Mededeling

Collapse
No announcement yet.

probleempje

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • probleempje

    Ik heb de laatste tijd last van ctfmon.exe. Ik heb dit geprobeerd via Hijackthis en regcleaner weg te halen maar dat heeft niks geholpen. Norton ziet hem niet :P

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:39:23, on 25-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\perfs.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\routing.exe
    C:\WINDOWS\system32\wserving.exe
    C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\afinding.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
    O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe

    --
    End of file - 8818 bytes

    welke hoort hier niet bij? Alvast bedankt

  • #2
    Deckard's System Scanner v20071014.68
    Run by Slackerr on 2008-05-25 11:49:37
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    94: 2008-05-25 09:49:43 UTC - RP94 - Deckard's System Scanner Restore Point
    93: 2008-05-24 09:56:55 UTC - RP93 - Controlepunt van systeem
    92: 2008-05-22 19:00:38 UTC - RP92 - Controlepunt van systeem
    91: 2008-05-21 18:41:19 UTC - RP91 - Controlepunt van systeem
    90: 2008-05-20 18:26:39 UTC - RP90 - Controlepunt van systeem


    -- First Restore Point --
    1: 2008-04-02 01:06:33 UTC - RP1 - Controlepunt van systeem


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Slackerr.exe) --------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:52:17, on 25-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
    C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\perfs.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\routing.exe
    C:\WINDOWS\system32\wserving.exe
    C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Documents and Settings\Slackerr\Bureaublad\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Slackerr.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
    O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe

    --
    End of file - 9001 bytes

    -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

    backup-20080521-113612-613 O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
    backup-20080521-113751-189 O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    backup-20080521-113751-315 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    backup-20080521-113751-367 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    backup-20080521-113751-456 O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
    backup-20080521-113751-490 O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    backup-20080525-003655-238 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    backup-20080525-003655-376 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    backup-20080525-003655-597 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    backup-20080525-003655-680 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 mv61xx - c:\windows\system32\drivers\mv61xx.sys <Not Verified; Marvell Semiconductor, Inc.; Marvell Thor and Odin>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 Bonjour Service (Bonjour-service) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
    R2 Marvell RAID (Marvell RAID Event Agent) - c:\program files\marvell\61xx\svc\mvraidsvc.exe <Not Verified; ; mvraidsvc Application>
    R2 MRUWebService (MRU Web Service) - "c:\program files\marvell\61xx\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
    R2 perfmons (perfmons Service) - c:\windows\system32\perfs.exe
    R2 Routing (Routing Service) - c:\windows\system32\routing.exe
    R2 WServing (WServing Service) - c:\windows\system32\wserving.exe

    S2 AFinding (AFinding Service) - c:\windows\system32\afinding.exe
    S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
    Description: Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord
    Device ID: ACPI\PNP0303\4&1400782C&0
    Manufacturer: (standaardtoetsenbord)
    Name: Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord
    PNP Device ID: ACPI\PNP0303\4&1400782C&0
    Service: i8042prt


    -- Scheduled Tasks -------------------------------------------------------------

    2008-05-23 23:52:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2008-05-19 21:10:14 628 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Slackerr.job


    -- Files created between 2008-04-25 and 2008-05-25 -----------------------------

    2008-05-24 00:05:16 0 d-------- C:\Program Files\RegCleaner
    2008-05-21 11:35:42 0 d-------- C:\Program Files\Trend Micro
    2008-05-11 22:35:02 0 d-------- C:\Program Files\Lavasoft
    2008-05-11 22:35:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-05-11 22:31:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-05-01 16:54:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-04-27 22:14:34 0 d-------- C:\Documents and Settings\Slackerr\Application Data\vlc
    2008-04-27 22:12:40 0 d-------- C:\Program Files\VideoLAN
    2008-04-27 17:09:56 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-04-27 13:31:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-04-27 13:10:26 0 d-------- C:\Program Files\Common Files\Macrovision Shared
    2008-04-27 12:52:12 0 d-------- C:\Program Files\Common Files\Adobe


    -- Find3M Report ---------------------------------------------------------------

    2008-05-25 11:51:23 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-05-25 11:21:49 9 --a------ C:\WINDOWS\mvraidver.dat
    2008-05-24 20:03:04 0 d-------- C:\Documents and Settings\Slackerr\Application Data\LimeWirePlus
    2008-05-23 14:16:16 0 d-------- C:\Documents and Settings\Slackerr\Application Data\Adobe
    2008-05-21 12:34:58 0 d-------- C:\Documents and Settings\Slackerr\Application Data\uTorrent
    2008-05-20 11:30:48 0 d-------- C:\Program Files\Windows Live Safety Center
    2008-05-19 14:00:18 295424 --a------ C:\WINDOWS\system32\andt.sys
    2008-05-11 22:31:50 0 d-------- C:\Program Files\Common Files
    2008-04-16 14:29:28 367548 --a------ C:\WINDOWS\system32\perfh013.dat
    2008-04-16 14:29:28 54496 --a------ C:\WINDOWS\system32\perfc013.dat
    2008-04-14 22:31:40 0 d-------- C:\Documents and Settings\Slackerr\Application Data\Apple Computer
    2008-04-11 20:04:46 0 d-------- C:\Documents and Settings\Slackerr\Application Data\Macromedia
    2008-04-11 20:03:34 681 --a------ C:\WINDOWS\mozver.dat
    2008-04-08 22:59:09 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-04-08 22:42:32 0 d-------- C:\Documents and Settings\Slackerr\Application Data\Sun
    2008-04-08 19:54:14 0 d-------- C:\Program Files\Hewlett-Packard
    2008-04-08 19:53:44 0 d-------- C:\Program Files\hp deskjet 5550 series
    2008-04-08 14:08:04 40 --a------ C:\WINDOWS\system32\drmgs.sys
    2008-04-07 23:24:29 0 d-------- C:\Program Files\Activision
    2008-04-07 22:39:35 0 d-------- C:\Documents and Settings\Slackerr\Application Data\WinRAR
    2008-04-04 17:59:50 0 d-------- C:\Program Files\Norton Internet Security
    2008-04-04 17:54:14 0 d-------- C:\Program Files\Symantec
    2008-04-04 17:08:01 0 d-------- C:\Program Files\Windows Live
    2008-04-04 17:06:23 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-04-03 22:38:07 0 d-------- C:\Program Files\Messenger
    2008-04-03 00:34:17 0 d-------- C:\Program Files\Microsoft Works
    2008-04-03 00:34:00 0 d-------- C:\Program Files\MSBuild
    2008-04-02 23:31:57 0 d-------- C:\Program Files\uTorrent
    2008-04-02 23:29:50 0 d-------- C:\Documents and Settings\Slackerr\Application Data\Microsoft Web Folders
    2008-04-02 23:12:50 0 d-------- C:\Program Files\LimewirePlus
    2008-04-02 22:05:15 0 d-------- C:\Program Files\LimeWire Plus
    2008-04-02 22:04:21 0 d-------- C:\Program Files\Java
    2008-04-02 22:03:29 0 d-------- C:\Program Files\Common Files\Java
    2008-04-02 21:51:42 0 d-------- C:\Program Files\iTunes
    2008-04-02 21:51:25 0 d-------- C:\Program Files\iPod
    2008-04-02 21:51:09 0 d-------- C:\Program Files\Bonjour
    2008-04-02 21:51:03 0 d-------- C:\Program Files\QuickTime
    2008-04-02 21:50:16 0 d-------- C:\Program Files\Apple Software Update
    2008-04-02 21:49:51 0 d-------- C:\Program Files\Common Files\Apple
    2008-04-02 21:40:59 0 d-------- C:\Program Files\Realtek
    2008-04-02 21:40:55 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
    2008-04-02 21:31:02 0 d--h----- C:\Program Files\WindowsUpdate
    2008-04-02 21:15:30 0 d-------- C:\Program Files\Movie Maker
    2008-04-02 21:12:06 0 d-------- C:\Program Files\Windows NT
    2008-04-02 18:38:49 0 d-------- C:\Program Files\Intel
    2008-04-02 17:30:22 0 d-------- C:\Program Files\ASUS
    2008-04-02 17:30:09 0 d-------- C:\Program Files\Common Files\InstallShield
    2008-04-02 17:27:44 0 --a------ C:\WINDOWS\nsreg.dat
    2008-04-02 17:27:42 0 d-------- C:\Documents and Settings\Slackerr\Application Data\Mozilla
    2008-04-02 17:26:35 0 d-------- C:\Program Files\Marvell
    2008-04-02 17:26:23 0 d-------- C:\Program Files\Attansic
    2008-04-02 03:21:53 0 d-------- C:\Program Files\Common Files\ODBC
    2008-04-02 03:21:50 0 d-------- C:\Program Files\Common Files\SpeechEngines
    2008-04-02 03:21:33 62 --ahs---- C:\Documents and Settings\Slackerr\Application Data\desktop.ini
    2008-04-02 03:06:25 0 d-------- C:\Documents and Settings\Slackerr\Application Data\Identities
    2008-04-02 03:02:59 0 d-------- C:\Program Files\microsoft frontpage
    2008-04-02 03:02:43 0 -rahs---- C:\MSDOS.SYS
    2008-04-02 03:02:43 0 -rahs---- C:\IO.SYS
    2008-04-02 03:02:43 0 --a------ C:\CONFIG.SYS
    2008-04-02 03:02:43 0 --a------ C:\AUTOEXEC.BAT
    2008-04-02 03:00:55 0 d-------- C:\Program Files\Common Files\MSSoap
    2008-04-02 03:00:36 21748 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2008-04-02 03:00:17 0 d-------- C:\Program Files\Online Services
    2008-04-02 03:00:04 0 d-------- C:\Program Files\MSN Gaming Zone


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
    02-04-2008 23:12 1470488 --a------ C:\Program Files\LimewirePlus\tbLim1.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= C:\Program Files\LimewirePlus\tbLim1.dll [02-04-2008 23:12 1470488]

    [-HKEY_CLASSES_ROOT\CLSID\{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [28-06-2007 18:43]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [28-06-2007 18:43]
    "Alcmtr"="ALCMTR.EXE" [03-05-2005 12:43 C:\WINDOWS\Alcmtr.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28-03-2008 23:37]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30-03-2008 10:36]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09-01-2007 23:59]
    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [14-01-2007 01:11]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29-01-2008 17:38]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe" [11-07-2002 15:20]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 11:34]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 01:03]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21-1-2000 10:15:56]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    *Newly Created Service* - COMHOST



    -- End of Deckard's System Scanner: finished at 2008-05-25 11:52:53 ------------

    Die scan heb ik ook even gedaan

    Comment


    • #3
      Hallo slacker,

      Open een kladblokbestand.
      Kopieer onderstaande code in dit kladblokbestand.
      Ga naar Bestand - Opslaan als.
      Bij "Opslaan in" kies je: Bureaublad
      Bij "Bestandsnaam" zet je: fix.bat
      Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
      Klik op de knop Opslaan.
      Code:
      SC STOP AFinding
      SC DELETE AFinding
      SC STOP perfmons
      SC DELETE perfmons
      SC STOP Routing
      SC DELETE Routing
      SC STOP WServing
      SC DELETE WServing
      Dubbelklik op fix.bat.

      Herstart de computer.
      Maak een nieuwe hijackthislog en post deze

      Comment


      • #4
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 18:20:25, on 26-5-2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
        C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\afinding.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
        C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\system32\perfs.exe
        C:\WINDOWS\system32\PnkBstrA.exe
        C:\WINDOWS\system32\PnkBstrB.exe
        C:\WINDOWS\system32\routing.exe
        C:\WINDOWS\system32\wserving.exe
        C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
        C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
        C:\WINDOWS\system32\WgaTray.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
        C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\Program Files\Windows Live\Messenger\usnsvc.exe
        C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\iTunes\iTunes.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
        C:\WINDOWS\system32\calc.exe
        C:\WINDOWS\system32\calc.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
        O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
        O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
        O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
        O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
        O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe
        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
        O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
        O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
        O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
        O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
        O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
        O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
        O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
        O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
        O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
        O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
        O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
        O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe

        --
        End of file - 9235 bytes

        aub

        Comment


        • #5
          Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
          Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
          Als het tooltje klaar is, opent er een logfile (combofix.txt).
          Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

          Comment


          • #6
            ComboFix 08-05-25.5 - Slackerr 2008-05-26 21:14:08.2 - NTFSx86
            Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1308 [GMT 2:00]
            Gestart vanuit: C:\Documents and Settings\Slackerr\Bureaublad\ComboFix.exe

            WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
            .

            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            ---- Previous Run -------
            .
            C:\WINDOWS\system32\afinding.exe
            C:\WINDOWS\system32\andt.sys
            C:\WINDOWS\system32\comsa32.sys
            C:\WINDOWS\system32\drivers\RtlUpd.exe
            C:\WINDOWS\system32\drivers\SkyTel.exe
            C:\WINDOWS\system32\drmgs.sys
            C:\WINDOWS\system32\Indt2.sys
            C:\WINDOWS\system32\routing.exe
            C:\WINDOWS\system32\tmp0_366878478172.bk
            C:\WINDOWS\system32\WServing.exe

            .
            ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            -------\Legacy_AFINDING
            -------\Legacy_PERFMONS
            -------\Legacy_ROUTING
            -------\Legacy_WSERVING
            -------\Service_AFinding
            -------\Service_perfmons
            -------\Service_Routing
            -------\Service_WServing


            (((((((((((((((((((( Bestanden Gemaakt van 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))
            .

            2008-05-25 11:49 . 2008-05-25 11:49 <DIR> d-------- C:\Deckard
            2008-05-24 00:05 . 2008-05-24 00:07 <DIR> d-------- C:\Program Files\RegCleaner
            2008-05-21 11:35 . 2008-05-21 11:35 <DIR> d-------- C:\Program Files\Trend Micro
            2008-05-11 22:35 . 2008-05-11 22:35 <DIR> d-------- C:\Program Files\Lavasoft
            2008-05-11 22:35 . 2008-05-11 22:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
            2008-05-11 22:31 . 2008-05-11 22:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
            2008-05-01 16:54 . 2008-05-01 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
            2008-04-27 22:14 . 2008-04-27 22:14 <DIR> d-------- C:\Documents and Settings\Slackerr\Application Data\vlc
            2008-04-27 22:12 . 2008-04-27 22:12 <DIR> d-------- C:\Program Files\VideoLAN
            2008-04-27 17:09 . 2008-05-13 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
            2008-04-27 13:10 . 2008-04-27 13:10 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
            2008-04-27 12:52 . 2008-05-13 20:32 <DIR> d-------- C:\Program Files\Common Files\Adobe

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2008-05-26 17:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
            2008-05-26 17:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
            2008-05-24 18:03 --------- d-----w C:\Documents and Settings\Slackerr\Application Data\LimeWirePlus
            2008-05-23 21:34 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
            2008-05-21 10:34 --------- d-----w C:\Documents and Settings\Slackerr\Application Data\uTorrent
            2008-05-20 09:30 --------- d-----w C:\Program Files\Windows Live Safety Center
            2008-05-15 13:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
            2008-05-07 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
            2008-04-14 20:31 --------- d-----w C:\Documents and Settings\Slackerr\Application Data\Apple Computer
            2008-04-09 15:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
            2008-04-08 20:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
            2008-04-08 17:54 --------- d-----w C:\Program Files\Hewlett-Packard
            2008-04-08 17:53 --------- d-----w C:\Program Files\hp deskjet 5550 series
            2008-04-07 21:49 22,328 ----a-w C:\Documents and Settings\Slackerr\Application Data\PnkBstrK.sys
            2008-04-07 21:24 --------- d-----w C:\Program Files\Activision
            2008-04-04 15:59 --------- d-----w C:\Program Files\Norton Internet Security
            2008-04-04 15:54 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
            2008-04-04 15:54 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
            2008-04-04 15:54 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
            2008-04-04 15:54 --------- d-----w C:\Program Files\Symantec
            2008-04-04 15:08 --------- d-----w C:\Program Files\Windows Live
            2008-04-04 15:06 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
            2008-04-02 22:34 --------- d-----w C:\Program Files\MSBuild
            2008-04-02 22:34 --------- d-----w C:\Program Files\Microsoft Works
            2008-04-02 21:31 --------- d-----w C:\Program Files\uTorrent
            2008-04-02 21:29 --------- d-----w C:\Documents and Settings\Slackerr\Application Data\Microsoft Web Folders
            2008-04-02 21:12 --------- d-----w C:\Program Files\LimewirePlus
            2008-04-02 20:05 --------- d-----w C:\Program Files\LimeWire Plus
            2008-04-02 20:04 --------- d-----w C:\Program Files\Java
            2008-04-02 20:03 --------- d-----w C:\Program Files\Common Files\Java
            2008-04-02 19:51 --------- d-----w C:\Program Files\QuickTime
            2008-04-02 19:51 --------- d-----w C:\Program Files\iTunes
            2008-04-02 19:51 --------- d-----w C:\Program Files\iPod
            2008-04-02 19:51 --------- d-----w C:\Program Files\Bonjour
            2008-04-02 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
            2008-04-02 19:50 --------- d-----w C:\Program Files\Apple Software Update
            2008-04-02 19:49 --------- d-----w C:\Program Files\Common Files\Apple
            2008-04-02 19:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
            2008-04-02 19:40 315,392 ----a-w C:\WINDOWS\HideWin.exe
            2008-04-02 19:40 --------- d-----w C:\Program Files\Realtek
            2008-04-02 16:38 --------- d-----w C:\Program Files\Intel
            2008-04-02 15:30 --------- d-----w C:\Program Files\Common Files\InstallShield
            2008-04-02 15:30 --------- d-----w C:\Program Files\ASUS
            2008-04-02 15:26 --------- d-----w C:\Program Files\Marvell
            2008-04-02 15:26 --------- d-----w C:\Program Files\Attansic
            2008-04-02 01:02 --------- d-----w C:\Program Files\microsoft frontpage
            2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
            .

            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
            2008-04-02 23:12 1470488 --a------ C:\Program Files\LimewirePlus\tbLim1.dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
            "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= "C:\Program Files\LimewirePlus\tbLim1.dll" [2008-04-02 23:12 1470488]

            [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

            [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
            "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= C:\Program Files\LimewirePlus\tbLim1.dll [2008-04-02 23:12 1470488]

            [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-06-28 18:43 8466432]
            "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-06-28 18:43 81920]
            "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
            "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
            "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
            "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 01:11 771704]
            "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
            "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 15:20 188416]
            "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
            Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:56 65588]

            [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
            "DisableMonitoring"=dword:00000001

            [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
            "DisableMonitoring"=dword:00000001

            [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
            "DisableMonitoring"=dword:00000001

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
            "EnableFirewall"= 0 (0x0)

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
            "%windir%\\system32\\sessmgr.exe"=
            "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
            "C:\\Program Files\\LimeWire Plus\\LimeWire.exe"=
            "C:\\Program Files\\uTorrent\\uTorrent.exe"=
            "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
            "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
            "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
            "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
            "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
            "C:\\Program Files\\iTunes\\iTunes.exe"=
            "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
            "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
            "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

            R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-05-25 05:35]
            R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe [2007-04-21 00:40]
            R2 MRUWebService;MRU Web Service;"C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe" -k runservice
            R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 08:12]

            *Newly Created Service* - COMHOST
            .
            Inhoud van de 'Gedeelde Taken' map
            "2008-05-23 21:52:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
            - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
            "2008-05-26 19:11:44 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Slackerr.job"
            - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
            .
            **************************************************************************

            catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-05-26 21:20:27
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            ------------------------ Other Running Processes ------------------------
            .
            C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
            C:\Program Files\Bonjour\mDNSResponder.exe
            C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            C:\WINDOWS\system32\nvsvc32.exe
            C:\WINDOWS\system32\PnkBstrA.exe
            C:\WINDOWS\system32\PnkBstrB.exe
            C:\WINDOWS\system32\rundll32.exe
            C:\WINDOWS\system32\WgaTray.exe
            C:\Program Files\iPod\bin\iPodService.exe
            C:\Program Files\Windows Live\Messenger\usnsvc.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
            .
            **************************************************************************
            .
            Voltooingstijd: 2008-05-26 21:28:23 - machine was rebooted [Slackerr]
            ComboFix-quarantined-files.txt 2008-05-26 19:28:15

            Pre-Run: 63,092,256,768 bytes beschikbaar
            Post-Run: 63,112,105,984 bytes beschikbaar

            198 --- E O F --- 2008-05-17 14:40:37


            en hijack

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 21:29:31, on 26-5-2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
            C:\Program Files\Bonjour\mDNSResponder.exe
            C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
            C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
            C:\WINDOWS\System32\nvsvc32.exe
            C:\WINDOWS\system32\PnkBstrA.exe
            C:\WINDOWS\system32\PnkBstrB.exe
            C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
            C:\WINDOWS\system32\RUNDLL32.EXE
            C:\Program Files\iTunes\iTunesHelper.exe
            C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
            C:\Program Files\Common Files\Symantec Shared\ccApp.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\WgaTray.exe
            C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
            C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\iPod\bin\iPodService.exe
            C:\Program Files\Windows Live\Messenger\usnsvc.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
            C:\WINDOWS\explorer.exe
            C:\WINDOWS\system32\notepad.exe
            C:\Program Files\Mozilla Firefox\firefox.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
            O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
            O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
            O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
            O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
            O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
            O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
            O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
            O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
            O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
            O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
            O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
            O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
            O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
            O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
            O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
            O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
            O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
            O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
            O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
            O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

            --
            End of file - 8616 bytes

            Comment


            • #7
              Dat is beter.
              Hoe draait de computer nu?

              Comment


              • #8
                Hij doet het nu goed ja, geen vage systeemgeluidjes en ik hoor ook niet om de 5 minuten een *beep* thanks!

                Comment


                • #9
                  Graag gedaan.

                  Doe dit nog: Ga naar Start - Uitvoeren en tik in: ComboFix /u
                  Druk op Enter.

                  Om eventuele restjes op te sporen en op te ruimen:
                  Ga naar Kaspersky Online Scanner en klik onderaan op Accept.
                  Deze scanner werkt uitsluitend met Internet Explorer 6 en hoger !!
                  Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. Sta dit toe.
                  • Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op Next.
                  • Klik vervolgens op de toets Scan Settings.
                    Onder de tekst Scan using the following antivirus database: kies je de tweede mogelijkheid: extended - protect your .....
                    Onder de tekst Scan options: zet je de twee vinkjes: Scan Archives .... en Scan Mail Bases ....
                  • Klik dan op de toets OK.
                  • Start nu het scannen door op de tekst My Computer te klikken.


                    Hou er rekening mee dat deze scan een tijdje in beslag neemt.
                  • Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan.
                    Klik op de toets Save Report As te klikken. Sla het rapport op je Bureaublad op met als naam kavscan.txt

                  Post dit rapport in je volgende bericht.

                  Comment


                  • #10
                    -------------------------------------------------------------------------------
                    KASPERSKY ONLINE SCANNER REPORT
                    Tuesday, May 27, 2008 4:16:46 PM
                    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
                    Kaspersky Online Scanner version: 5.0.98.0
                    Kaspersky Anti-Virus database last update: 27/05/2008
                    Kaspersky Anti-Virus database records: 801429
                    -------------------------------------------------------------------------------

                    Scan Settings:
                    Scan using the following antivirus database: extended
                    Scan Archives: true
                    Scan Mail Bases: true

                    Scan Target - My Computer:
                    A:\
                    C:\
                    D:\

                    Scan Statistics:
                    Total number of scanned objects: 77196
                    Number of viruses found: 2
                    Number of infected objects: 6
                    Number of suspicious objects: 0
                    Duration of the scan process: 01:30:17

                    Infected Object Name / Virus Name / Last Action
                    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-05-27_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\B02B060B.TMP Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
                    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
                    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
                    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
                    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
                    C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
                    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
                    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
                    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
                    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
                    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
                    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
                    C:\Documents and Settings\NetworkService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
                    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
                    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
                    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
                    C:\Documents and Settings\Slackerr\Application Data\Mozilla\Firefox\Profiles\m4iiq5c1.default\cert8.db Object is locked skipped
                    C:\Documents and Settings\Slackerr\Application Data\Mozilla\Firefox\Profiles\m4iiq5c1.default\formhistory.dat Object is locked skipped
                    C:\Documents and Settings\Slackerr\Application Data\Mozilla\Firefox\Profiles\m4iiq5c1.default\history.dat Object is locked skipped
                    C:\Documents and Settings\Slackerr\Application Data\Mozilla\Firefox\Profiles\m4iiq5c1.default\key3.db Object is locked skipped
                    C:\Documents and Settings\Slackerr\Application Data\Mozilla\Firefox\Profiles\m4iiq5c1.default\parent.lock Object is locked skipped
                    C:\Documents and Settings\Slackerr\Application Data\Mozilla\Firefox\Profiles\m4iiq5c1.default\search.sqlite Object is locked skipped
                    C:\Documents and Settings\Slackerr\Application Data\Mozilla\Firefox\Profiles\m4iiq5c1.default\urlclassifier2.sqlite Object is locked skipped
                    C:\Documents and Settings\Slackerr\Cookies\index.dat Object is locked skipped
                    C:\Documents and Settings\Slackerr\LimeWire Saved\tekno body bee & gee.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
                    C:\Documents and Settings\Slackerr\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_EE58_27B1_5827_778B\dfsr. db Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_EE58_27B1_5827_778B\fsr.l og Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_EE58_27B1_5827_778B\fsrtm p.log Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_EE58_27B1_5827_778B\tmp.e db Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\Application Data\Mozilla\Firefox\Profiles\m4iiq5c1.default\Cache\_CACHE_001_ Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\Application Data\Mozilla\Firefox\Profiles\m4iiq5c1.default\Cache\_CACHE_002_ Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\Application Data\Mozilla\Firefox\Profiles\m4iiq5c1.default\Cache\_CACHE_003_ Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\Application Data\Mozilla\Firefox\Profiles\m4iiq5c1.default\Cache\_CACHE_MAP_ Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\Geschiedenis\History.IE5\MSHist012008052720080528\index.dat Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\temp\fla5.tmp Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\temp\~DF3B4B.tmp Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\temp\~DF3B86.tmp Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\temp\~DF8383.tmp Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\temp\~DFE8E3.tmp Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\temp\~DFE8FC.tmp Object is locked skipped
                    C:\Documents and Settings\Slackerr\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
                    C:\Documents and Settings\Slackerr\Mijn documenten\kf141.zip/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
                    C:\Documents and Settings\Slackerr\Mijn documenten\kf141.zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
                    C:\Documents and Settings\Slackerr\Mijn documenten\kf141.zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
                    C:\Documents and Settings\Slackerr\Mijn documenten\kf141.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
                    C:\Documents and Settings\Slackerr\Mijn documenten\kf141.zip ZIP: infected - 4 skipped
                    C:\Documents and Settings\Slackerr\NTUSER.DAT Object is locked skipped
                    C:\Documents and Settings\Slackerr\ntuser.dat.LOG Object is locked skipped
                    C:\Documents and Settings\Slackerr\UserData\index.dat Object is locked skipped
                    C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
                    C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
                    C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
                    C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
                    C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
                    C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
                    C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
                    C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
                    C:\Program Files\Marvell\61xx\Apache2\logs\access.log Object is locked skipped
                    C:\Program Files\Marvell\61xx\Apache2\logs\error.log Object is locked skipped
                    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
                    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
                    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
                    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
                    C:\System Volume Information\_restore{FEB0D622-A74D-4806-8B16-B0C5C6381FA0}\RP97\change.log Object is locked skipped
                    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
                    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
                    C:\WINDOWS\SoftwareDistribution\EventCache\{9B04BE08-DAB4-46FE-9BAD-4378F8639A2A}.bin Object is locked skipped
                    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
                    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
                    C:\WINDOWS\system32\config\default Object is locked skipped
                    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
                    C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
                    C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
                    C:\WINDOWS\system32\config\SAM Object is locked skipped
                    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
                    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
                    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
                    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
                    C:\WINDOWS\system32\config\software Object is locked skipped
                    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
                    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
                    C:\WINDOWS\system32\config\system Object is locked skipped
                    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
                    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
                    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
                    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
                    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
                    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
                    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
                    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
                    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

                    Scan process completed.

                    Comment


                    • #11
                      Doe dit nog:
                      Open een kladblokbestand.
                      Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                      @ECHO OFF
                      IF EXIST log.txt DEL log.txt
                      ECHO Deleting files>>log.txt
                      FOR %%g in (
                      "C:\Documents and Settings\Slackerr\LimeWire Saved\tekno body bee & gee.mp3"
                      "C:\Documents and Settings\Slackerr\Mijn documenten\kf141.zip") DO (
                      IF EXIST %%g (
                      ATTRIB -r -s -h %%g
                      DEL %%g
                      IF EXIST %%g (
                      ECHO %%g not deleted>>log.txt
                      ) ELSE (
                      ECHO %%g deleted successfully>>log.txt)
                      ) ELSE (
                      ECHO %%g not found>>log.txt))
                      START NOTEPAD.EXE log.txt

                      Ga naar Bestand - Opslaan als.
                      Bij "Opslaan in" kies je: Bureaublad
                      Bij "Bestandsnaam" zet je: del.bat
                      Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                      Klik op de knop Opslaan.

                      Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                      Comment


                      • #12
                        Hoi,

                        Ik had deze 2 bestanden zelf al gezien, en dus verwijderd. ( t.a.v scan)

                        "C:\Documents and Settings\Slackerr\LimeWire Saved\tekno body bee & gee.mp3"
                        "C:\Documents and Settings\Slackerr\Mijn documenten\kf141.zip") DO (

                        Comment


                        • #13
                          Ook goed.

                          Alle computerproblemen zijn opgelost slacker?

                          Comment


                          • #14
                            Yep, helemaal goed! Dankjewel!
                            Deze kan van mijn part wel dicht ^^

                            Comment


                            • #15
                              Graag gedaan.

                              Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier en hier.

                              De status van deze thread zet ik op opgelost.
                              Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
                              Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

                              Happy surfing again.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X