Mededeling

Collapse
No announcement yet.

winspyware

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • winspyware

    hoi, ik heb sinds2 dagen last van pop-ups van WINspyware, die mij de hele tijd verteld dat ik een stuk of 10 trojans op mn computer heb zitten.
    tijdens het zoeken naar sites via google krijg ik steeds deze melding:
    Insecure Internet activity. Threat of virus attack
    Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
    Also insecure Internet activity can result in revealing your personal information.
    To get full advanced real-time protection for PC and Internet activity, register WinSpywareProtect.
    We recommend you to protect your PC now and continue safe Internet browsing.
    Click here to get full advanced real-time protection and continue browsing.
    Continue to this website unprotected (not recommended).
    mijn virusscanner is AVG Free edition 8.0 en zodra ik op de site van winspyware wil kijken slaat die op tilt dat de site niet veilig is.

    vandaag tijdens het spelen van een online spel kreeg ik de melding dat: explorer.exe uitgevallen is en moet wordne afgesloten samen met nog een ander belangrijke taak in mn computer.

    mn HJT log:
    Logfile of HijackThis v1.99.1
    Scan saved at 15:19:50, on 24-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\iTunesHelper.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\Xfire\xfire.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hjt\aaa.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = WINDOWS INTERNET EXPLORER G0T 0WNED BY !ME! MUAHA
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: PrxPrx - {a4defe34-1ca4-480b-bc00-516e66be537d} - C:\WINDOWS\Resources\PrxPrx.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

    wat ik ook graag zou willen weten is of die meldingen die winspywareprotect geeft over mogelijke trojans kloppen.

    bij voorbaat dank
    Last edited by Imobilizer; 24-05-08, 16:20.

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      ---RVAXO.exe Updated: 2008-05-21---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\system32\ctfmona.exe
      C:\WINDOWS\system32\ctfmonb.bmp
      C:\WINDOWS\system32\blackster.scr
      C:\Program Files\antiviirus.exe
      C:\Program Files\tmp0.exe
      C:\Program Files\tmp1.exe
      C:\Program Files\tmp2.exe
      C:\WINDOWS\system32\actskn45.ocx

      Folders Found:
      C:\WINDOWS\System32\818646

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------

      deckards system scanner word nu gedownload >>>>

      Comment


      • #4
        main.txt:

        Deckard's System Scanner v20071014.68
        Run by raymond on 2008-05-24 17:08:44
        Computer is in Normal Mode.
        --------------------------------------------------------------------------------

        -- System Restore --------------------------------------------------------------



        -- Last 4 Restore Point(s) --
        4: 2008-05-24 15:04:37 UTC - RP360 - Deckard's System Scanner Restore Point
        3: 2008-05-24 09:05:41 UTC - RP359 - Installed AVG Free 8.0
        2: 2008-05-23 14:08:55 UTC - RP358 - Last good restore point
        1: 2008-05-23 14:08:47 UTC - RP357 - Controlepunt van systeem


        Backed up registry hives.
        Performed disk cleanup.



        -- HijackThis (run as raymond.exe) ---------------------------------------------

        Logfile of HijackThis v1.99.1
        Scan saved at 17:10:37, on 24-5-2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16640)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        C:\Program Files\SPAMfighter\SFAgent.exe
        C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\WINDOWS\ATKKBService.exe
        C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
        D:\Program Files\iTunesHelper.exe
        C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
        C:\PROGRA~1\AVG\AVG8\avgtray.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\WINDOWS\system32\PnkBstrA.exe
        C:\WINDOWS\system32\PnkBstrB.exe
        C:\Program Files\DNA\btdna.exe
        C:\Program Files\SPAMfighter\sfus.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
        C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
        C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe
        C:\PROGRA~1\AVG\AVG8\avgrsx.exe
        C:\WINDOWS\system32\msiexec.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Documents and Settings\raymond\Bureaublad\dss.exe
        C:\hjt\raymond.exe

        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = WINDOWS INTERNET EXPLORER G0T 0WNED BY !ME! MUAHA
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
        O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
        O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
        O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
        O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunesHelper.exe"
        O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
        O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
        O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
        O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
        O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
        O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
        O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
        O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
        O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O11 - Options group: [INTERNATIONAL] International*
        O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
        O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
        O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
        O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
        O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
        O20 - AppInit_DLLs: avgrsstx.dll
        O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
        O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
        O21 - SSODL: PrxPrx - {a4defe34-1ca4-480b-bc00-516e66be537d} - C:\WINDOWS\Resources\PrxPrx.dll
        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
        O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
        O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
        O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe


        -- File Associations -----------------------------------------------------------

        All associations okay.


        -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

        R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
        R1 StarOpen - c:\windows\system32\drivers\staropen.sys
        R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
        R3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

        S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
        S3 SCREAMINGBDRIVER (Screaming Bee Audio) - c:\windows\system32\drivers\screamingbaudio.sys (file missing)


        -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

        R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
        R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>


        -- Device Manager: Disabled ----------------------------------------------------

        Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
        Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
        Device ID: PCI\VEN_10EC&DEV_8169&SUBSYS_037C1462&REV_10\4&1F7DBC9F&0&68F0
        Manufacturer: Realtek Semiconductor Corp.
        Name: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
        PNP Device ID: PCI\VEN_10EC&DEV_8169&SUBSYS_037C1462&REV_10\4&1F7DBC9F&0&68F0
        Service: RTL8023xp


        -- Scheduled Tasks -------------------------------------------------------------

        2008-05-24 16:39:11 444 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
        2008-05-24 16:31:06 260 --a------ C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job
        2008-05-23 17:15:00 394 --a------ C:\WINDOWS\Tasks\Easy Onderhoud.job
        2008-05-23 15:00:00 414 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
        2008-05-22 16:21:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
        2008-03-20 06:43:10 378 --a------ C:\WINDOWS\Tasks\RegCure.job
        2008-03-20 04:30:00 416 --a------ C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job
        2007-09-21 11:16:18 432 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
        2007-09-11 10:17:14 270 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
        2007-09-03 20:06:57 344 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job


        -- Files created between 2008-04-24 and 2008-05-24 -----------------------------

        2008-05-24 16:52:42 0 d-------- C:\RVAXO
        2008-05-24 16:45:50 826539 --a------ C:\WINDOWS\system32\RVAXO.bat
        2008-05-24 16:45:50 69632 --a------ C:\WINDOWS\system32\remove.exe
        2008-05-24 16:42:21 0 d-------- C:\WINDOWS\pss
        2008-05-24 15:55:08 0 d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
        2008-05-24 15:54:53 0 d-------- C:\Program Files\PCPitstop
        2008-05-24 15:19:01 0 d-------- C:\hjt
        2008-05-24 13:37:34 0 d--h----- C:\$AVG8.VAULT$
        2008-05-24 11:06:15 0 d-------- C:\WINDOWS\system32\drivers\Avg
        2008-05-24 11:06:11 0 d-------- C:\Program Files\AVG
        2008-05-24 11:06:10 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
        2008-05-23 17:10:16 62910 --a------ C:\Program Files\Uninstall.exe <Not Verified; $PROGRAMNAME; $PROGRAMNAME>
        2008-05-23 17:10:16 0 --a------ C:\Program Files\uninstall.dat
        2008-05-23 16:07:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
        2008-05-20 15:28:52 0 d-------- C:\Program Files\VirtualDJ
        2008-04-30 13:01:21 0 d-------- C:\WINDOWS\A5W_DATA
        2008-04-30 13:00:53 415504 --a------ C:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
        2008-04-30 13:00:53 182784 --a------ C:\WINDOWS\system32\ddao35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
        2008-04-30 13:00:49 0 d-------- C:\Program Files\Davilex
        2008-04-26 16:10:29 0 d--h----- C:\WINDOWS\PIF


        -- Find3M Report ---------------------------------------------------------------

        2008-05-24 17:07:42 0 d-------- C:\Program Files\SPAMfighter
        2008-05-24 17:07:30 0 d-------- C:\Documents and Settings\raymond\Application Data\Skype
        2008-05-24 17:07:14 0 d-------- C:\Documents and Settings\raymond\Application Data\skypePM
        2008-05-24 16:57:37 0 d-------- C:\Documents and Settings\raymond\Application Data\DNA
        2008-05-24 15:38:33 0 d-------- C:\Documents and Settings\raymond\Application Data\Xfire
        2008-05-24 09:56:03 530240 --a------ C:\WINDOWS\system32\perfh013.dat
        2008-05-24 09:56:03 99736 --a------ C:\WINDOWS\system32\perfc013.dat
        2008-05-24 08:00:05 0 d-------- C:\Documents and Settings\raymond\Application Data\AVG7
        2008-05-21 18:01:01 0 d-------- C:\Documents and Settings\raymond\Application Data\LimeWire
        2008-05-03 17:19:29 0 d-------- C:\Documents and Settings\raymond\Application Data\Hamachi
        2008-05-02 20:20:43 0 d-------- C:\Program Files\LimeWire
        2008-04-30 19:01:53 0 d-------- C:\Program Files\Microsoft Silverlight
        2008-04-21 18:41:33 0 d-------- C:\Program Files\Safari
        2008-04-21 18:40:04 0 d-------- C:\Program Files\Apple Software Update
        2008-04-16 08:01:11 0 d-------- C:\Program Files\Java
        2008-04-14 15:52:41 0 d-------- C:\Program Files\Sony
        2008-04-14 15:47:05 0 d-------- C:\Program Files\Microsoft SQL Server
        2008-04-14 15:46:46 0 d-------- C:\Documents and Settings\raymond\Application Data\Sony
        2008-04-14 15:43:47 0 d-------- C:\Program Files\Sony Setup
        2008-04-14 15:40:33 0 d-------- C:\Program Files\Electronic Arts
        2008-04-14 15:38:30 0 d-------- C:\Program Files\The Sir. Community
        2008-04-10 18:48:42 229 --a------ C:\Program Files\desktop.ini
        2008-04-10 18:42:37 2731 --a------ C:\Program Files\hawaii1.jpg
        2008-04-07 17:26:00 0 d--h----- C:\Program Files\InstallShield Installation Information
        2008-04-07 17:17:56 0 d-------- C:\Documents and Settings\raymond\Application Data\TeamViewer
        2008-04-06 14:27:09 14920 --ah----- C:\WINDOWS\system32\mlfcache.dat
        2008-04-06 14:01:57 0 d-------- C:\Documents and Settings\raymond\Application Data\Apple Computer
        2008-04-06 13:20:06 0 d-------- C:\Program Files\iPod
        2008-04-06 13:18:29 0 d-------- C:\Program Files\QuickTime
        2008-04-03 16:48:06 0 d-------- C:\Documents and Settings\raymond\Application Data\BitTorrent
        2008-04-03 16:41:40 0 d-------- C:\Program Files\DNA
        2008-03-27 16:59:56 0 d-------- C:\Documents and Settings\raymond\Application Data\Real


        -- Registry Dump ---------------------------------------------------------------

        *Note* empty entries & legit default entries are not shown


        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54192079-8E8A-43D8-BCBC-3874916159AF}]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 11:50]
        "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [31-10-2003 19:42]
        "SoundMan"="SOUNDMAN.EXE" [16-09-2004 14:39 C:\WINDOWS\SOUNDMAN.EXE]
        "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [24-05-2005 21:05]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
        "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11-03-2007 22:34]
        "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [02-01-2008 18:03]
        "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 23:16]
        "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12-03-2008 21:44]
        "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28-03-2008 23:37]
        "iTunesHelper"="D:\Program Files\iTunesHelper.exe" [30-03-2008 10:36]
        "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [24-05-2008 11:06]
        "PC Pitstop Optimize2 Reminder"="C:\Program Files\PCPitstop\Optimize2\Reminder.exe" [31-01-2008 13:54]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 14:00]
        "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18-10-2007 12:34]
        "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [01-02-2008 18:22]
        "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [08-05-2008 10:10]

        C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
        Gigaset WLAN Adapter Monitor.lnk - C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe [6-7-2007 8:17:01]
        Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [17-12-2002 17:23:32]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
        "PrxPrx"= {a4defe34-1ca4-480b-bc00-516e66be537d} - C:\WINDOWS\Resources\PrxPrx.dll [24-05-2008 07:41 14886]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
        "appinit_dlls"=avgrsstx.dll

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
        @="Service"

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
        hpdevmgmt hpqcxs08

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
        UxTuneUp




        -- End of Deckard's System Scanner: finished at 2008-05-24 17:11:14 ------------

        Comment


        • #5
          Open een kladblokbestand.
          Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

          @ECHO OFF
          IF EXIST log.txt DEL log.txt
          ECHO Deleting files>>log.txt
          FOR %%g in (
          C:\WINDOWS\Resources\PrxPrx.dll) DO (
          DEL /Q %%gNUCIA
          IF EXIST %%g (
          ATTRIB -r -s -h %%g
          DEL %%g
          REN %%g *NUCIA
          IF EXIST %%gNUCIA (
          ECHO renamed to %%gNUCIA>>log.txt)
          IF EXIST %%g (
          ECHO %%g not deleted>>log.txt
          ) ELSE (
          ECHO %%g deleted>>log.txt)
          ) ELSE (
          ECHO %%g not found>>log.txt))
          START NOTEPAD.EXE log.txt

          Ga naar Bestand - Opslaan als.
          Bij "Opslaan in" kies je: Bureaublad
          Bij "Bestandsnaam" zet je: del.bat
          Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
          Klik op de knop Opslaan.

          Dubbelklik op del.bat en post de inhoud van de logfile die opent.

          Comment


          • #6
            Deleting files
            renamed to C:\WINDOWS\Resources\PrxPrx.dllNUCIA
            C:\WINDOWS\Resources\PrxPrx.dll deleted

            btw. een bestand in mijn C schijf is ong 100 keer gekopieerd, die lijkt mij niet echt een goed teken, ik kan er naast zitten, maar dat lijkt mij niet echt goed..
            Last edited by Imobilizer; 24-05-08, 18:05.

            Comment


            • #7
              Herstart je computer.

              Dubbelklik na de herstart nog een keer op del.bat

              Start Hijackthis en vink alleen de volgende regel aan:
              O21 - SSODL: PrxPrx - {a4defe34-1ca4-480b-bc00-516e66be537d} - C:\WINDOWS\Resources\PrxPrx.dll
              Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

              Post nu een nieuw logje van Hijackthis ter controle en vertel of er nog problemen zijn

              Comment


              • #8
                Logfile of HijackThis v1.99.1
                Scan saved at 18:26:33, on 24-5-2008
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v7.00 (7.00.6000.16640)

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\Ati2evxx.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\WINDOWS\system32\Ati2evxx.exe
                C:\WINDOWS\Explorer.EXE
                C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                C:\WINDOWS\ATKKBService.exe
                C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
                C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
                C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                C:\WINDOWS\SOUNDMAN.EXE
                C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                C:\Program Files\SPAMfighter\SFAgent.exe
                C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                D:\Program Files\iTunesHelper.exe
                C:\PROGRA~1\AVG\AVG8\avgtray.exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\WINDOWS\system32\PnkBstrA.exe
                C:\WINDOWS\system32\PnkBstrB.exe
                C:\Program Files\SPAMfighter\sfus.exe
                C:\WINDOWS\system32\svchost.exe
                C:\Program Files\DNA\btdna.exe
                C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
                C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
                C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe
                C:\PROGRA~1\AVG\AVG8\avgrsx.exe
                C:\Program Files\iPod\bin\iPodService.exe
                C:\WINDOWS\system32\notepad.exe
                C:\Program Files\Internet Explorer\iexplore.exe
                C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                C:\hjt\raymond.exe

                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = WINDOWS INTERNET EXPLORER G0T 0WNED BY !ME! MUAHA
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
                O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
                O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunesHelper.exe"
                O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
                O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
                O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
                O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
                O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
                O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
                O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
                O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
                O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O11 - Options group: [INTERNATIONAL] International*
                O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
                O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
                O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
                O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
                O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
                O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
                O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
                O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                O20 - AppInit_DLLs: avgrsstx.dll
                O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
                O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
                O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
                O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
                O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
                O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
                O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

                en ik héb nog wat problemen ja:
                in mijn C: schijf zijn deze bestanden er zomaar bijgekomen:
                -Recycler
                -$AVG8.VAULT$
                -AUTOEXEC.BAT
                -CONFIG.SYS
                -MSDOS.SYS
                -NTDETECT.COM
                -pagefyle.SYS
                -Confic.MSI
                -IO.SYS'
                -ntldr

                in Documents and Settings:
                -Localservice
                -DEfault User (waar nog meer vreemde bestanden in zitten)
                -Networkservice

                C:\Windows map
                $NtUninstallKB914388$ (iets van 50 keer die o.0)

                ze zijn ook allemaal lichtelijk doorzichtig deze mappen, is dit normaal of zijn dat nog dingen van winspyware?

                voor de rest geen problemen trouwens

                Comment


                • #9
                  Verborgen bestanden en mappen worden weergegeven.
                  Kijk hier voor info: http://users.pandora.be/marcvn/spyware/1117602.htm
                  De truc is om precies de tegenovergestelde bewerking te doen dan die op de website vermeld staat, dan zullen die rare halfdoorzichtige icoontjes weer verdwijnen

                  Comment


                  • #10
                    dankjewel voor jullie snelle reacties, ik heb geen problemen meer met de WINspyware pop-ups.

                    nogmaals bedankt voor jullie snelle reacties

                    Comment


                    • #11
                      Graag gedaan hoor

                      Het logje ziet er ook weer prima uit

                      Doe dit nog:

                      Download ATF cleaner (mirror)(gemaakt door Atribune)

                      Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                      Dubbelklik op ATF cleaner om het programma te starten.
                      Op het tabblad "Main", plaats je een vinkje bij Select All.
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook FireFox als browser hebt:
                      Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                      Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook Opera als browser hebt:
                      Klik op tabblad "Opera", plaats een vinkje bij Select All.
                      Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      Klik op de knop Empty Selected.
                      Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                      Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                      Kijk hier hoe je je systeemherstel moet uitschakelen.
                      Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                      Dan denk ik dat alles weer OK is.

                      Groeten smeenk

                      Comment


                      • #12
                        alles is opgelost, uiterst handige site dit zeer aan te raden, moeilijkheidsgraad erg slim bedacht, ik hoefde nergens mee te klooien of te doen

                        hier kan een slotje op van mij

                        Comment


                        • #13
                          Mooi zo

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X